diff options
Diffstat (limited to 'id')
227 files changed, 15461 insertions, 423 deletions
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs index 63fe7cb8a..7ba572a76 100644 --- a/id/server/auth/.settings/org.eclipse.jdt.core.prefs +++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,3 @@ -#Fri Nov 16 13:12:23 CET 2007
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
@@ -9,4 +8,5 @@ org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index b116cf610..ddba575d7 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -1,18 +1,145 @@ <?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-auth">
-<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
-<property name="java-output-path" value="target/classes"/>
- <property name="context-root" value="moa-id-auth"/>
-</wb-module>
-</project-modules>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-auth">
+ <property name="context-root" value="moa-id-auth"/>
+ <wb-resource deploy-path="/" source-path="src/main/webapp"/>
+ <wb-resource deploy-path="/" source-path="src/main/wsdl"/>
+ <property name="java-output-path" value="/target/classes"/>
+ <dependent-module archiveName="axis-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis/1.1/axis-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-spss-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-jaxrpc-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-saaj-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-wsdl4j-1.5.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-discovery-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="activation-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mail-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-1.2.14.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="postgresql-7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_moa-1.32.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_ixsil-1.2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_cms-4.1_MOA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-common.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxen-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="saxpath-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="joda-time-1.6.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-fileupload-1.1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-fileupload/commons-fileupload/1.1.1/commons-fileupload-1.1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-io-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.1/commons-io-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-codec-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dav4j-0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dav4j/dav4j/0.1/dav4j-0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="httpsclient-JSSE-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/httpsclient/httpsclient/JSSE-1.0/httpsclient-JSSE-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_X509TrustManager-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="regexp-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/regexp/regexp/1.3/regexp-1.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang-2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="stork-saml-engine.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="opensaml-2.5.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/opensaml/2.5.3/opensaml-2.5.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="openws-1.4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/openws/1.4.4/openws-1.4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmltooling-1.3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="bcprov-jdk15-1.46.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/bouncycastle/bcprov-jdk15/1.46/bcprov-jdk15-1.46.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="not-yet-commons-ssl-0.3.9.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmlsec-1.4.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-apis-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xml-apis/2.10.0/xml-apis-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xercesImpl-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="serializer-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/serializer/2.10.0/serializer-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-resolver-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xalan-2.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xalan/xalan/2.7.1/xalan-2.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-api-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-api/1.6.4/slf4j-api-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-collections-3.2.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="velocity-1.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/velocity/velocity/1.5/velocity-1.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="esapi-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-log4j12-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-log4j12/1.6.4/slf4j-log4j12-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/>
+ </wb-module>
+</project-modules>
\ No newline at end of file diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml index f30a1de6e..a801c94a0 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
+ <fixed facet="jst.java"/>
+ <fixed facet="jst.web"/>
+ <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+</faceted-project>
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index ef75dff24..2a1d093d9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -70,6 +70,13 @@ <servlet-name>jspservlet</servlet-name> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> </servlet> + <servlet> + <servlet-name>PEPSConnectorServlet</servlet-name> + <display-name>PEPSConnectorServlet</display-name> + <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <servlet-class> + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + </servlet> <!-- servlet mapping for jsp pages --> <!-- errorpage.jsp (customizeable) --> @@ -124,8 +131,12 @@ <servlet-name>AxisServlet</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> + <servlet-mapping> + <servlet-name>PEPSConnectorServlet</servlet-name> + <url-pattern>/PEPSConnector</url-pattern> + </servlet-mapping> <session-config> - <session-timeout>30</session-timeout> + <session-timeout>5</session-timeout> </session-config> <error-page> <error-code>500</error-code> diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css index 18a0dccde..3dd974813 100644 --- a/id/server/auth/src/main/webapp/css/index.css +++ b/id/server/auth/src/main/webapp/css/index.css @@ -124,6 +124,12 @@ button { cursor: pointer;
}
+input {
+ background: #efefef;
+ border:1px solid #000;
+ cursor: pointer;
+}
+
#installJava, #BrowserNOK {
clear:both;
font-size:0.8em;
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html index 0f6e1e282..b5936679f 100644 --- a/id/server/auth/src/main/webapp/iframeHandyBKU.html +++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html @@ -8,11 +8,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
window.onload=function() {
@@ -49,7 +49,8 @@ Bitte warten...
<form name="moaidform" method="post" id="moaidform">
<input type="hidden" name="Template" id="Template">
- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+ <!-- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"> -->
+ <input type="hidden" name="bkuURI" value="https://test1.a-trust.at/https-security-layer-request/default.aspx">
<input type="hidden" name="useMandate" id="useMandate">
</form>
<hr>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html index a039005e0..7f6efb241 100644 --- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html +++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html @@ -8,16 +8,16 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&sourceID=ABC123-_ABC123";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+ var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
- var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+ var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
window.onload=function() {
document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
@@ -30,6 +30,10 @@ document.getElementById('useMandate').value = "true";
else
document.getElementById('useMandate').value = "false";
+
+ var ccc = gup("ccc");
+ if (ccc != null)
+ document.getElementById('ccc').value = ccc;
document.moaidform.submit();
return;
@@ -53,6 +57,7 @@ <input type="hidden" name="Template" id="Template">
<input type="hidden" name="bkuURI" id="bkuURI">
<input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="CCC" id="ccc">
</form>
<hr>
</body>
diff --git a/id/server/auth/src/main/webapp/img/stork-logo.png b/id/server/auth/src/main/webapp/img/stork-logo.png Binary files differnew file mode 100644 index 000000000..70355a084 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/stork-logo.png diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 533f2830a..03123c2a7 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -11,11 +11,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+ var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+ var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
window.onload=function() {
@@ -38,12 +38,12 @@ document.getElementById("useMandate").value = "true";
}
}
-
+
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
var iFrameURL = "iframeOnlineBKU.html" + "?";
- iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
var iframe = document.createElement("iframe");
iframe.setAttribute("src", iFrameURL);
@@ -55,8 +55,7 @@ parent.replaceChild(iframe, el);
}
-
-
+
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
@@ -84,6 +83,46 @@ parent.replaceChild(iframe, el);
}
+
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="block";
+
+ document.getElementById("moaidform").action = MOA_ID_STARTAUTHENTICATION;
+ document.getElementById("Template").value = URL_TO_LOKALBKU_TEMPLATE;
+
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox")
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+
+ var el = document.getElementById("bkulogin");
+ var parent = el.parentNode;
+
+ var iFrameURL = "iframeOnlineBKU.html" + "?";
+ iFrameURL += "useMandate=" + document.getElementById("useMandate").value + "&";
+ iFrameURL += "ccc=" + ccc;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "165");
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+
+ parent.replaceChild(iframe, el);
+ }
+
</script>
</head>
<body>
@@ -117,16 +156,17 @@ <!-- Block "KARTE": Anmeldung mit lokaler BKU *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false -->
- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
+ <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE</button>
</div>
- </a>
+ </a>
+
<!-- Block "KARTE+Vollmacht": Anmeldung mit lokaler BKU *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true -->
- <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
+ <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE+<br>Vollmacht</button>
</div>
@@ -136,7 +176,7 @@ <!-- Block "HANDY": Anmeldung mit Handysignatur *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false -->
- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
+ <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -145,14 +185,44 @@ <!-- Block "HANDY+Vollnacht": Anmeldung mit Handysignatur *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true -->
- <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
+ <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
</a> -->
- </noscript>
+ <!-- Block "Ausländische Identitäten bzw. STORK": Länderauswahl für Anmeldung ausländischer Identitäten über STORK oder lokale BKU(No-Script Variante) -->
+ <!-- [MUSS] Geben Sie im Feld "action" die URL zum Aufruf von MOA-ID an (inkl. Template-URL und bkuURI) -->
+ <!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request -->
+ <div id="leftcontent" style="margin-bottom:10px">
+ <h2 id="tabheader" class="dunkel">
+ Home Country Selection
+ </h2>
+ </div>
+ <div id="stork" class="hell" align="center">
+ <p>
+ <form name="storkForm" method="POST" action="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
+ <select name="CCC" size="1" style="width:120px">
+ <option value="BE">België/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">España</option>
+ <option value="IS">Ãsland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select>
+ <input type="submit" name="storkButton" value="Send" alt="Send" class="button"/>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </form>
+ </p>
+ </div>
+
+ </noscript>
<script>
<!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkukarte\" class=\"hell\">");
@@ -170,6 +240,33 @@ document.write("<label>in Vertretung anmelden</label>");
document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
document.write("</div> ");
+
+ <!-- [OPTIONAL] Um die Anmeldung von ausländischen Identitäten auszublenden, kommentieren Sie folgende Zeilen aus -->
+ document.write("<div id=\"leftcontent\" style=\"margin-bottom:10px\">");
+ document.write("<h2 id=\"tabheader\" class=\"dunkel\">");
+ document.write("Home Country Selection");
+ document.write("</h2>");
+ document.write("</div>");
+ document.write("<div id=\"stork\" class=\"hell\" align=\"center\">");
+ document.write("<p>");
+ document.write("<select name=\"cccSelection\" id=\"cccSelection\" size=\"1\" style=\"width: 120px; margin-right: 5px;\" >");
+ document.write("<option value=\"BE\">België/Belgique</option>");
+ document.write("<option value=\"EE\">Eesti</option>");
+ document.write("<option value=\"ES\">España</option>");
+ document.write("<option value=\"IS\">Ãsland</option>");
+ document.write("<option value=\"IT\">Italia</option>");
+ document.write("<option value=\"LI\">Liechtenstein</option>");
+ document.write("<option value=\"LT\">Lithuania</option>");
+ document.write("<option value=\"PT\">Portugal</option>");
+ document.write("<option value=\"SI\">Slovenija</option>");
+ document.write("<option value=\"FI\">Suomi</option>");
+ document.write("<option value=\"SE\">Sverige</option>");
+ document.write("</select>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"storkClicked();\">Send</button>");
+ document.write(" <a href=\"info_stork.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
+ document.write("</p>");
+ document.write("</div>");
+
</script>
</div>
@@ -182,7 +279,8 @@ <input type="hidden" name="show" value="false">
<input type="hidden" name="Template" id="Template">
<input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
- <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="CCC" id="ccc">
<input type="submit" size="400" value="Lokale BKU" class="sendButton">
</form>
<p>
diff --git a/id/server/auth/src/main/webapp/info_stork.html b/id/server/auth/src/main/webapp/info_stork.html new file mode 100644 index 000000000..3bd88300c --- /dev/null +++ b/id/server/auth/src/main/webapp/info_stork.html @@ -0,0 +1,44 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+ <head>
+ <title>Information (STORK)</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <link rel="stylesheet" type="text/css" href="css/index.css">
+ </head>
+ <body>
+ <div id="wrapper">
+ <p id="skiplinks">
+ <a href="#content">Go to contents</a>
+ </p>
+ <div id="banner">
+ <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
+ <div id="bannerleft">
+ <h1>Information using STORK for secure authentication</h1>
+ <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
+ <noscript>
+ <p>
+ Please activate JavaScript.
+ </p>
+ </noscript>
+ </div>
+ <!-- [OPTIONAL] Aendern Sie hier das Logo der Seite (und Alternativtext fuer das Bild) -->
+ <div id="bannerright">
+ <img src="img/stork-logo.png" alt="STORK-Logo">
+ </div>
+ </div>
+ <div id="main">
+ <div id="centercontent">
+ <h2 id="contentheader" class="dunkel">
+ Information using STORK for secure authentication
+ </h2>
+ <div id="content" class="hell">
+
+ <p>The STORK project makes it easier for citizens to access online public services across borders by implementing Europe-wide interoperable cross border platforms for the mutual recognition of national electronic identity (eID) between participating countries.</p>
+ <p>For more information, please consult the STORK website:</p><a href="https://www.eid-stork.eu/">https://www.eid-stork.eu/</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html index 0ad73a6f3..27834cd91 100644 --- a/id/server/auth/src/main/webapp/template_handyBKU.html +++ b/id/server/auth/src/main/webapp/template_handyBKU.html @@ -12,7 +12,6 @@ </head>
<body onLoad="onAnmeldeSubmit()">
<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html index f197d2c5c..64275391a 100644 --- a/id/server/auth/src/main/webapp/template_localBKU.html +++ b/id/server/auth/src/main/webapp/template_localBKU.html @@ -11,8 +11,7 @@ </script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html index 565955538..b8cd19866 100644 --- a/id/server/auth/src/main/webapp/template_onlineBKU.html +++ b/id/server/auth/src/main/webapp/template_onlineBKU.html @@ -11,8 +11,7 @@ </script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
<input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 6525642f1..109a59d6b 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -40,6 +40,39 @@ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> </ConnectionParameter> + <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen --> + <STORK> + <!-- Produktive C-PEPS --> + <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + <!-- Test C-PEPS --> + <!-- + <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + --> + <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) --> + <SAMLSigningParameter> + <SignatureCreationParameter> + <KeyStore password="Keystore Pass">file_to_keystore</KeyStore> + <KeyName password="Keystore Name">signing_key_name</KeyName> + </SignatureCreationParameter> + <SignatureVerificationParameter> + <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll --> + <!-- Profil für die Produktiven C-PEPS --> + <TrustProfileID>C-PEPS</TrustProfileID> + <!-- Profil für die Test C-PEPS --> + <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> --> + </SignatureVerificationParameter> + </SAMLSigningParameter> + </STORK> </ForeignIdentities> <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service --> <!-- <OnlineMandates> --> @@ -69,6 +102,35 @@ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> + + <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können --> + <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth --> + <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default --> + <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet --> + <!-- + <STORK> + <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel> + <storkp:RequestedAttributes> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <stork:AttributeValue>1</stork:AttributeValue> + </stork:RequestedAttribute> + </storkp:RequestedAttributes> + </STORK> + --> </AuthComponent> </OnlineApplication> <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 27bf6681c..f292a7c64 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -41,6 +41,39 @@ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> </ConnectionParameter> + <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen --> + <STORK> + <!-- Produktive C-PEPS --> + <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + <!-- Test C-PEPS --> + <!-- + <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + --> + <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) --> + <SAMLSigningParameter> + <SignatureCreationParameter> + <KeyStore password="Keystore Pass">file_to_keystore</KeyStore> + <KeyName password="Key Pass">signing_key_name</KeyName> + </SignatureCreationParameter> + <SignatureVerificationParameter> + <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll --> + <!-- Profil für die Produktiven C-PEPS --> + <TrustProfileID>C-PEPS</TrustProfileID> + <!-- Profil für die Test C-PEPS --> + <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> --> + </SignatureVerificationParameter> + </SAMLSigningParameter> + </STORK> </ForeignIdentities> <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service --> <!-- <OnlineMandates> --> @@ -80,6 +113,35 @@ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> + + <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können --> + <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth --> + <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default --> + <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet --> + <!-- + <STORK> + <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel> + <storkp:RequestedAttributes> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <stork:AttributeValue>1</stork:AttributeValue> + </stork:RequestedAttribute> + </storkp:RequestedAttributes> + </STORK> + --> </AuthComponent> <!-- fuer MOA-ID-PROXY --> <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index eefc7cf6a..b4735db0d 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -42,6 +42,39 @@ <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> </ConnectionParameter> + <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen --> + <STORK> + <!-- Produktive C-PEPS --> + <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + <!-- Test C-PEPS --> + <!-- + <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + --> + <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) --> + <SAMLSigningParameter> + <SignatureCreationParameter> + <KeyStore password="Keystore Pass">file_to_keystore</KeyStore> + <KeyName password="Key Pass">signing_key_name</KeyName> + </SignatureCreationParameter> + <SignatureVerificationParameter> + <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll --> + <!-- Profil für die Produktiven C-PEPS --> + <TrustProfileID>C-PEPS</TrustProfileID> + <!-- Profil für die Test C-PEPS --> + <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> --> + </SignatureVerificationParameter> + </SAMLSigningParameter> + </STORK> </ForeignIdentities> <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service --> <!-- <OnlineMandates> --> @@ -71,6 +104,35 @@ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!--</Mandates> --> + + <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können --> + <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth --> + <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default --> + <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet --> + <!-- + <STORK> + <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel> + <storkp:RequestedAttributes> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <stork:AttributeValue>1</stork:AttributeValue> + </stork:RequestedAttribute> + </storkp:RequestedAttributes> + </STORK> + --> </AuthComponent> </OnlineApplication> <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index f9e296c62..9c5223de5 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -42,6 +42,39 @@ <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> </ConnectionParameter> + <!-- Verwendung von STORK für die Authentifizierung von ausländischen Personen --> + <STORK> + <!-- Produktive C-PEPS --> + <C-PEPS countryCode="ES" URL="https://spanishpeps.mpr.es/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + <!-- Test C-PEPS --> + <!-- + <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> + <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + </C-PEPS> + --> + <!-- Geben Sie hier den Schlüssel zum Signieren der STORK Authentifizierungsnachrichten an (Schlüssel vorerst auf Anfrage beim EGIZ erhältlich) --> + <SAMLSigningParameter> + <SignatureCreationParameter> + <KeyStore password="Keystore Pass">file_to_keystore</KeyStore> + <KeyName password="Key Pass">signing_key_name</KeyName> + </SignatureCreationParameter> + <SignatureVerificationParameter> + <!-- Geben Sie hier das MOA-ID TrustProfil an, welches zur Signatur-Verifizierung von STORK Nachrichten verwendet werden soll --> + <!-- Profil für die Produktiven C-PEPS --> + <TrustProfileID>C-PEPS</TrustProfileID> + <!-- Profil für die Test C-PEPS --> + <!-- <TrustProfileID>C-PEPS-Test</TrustProfileID> --> + </SignatureVerificationParameter> + </SAMLSigningParameter> + </STORK> </ForeignIdentities> <!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service --> <!-- <OnlineMandates> --> @@ -81,6 +114,35 @@ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> + + <!-- STORK Konfiguration für zusätzliche Attribute, die bei einer STORK Anmeldung angefragt werden können --> + <!-- Defaultmäßig werden die folgenden Attribute abgefragt: eIdentifier, givenName, surname, dateOfBirth --> + <!-- Löschen Sie die jeweils nicht benötigten Attribute oder den gesamten <STORK>-Eintrag für den default --> + <!-- QualityAuthenticationAssuranceLevel dient nur zu Testzwecken, defaultmäßig wird QAA 4 verwendet --> + <!-- + <STORK> + <stork:QualityAuthenticationAssuranceLevel>4</stork:QualityAuthenticationAssuranceLevel> + <storkp:RequestedAttributes> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/gender" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/nationalityCode" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/maritalStatus" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/textResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/title" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/residencePermit" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/pseudonym" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/citizenQAALevel" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <stork:AttributeValue>1</stork:AttributeValue> + </stork:RequestedAttribute> + </storkp:RequestedAttributes> + </STORK> + --> </AuthComponent> <!-- fuer MOA-ID-PROXY --> <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml index f639af1b6..bf6a7b489 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID ohne Proxy --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -29,19 +29,7 @@ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID> <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>--> </VerifyAuthBlock> - </MOA-SP> - <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen --> - <ForeignIdentities> - <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) --> - <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation"> - <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) --> - <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">--> - <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an --> - <!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. --> - <!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ForeignIdentities> + </MOA-SP> </AuthComponent> <!-- Eintragung fuer jede Online-Applikation --> <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> @@ -52,7 +40,7 @@ <IdentificationNumber> <!-- Beispiel Firmenbuchnummer --> <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> + </IdentificationNumber> </AuthComponent> </OnlineApplication> <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml index a63eb8db9..f54f3df3e 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -29,19 +29,7 @@ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID> <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>--> </VerifyAuthBlock> - </MOA-SP> - <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen --> - <ForeignIdentities> - <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) --> - <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation"> - <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) --> - <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">--> - <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an --> - <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat --> - <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ForeignIdentities> + </MOA-SP> </AuthComponent> <!-- Konfiguration fuer MOA-ID-PROXY --> <ProxyComponent> @@ -62,7 +50,7 @@ <IdentificationNumber> <!-- Beispiel Firmenbuchnummer --> <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> + </IdentificationNumber> </AuthComponent> <!-- fuer MOA-ID-PROXY --> <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml index 6d7e1d0d1..1472571fc 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID ohne Proxy --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -30,19 +30,7 @@ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID> <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>--> </VerifyAuthBlock> - </MOA-SP> - <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen --> - <ForeignIdentities> - <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) --> - <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation"> - <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) --> - <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">--> - <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an --> - <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat --> - <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ForeignIdentities> + </MOA-SP> </AuthComponent> <!-- Eintragung fuer jede Online-Applikation --> <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> @@ -53,7 +41,7 @@ <IdentificationNumber> <!-- Beispiel Firmenbuchnummer --> <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> + </IdentificationNumber> </AuthComponent> </OnlineApplication> <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml index 6ce0f5d51..ea8260a91 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID --> -<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"> <!-- Konfiguration fuer MOA-ID-AUTH --> <AuthComponent> <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> @@ -30,19 +30,7 @@ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID> <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>--> </VerifyAuthBlock> - </MOA-SP> - <!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen --> - <ForeignIdentities> - <!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) --> - <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation"> - <!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) --> - <!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">--> - <!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an --> - <!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat --> - <!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ForeignIdentities> + </MOA-SP> </AuthComponent> <!-- Konfiguration fuer MOA-ID-PROXY --> <ProxyComponent> @@ -63,7 +51,7 @@ <IdentificationNumber> <!-- Beispiel Firmenbuchnummer --> <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> + </IdentificationNumber> </AuthComponent> <!-- fuer MOA-ID-PROXY --> <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index 0f31f4891..5f44f06bc 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -8,6 +8,7 @@ log4j.logger.moa.spss.server=info log4j.logger.iaik.server=info log4j.logger.moa.id.auth=info log4j.logger.moa.id.proxy=info +log4j.logger.eu.stork=info # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index dbf7cab1c..1352154c5 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -39,6 +39,14 @@ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>C-PEPS-Test</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>C-PEPS</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> </cfg:PathValidation> <cfg:RevocationChecking> <cfg:EnableChecking>true</cfg:EnableChecking> diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer new file mode 100644 index 000000000..10c4987ef --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer @@ -0,0 +1,16 @@ +MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj
+YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV
+BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4
+MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE
+BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu
+OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0
+BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd
+dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ
+9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU
+RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn
+XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy
+zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I
+uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6
+ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE
+jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why
+Ht0CXp0=
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer new file mode 100644 index 000000000..925fedbc2 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer new file mode 100644 index 000000000..7b625ea9f --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE-----
+MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN
+b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh
+dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u
+XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg
+oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8
+jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG
+CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE
+gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs
+dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8
+CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1
+AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0
+AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB
+AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v
+Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv
+bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp
+ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0
+MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw
+MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM
+J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G
+CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22
+QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB
+hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0
+03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv
+eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR
+EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer new file mode 100644 index 000000000..25fd95a59 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE-----
+MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt
+Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC
+c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU
+LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF
+UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz
+FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ
+AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE
+toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL
+N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4
+o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P
+AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx
+MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ
+aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME
+DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2
+BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh
+dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS
+TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z
+dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
+P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt
+Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW
+BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM
+MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW
+LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00
+Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb
+vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54
+AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe
+4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer new file mode 100644 index 000000000..541d231c4 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE-----
+MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
+AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0
+YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw
+NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV
+BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD
+VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD
+R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl
+k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5
+uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n
+/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW
+iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC
+AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+
+FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV
+HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ
+YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p
+bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx
+MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h
+IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G
+CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP
+MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC
+ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA
+bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA
+ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA
+dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA
+dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA
+ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA
+bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA
+NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA
+dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo
+dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu
+oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv
+BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw
+OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw
+CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e
+fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq
+LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg
+V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0
+ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z
+rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer new file mode 100644 index 000000000..925fedbc2 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
+AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
+MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
+c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
+ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
+MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
+VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
+z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
+OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
+WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
+zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
+/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
+WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
+VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
+M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
+QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer new file mode 100644 index 000000000..085416b7b --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE-----
+MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
+dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
+MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC
+UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
+QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh
+cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP
+V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk
+YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp
+CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn
+v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u
+PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC
+A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0
+aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB
+BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh
+LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA
+dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA
+cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww
+EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw
+Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh
+cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V
+TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX
+oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW
+BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY
+MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV
+rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV
+RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN
+WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd
+4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou
+TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5
+TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M
+vz83eaDr
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer new file mode 100644 index 000000000..9c8e73b1c --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j
+YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz
+aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy
+dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB
+TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j
+vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c
+xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5
+aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri
+ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T
+u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/
+BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw
+MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw
+Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow
+CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm
+MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0
+aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG
+hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1
+dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6
+Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw
+FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7
+lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ
+KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW
+Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc
+Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP
+4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun
+YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj
+85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk=
+-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm index 8a217bfcc..c5ba8827b 100644 --- a/id/server/doc/moa_id/id-admin_2.htm +++ b/id/server/doc/moa_id/id-admin_2.htm @@ -519,6 +519,76 @@ Projekt <span style="font-size:48pt; ">moa</span>  <p><b>AuthComponent/ForeignIdentities</b> <br /> Ab Version 1.4.7 bietet MOA-ID die Möglichkeit der Nutzung von ausländischen Karten. Hierfür ist ein Stammzahlenregister-Gateway nötig, das einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein entsprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereithält (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat für die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben.<br /> </p> + <p><b>AuthComponent/ForeignIdentities/STORK</b> <br /> + <p>Ab MOA Release 1.5.2 ist es auch möglich, ausländische Bürger über <a href="http://eid-stork.eu/" target="_new">STORK</a> zu authentifizieren. Da auch für diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angeführten Ausführungen hinsichtlich <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> auch für STORK. Für eine STORK Authentifizierung sind jedoch noch weitere Konfigurationen notwendig. Folgende Einträge müssen für eine STORK Authentifizierung hier noch konfiguriert werden: + <ul> + <li>C-PEPS Informationen + <br /> + </li> + <li>KeyStore zum SAML Signatur-Zertifikat + <br /> + </li> + <li>MOA-SP TrustProfil zur SAML Signatur-Validierung + <br /> + </li> + </ul> + </p> + <p><b>AuthComponent/ForeignIdentities/STORK/C-PEPS</b> <br /> + Unter diesem Konfigurationselement können die Verbindungsparameter zu den jeweiligen C-PEPS (Citizen Country - PEPS) der europäischen Länder, die auch STORK unterstützen, angegeben werden. Für eine erfolgreiche C-PEPS Konfiguration muss der ISO-Country Code des jeweiligen Landes und die dazugehörige C-PEPS URL angegeben werden. In Ausnahmenfällen müssen bei einzelnen C-PEPS länderspezifische Attribute abgefragt werden, dies funktioniert durch zusätzliche Angabe eines <tt><stork:RequestedAttribute></tt> Elements. Die C-PEPS Konfigurationen sind in den der MOA-Release beliegenden Beispielkonfigurationen bereits vorkonfiguriert. Sollte sich an diesen Konfigurationen etwas ändern, werden diese via JoinUp (<a href="https://joinup.ec.europa.eu/software/moa-idspss/home" target="_new">MOA@JoinUp</a>) bzw. MOA-Mailingliste veröffentlicht. Im Folgenden wird eine Beispielkonfiguration kurz veranschaulicht. + <pre> +<C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> +<C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest"> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> +</C-PEPS> +</pre> + Details zur Angabe von <tt><stork:RequestedAttribute></tt> bzw. welche Attribute von STORK überhaupt unterstützt werden, wird in der Konfiguration zur Online Application angegeben (<a href="#OnlineApplication/AuthComponent/STORK">hier</a>). + + <p><b>AuthComponent/ForeignIdentities/STORK/SAMLSigningParameter</b> <br /> + Dieser Konfigurationseintrag enthält Informationen dazu, mit welchem Zertifikat ausgehende STORK SAML Nachichten signiert werden und welches MOA-SP TrustProfil zur Signaturüberprüfung von empfangenen STORK SAML Nachrichten herangezogen werden soll. + In der Konfiguration wird eine Unterscheidung zwischen Signaturerstellungs- und Signaturverifizierungsparameter getroffen: + <ul> + <li><tt><SignatureCreationParameter></tt> + <br /> + </li> + <li><tt><SignatureVerificationParameter></tt> + <br /> + </li> + </ul> + Der <tt><SignatureCreationParameter></tt> kapselt dabei Informationen, welche zum Signieren von ausgehenden STORK SAML Nachrichten benötigt werden. Im Wesentlichen sind das Informationen zu dem KeyStore, welcher das Schlüsselpaar zum Signieren ausgehender STORK SAML Nachrichten beinhaltet. Der entsprechende Konfigurationseintrag sieht wie folgt aus: +<pre> +<SignatureCreationParameter> + <KeyStore password="Keystore Pass">file_to_keystore</KeyStore> + <KeyName password="Keystore Name">signing_key_name</KeyName> +</SignatureCreationParameter> +</pre> + Die folgenden Werte sind dabei anzugeben bzw. durch echte Werte auszutauschen: + <ul> + <li><tt>file_to_keystore</tt>: Relativer Pfad zum KeyStore (Java oder PKCS#12), welcher das Schlüsselpaar zum Signieren ausgehender STORK SAML Nachrichten speichert + <br /> + </li> + <li><tt>Keystore Pass</tt>: Passwort zum angegebenen KeyStore + <br /> + </li> + <li><tt>signing_key_name</tt>: Alias Name des Schlüssels, welcher zum Signieren verwendet werden soll + <br /> + </li> + <li><tt>Key Pass</tt>: Passwort zum angegebenen Schlüssel + <br /> + </li> + </ul> + Der <tt><SignatureCreationParameter></tt> kapselt dabei Informationen, die für eine Signaturprüfung von eingehenden STORK SAML Nachrichten benötigt werden. Im Wesentlich ist das die Angabe des MOA-SP TrustProfils, welches die vertrauenswürdigen Zertifikate der europäischen C-PEPS enthält. Der entsprechende Konfigurationseintrag sieht daher wie folgt aus: +<pre> +<SignatureVerificationParameter> + <TrustProfileID>C-PEPS</TrustProfileID> +</SignatureVerificationParameter> +</pre> +Die folgenden Werte sind dabei anzugeben: + <ul> + <li><tt>TrustProfile</tt>: Dieser Eintrag gibt jenes TrustProfil von MOA-SP an, welches zur Signaturprüfung von eingehenden STORK SAML Nachrichten herangezogen werden soll. Vorkonfiguriert sind die beiden TrustProfiles <tt>C-PEPS</tt> (Produktive C-PEPS Zertifikate) und <tt>C-PEPS-Test</tt> (Test C-PEPS Zertifikate). Sollte es auch hier zu Änderungen kommen, werden diese auch via JoinUp (<a href="https://joinup.ec.europa.eu/software/moa-idspss/home" target="_new">MOA@JoinUp</a>) bzw. MOA-Mailingliste veröffentlicht. + <br /> + </li> + </ul> + <p><b><div id="AuthComponent_OnlineMandates">AuthComponent/OnlineMandates</div></b> <br /> Ab Version 1.5.0 bietet MOA-ID die Möglichkeit der Nutzung von Online-Vollmachten für Anwendungen aus dem öffentlichen Bereich. Hierfür ist ein Online-Vollmachten-Service nötig. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereithält (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat für die SSL-Verbinung zum Service angegeben werden. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben.<br /> Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben - siehe <a href="#OnlineApplication/AuthComponent/Mandates">hier</a>. @@ -923,11 +993,93 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt Mit Hilfe dieses Elements werden die Online-Vollmachten für die Online-Applikation aktiviert. Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte) Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann. - Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/> + Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/> Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a> </p> </div> + <div id="OnlineApplication/AuthComponent/STORK" /> + <p id="block"> <b>OnlineApplication/AuthComponent/STORK</b> + <br /> + Innerhalb dieses Konfigurationsblocks kann angegeben werden, welche zusätzlichen Attribute (neben eIdentifier, givenName, surname und dateOfBirth, welche defaultmäßig requested werden) im Rahmen einer STORK Anmeldung für diese Applikation vom Bürger abgefragt werden sollen. Außerdem kann zu Testzwecken das benötigte Authentifzierungslevel (STORK QAALevel) vom defaultmäßig höchstem Level von 4 für diese Applikation verringert werden. + Für ein anderes STORK QAALevel muss folgendes XML Element mit einem Wert zwischen 1 und 4 angegeben werden: <tt><stork:QualityAuthenticationAssuranceLevel></tt>. + <br /> + Die zusätzlichen Attribute werden im Element <tt><storkp:RequestedAttributes></tt> gekapselt. Ein entsprechener Konfigurationseintrag könnte folgendermaßen aussehen: +<pre> +<storkp:RequestedAttributes> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <stork:AttributeValue>1</stork:AttributeValue> + </stork:RequestedAttribute> +</storkp:RequestedAttributes> +</pre> + Bei der Inkludierung von <tt><stork:RequestedAttribute></tt> Elementen sind folgende XML Attribute anzugeben: + <ul> + <li><tt>Name</tt>: Der Name des entsprechenden STORK Attributes. + <br /> + </li> + <li><tt>isRequired</tt>: Gibt durch <tt>true</tt> oder <tt>false</tt> an, ob das angefragte Attribut für die Applikation verpflichtend oder nur optional benötigt wird. + <br /> + </li> + <li><tt>NameFormat</tt>: Gibt das Format des Attributes an und MUSS den Wert <tt>urn:oasis:names:tc:SAML:2.0:attrname-format:uri</tt> beinhalten. + <br /> + </li> + <li>Element <tt><stork:AttributeValue></tt>: Dieses Element ist optional und gibt einen Vergleichswert für ein abzufragendes Attribut an. Im Beispiel von <tt>isAgeOver</tt> wird in der Antwort retourniert, ob die authentifizierte Person älter als das geforderte angegebene Alter ist. + <br /> + </li> + </ul> + Details zu den STORK Attributen können im <a href="../MOA_ID_1.5.2_Anhang.pdf" target="_new">Anhang zur MOA-ID Spezifikation</a> bzw. in der <a href="https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1880" target="_blank">STORK Spezifikation</a> gefunden werden. + Im Wesentlichen kann die folgende Menge an Attributen bzw. Teile daraus für eine Online Applikation angefragt werden: + <ul> + <li><tt>http://www.stork.gov.eu/1.0/inheritedFamilyName</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/adoptedFamilyName</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/gender</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/countryCodeOfBirth</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/nationalityCode</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/maritalStatus</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/textResidenceAddress</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/canonicalResidenceAddress</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/eMail</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/title</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/residencePermit</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/pseudonym</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/age</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/citizenQAALevel</tt> + <br /> + </li> + <li><tt>http://www.stork.gov.eu/1.0/isAgeOver</tt> + <br /> + </li> + </p> + </ul> + </div> <div id="OnlineApplication/ProxyComponent" /> <p id="block"> <b>OnlineApplication/ProxyComponent</b> <br /> diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm index 09fb1c5b6..3284e19cc 100644 --- a/id/server/doc/moa_id/moa.htm +++ b/id/server/doc/moa_id/moa.htm @@ -230,6 +230,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge <div id="block"> <p>Ab der MOA Release 1.4.7 ist es möglich, dass sich auch ausländische Bürger mittels MOA-ID einloggen können. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausländischen Bürgers eine Eintragung im Ergänzungsregister für natürliche Personen gemäß E-Government Gesetz §6(5) vornimmt. Somit ist es möglich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p> <p>Der Zugang zu diesem Stammzahlenregister-Gateway ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p> + <p>Ab MOA Release 1.5.2 ist es auch möglich, ausländische Bürger über <a href="http://eid-stork.eu/" target="_new">STORK</a> zu authentifizieren. Da auch für diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angeführten Ausführungen auch für STORK.</p> </div> <div id="subtitel">Online-Vollmachten</div> diff --git a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs index 8bba65ebb..6d046587d 100644 --- a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs +++ b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs @@ -1,7 +1,7 @@ -#Thu Sep 20 14:35:41 CEST 2007
eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component index 87b873d7b..a5eb3d4d8 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component @@ -1,7 +1,7 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project-modules id="moduleCoreId" project-version="1.5.0"> -<wb-module deploy-name="moa-id-lib"> -<wb-resource deploy-path="/" source-path="/src/main/java"/> -<wb-resource deploy-path="/" source-path="/src/main/resources"/> -</wb-module> -</project-modules> +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-lib">
+ <wb-resource deploy-path="/" source-path="src/main/java"/>
+ <wb-resource deploy-path="/" source-path="src/main/resources"/>
+ </wb-module>
+</project-modules>
\ No newline at end of file diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml index 30c02fe23..656f15b87 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.utility"/>
- <installed facet="jst.java" version="1.4"/>
<installed facet="jst.utility" version="1.0"/>
-</faceted-project>
+ <installed facet="jst.java" version="5.0"/>
+</faceted-project>
\ No newline at end of file diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 24d9452c2..7fbde1c6a 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -131,10 +131,23 @@ <artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ </dependency>
</dependencies>
<build>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
@@ -179,7 +192,7 @@ <link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
<link>http://logging.apache.org/log4j/docs/api/</link>
</links>
- <target>1.4</target>
+ <target>1.5</target>
</configuration>
<executions>
<execution>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a58f5fce2..a57ab5262 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,8 +29,12 @@ import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.HashMap; @@ -41,18 +45,24 @@ import java.util.Map; import java.util.Set; import java.util.Vector; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.xpath.XPathAPI; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -83,6 +93,9 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -90,6 +103,9 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -98,6 +114,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -113,6 +131,15 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -543,16 +570,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { int b = xmlInfoboxReadResponse.indexOf(se); if (b != -1) { // no identity link found Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID."); + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausl�ndische eID."); return null; } - // spezifikationsgemäßer (SL1.2) Errorcode + // spezifikationsgem��er (SL1.2) Errorcode se = "ErrorCode>4002"; // b = xmlInfoboxReadResponse.contains(se); b = xmlInfoboxReadResponse.indexOf(se); if (b != -1) { // Unbekannter Infoboxbezeichner Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausl�ndische eID."); return null; } @@ -1732,7 +1759,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC); + useUTC, false); if (session.getUseMandate()) { // mandate mode @@ -2037,17 +2064,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); - try { - String serializedAssertion = DOMUtils.serializeNode(session - .getIdentityLink().getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } + // post processing of the infoboxes Iterator iter = session.getInfoboxValidatorIterator(); boolean formpending = false; @@ -2097,7 +2114,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { boolean useCondition = oaParam.getUseCondition(); int conditionLength = oaParam.getConditionLength(); AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC); + useUTC, true); String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, session.getAssertionPrPerson(), session @@ -2141,6 +2158,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { * authentication session * @param verifyXMLSigResp * VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates * @return AuthenticationData object * @throws ConfigurationException * while accessing configuration data @@ -2149,7 +2169,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC) + VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); @@ -2196,21 +2216,44 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } authData.setSignerCertificate(signerCertificateBase64); - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); + if(!isForeigner) { + //we have Austrian citizen + if (businessService) { + authData.setWBPK(identityLink.getIdentificationValue()); + } else { + authData.setBPK(identityLink.getIdentificationValue()); + + // BZ.., calculation of bPK already before sending AUTHBlock + /* + * if(identityLink.getIdentificationType().equals(Constants. + * URN_PREFIX_BASEID)) { // only compute bPK if online + * application is a public service and we have the Stammzahl + * String bpkBase64 = new BPKBuilder().buildBPK( + * identityLink.getIdentificationValue(), session.getTarget()); + * authData.setBPK(bpkBase64); } + */ + + } } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - + //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); + authData.setWBPK(wbpkBase64); + } + + } else { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); + authData.setBPK(bpkBase64); + } + + + } + } String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink .getSerializedSamlAssertion() @@ -2227,8 +2270,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAssertionBusinessService(businessService); session.setAssertionIlAssertion(ilAssertion); session.setAssertionPrPerson(prPerson); - session - .setAssertionSignerCertificateBase64(signerCertificateBase64); + session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2482,4 +2524,288 @@ public class AuthenticationServer implements MOAIDAuthConstants { return value; } + + /** + * Does the request to the SZR-GW + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } catch (GeneralSecurityException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } catch (PKIException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } + + + return response; + + } + + /** + * Starts a MOA-ID authentication process using STORK + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + String ccc, + String oaURL, + String target, + String targetFriendlyName, + String authURL, + String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + if (!oaParam.getBusinessService()) { + if (StringUtils.isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); + } else { + target = null; + } + + //create MOA session + AuthenticationSession moaSession = newSession(); + Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); + moaSession.setTarget(target); + moaSession.setTargetFriendlyName(targetFriendlyName); + moaSession.setOAURLRequested(oaURL); + moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moaSession.setAuthURL(authURL); + moaSession.setBusinessService(oaParam.getBusinessService()); + moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + if (sourceID != null) + moaSession.setSourceID(sourceID); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(ccc); + + Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName= oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + Logger.debug("QAALevel: " + qaaLevel.getValue()); + + RequestedAttributes requestedAttributes; + + requestedAttributes = oaParam.getRequestedAttributes(); + requestedAttributes.detach(); + List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); + List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + //check if country specific attributes must be additionally requested + if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { + //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("The following attributes are requested for this specific country:"); + List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); + for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { + csReqAttr.detach(); + if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) { + //this country specific attribute does not override default attribute + if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) { + //the same attribute is requested for OA, applying hierachy + //remove oa attribute + oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName())); + //add country specific attribute instead + Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead"); + } + oaReqAttributeList.add(csReqAttr); + Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired()); + } else { + Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it."); + } + + } + reqAttributeList.addAll(oaReqAttributeList); + } else { + //no country specific requested attributes + reqAttributeList.addAll(oaReqAttributeList); + } + + reqAttributeList = (List<RequestedAttribute>) SAMLUtil.releaseDOM(reqAttributeList); + requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (RequestedAttribute logReqAttr : reqAttributeList) { + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired()); + + } + } + + String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + String textToBeSigned = + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + + //generate AuthnRquest + STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( + destination, + acsURL, + providerName, + issuerValue, + qaaLevel, + requestedAttributes, + spSector, + spInstitution, + spApplication, + spCountry, + textToBeSigned, + "application/xhtml+xml"); + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + //sign AuthnRequest + String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath(); + String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword(); + String keyName = storkConfig.getSignatureCreationParameter().getKeyName(); + String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword(); + + Logger.debug("Starting signing process of STORK AuthnRequest."); + Logger.trace("Using the following Keystore and Key for that:"); + Logger.trace("KeyStore: " + keyStorePath); + Logger.trace("KeyName: " + keyName); + + try { + storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); + } catch (SAMLException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest); + } catch (SAMLValidationException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moaSession.setStorkAuthnRequest(storkAuthnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + + Logger.debug("Preparing to send STORK AuthnRequest."); + + try { + STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[] { destination }); + } + + Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination()); + Logger.debug("STORKAuthnRequest sent (pretty print): "); + Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM())); + Logger.trace("STORKAuthnRequest sent (original): "); + Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM())); + + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + CertificateFactory cf; + X509Certificate cert = null; + cf = CertificateFactory.getInstance("X.509"); + cert = (X509Certificate)cf.generateCertificate(is); + + return cert; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f3be98ef0..7d5835f20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -47,6 +47,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "CCC (Citizen Country Code)" */ + public static final String PARAM_CCC = "CCC"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index b6ba5871d..fa9789530 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -56,7 +56,7 @@ public class BPKBuilder { target.length() == 0)) { throw new BuildException("builder.00", - new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + + new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",target=" + target}); } String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; @@ -86,7 +86,7 @@ public class BPKBuilder { registerAndOrdNr.length() == 0)) { throw new BuildException("builder.00", - new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 9c696f245..2da7db2b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -129,7 +129,31 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @return String representation of <code><CreateXMLSignatureRequest></code> */ public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + + String request = ""; + request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; + request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>"; + request += "<sl:DataObjectInfo Structure=\"enveloping\">"; + request += "<sl:DataObject>"; + request += "<sl:XMLContent>"; + + request += buildForeignIDTextToBeSigned(subject, oaParam, session); + request += "</sl:XMLContent>"; + request += "</sl:DataObject>"; + request += "<sl:TransformsInfo>"; + request += "<sl:FinalDataMetaInfo>"; + request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>"; + request += "</sl:FinalDataMetaInfo>"; + request += "</sl:TransformsInfo>"; + request += "</sl:DataObjectInfo>"; + request += "</sl:CreateXMLSignatureRequest>"; + + return request; + } + + public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + String target = session.getTarget(); String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); @@ -137,14 +161,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants { String date = DateTimeUtils.buildDate(cal); String time = DateTimeUtils.buildTime(cal); - String request = ""; - request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; - request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>"; - request += "<sl:DataObjectInfo Structure=\"enveloping\">"; - request += "<sl:DataObject>"; - request += "<sl:XMLContent>"; - - request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">"; + String request = ""; + request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">"; //application/xhtml+xml text/html + //request += "<meta http-equiv=\"content-type\" content=\"application/xhtml+xml; charset=UTF-8\">"; request += "<head>"; request += "<title>Signatur der Anmeldedaten</title>"; request += "<style type=\"text/css\" media=\"screen\">"; @@ -263,17 +282,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</body>"; request += "</html>"; - - request += "</sl:XMLContent>"; - request += "</sl:DataObject>"; - request += "<sl:TransformsInfo>"; - request += "<sl:FinalDataMetaInfo>"; - request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>"; - request += "</sl:FinalDataMetaInfo>"; - request += "</sl:TransformsInfo>"; - request += "</sl:DataObjectInfo>"; - request += "</sl:CreateXMLSignatureRequest>"; - + return request; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 5a18b720b..e861c62fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.data; + + import iaik.x509.X509Certificate; import java.util.ArrayList; @@ -37,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import eu.stork.mw.messages.saml.STORKAuthnRequest; /** * Session data to be stored between <code>AuthenticationServer</code> API calls. @@ -204,7 +207,10 @@ public class AuthenticationSession { */ private String pushInfobox; - + /** + * The STORK AuthRequest to be sent to the C-PEPS + */ + private STORKAuthnRequest storkAuthnRequest; /** * Constructor for AuthenticationSession. @@ -814,6 +820,23 @@ public class AuthenticationSession { public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } + + /** + * Gets the STORK SAML AuthnRequest + * @return STORK SAML AuthnRequest + */ + public STORKAuthnRequest getStorkAuthnRequest() { + return storkAuthnRequest; + } + + /** + * Sets the STORK SAML AuthnRequest + * @param storkAuthnRequest STORK SAML AuthnRequest + */ + public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { + this.storkAuthnRequest = storkAuthnRequest; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index a19618dc2..16041f8cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -46,10 +46,18 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.URLDecoder; +import at.gv.egovernment.moa.util.URLEncoder; /** * Base class for MOA-ID Auth Servlets, providing standard error handling @@ -65,7 +73,16 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * */ private static final long serialVersionUID = -6929905344382283738L; + + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.debug("GET " + this.getServletName()); + + this.setNoCachingHeadersInHttpRespone(req, resp); +} /** * Handles an error. <br>> * <ul> @@ -260,4 +277,51 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { public void init(ServletConfig servletConfig) throws ServletException { super.init(servletConfig); } + + /** + * Set response headers to avoid caching + * @param request HttpServletRequest + * @param response HttpServletResponse + */ + protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) { + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + } + + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + protected static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + /** + * Checks if HTTP requests are allowed + * @param authURL requestURL + * @throws AuthenticationException if HTTP requests are not allowed + * @throws ConfigurationException + */ + protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException { + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 246a47699..bf7a0f714 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -24,19 +24,17 @@ package at.gv.egovernment.moa.id.auth.servlet;
-import iaik.pki.PKIException; - import java.io.IOException; -import java.security.GeneralSecurityException; +import java.security.cert.CertificateException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.MOAIDException; @@ -50,15 +48,10 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; /**
@@ -89,14 +82,7 @@ public class GetForeignIDServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET GetForeignIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-
+ super.doGet(req, resp);
}
/**
@@ -160,10 +146,17 @@ public class GetForeignIDServlet extends AuthServlet { CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
- Element signature = csresp.getDsigSignature();
+ Element signature = csresp.getDsigSignature(); + + try { + session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + } catch (CertificateException e) { + Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); + throw new MOAIDException("auth.14", null); + }
// make SZR request to the identity link
- CreateIdentityLinkResponse response = getIdentityLink(signature);
+ CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
if (response.isError()) {
@@ -173,28 +166,30 @@ public class GetForeignIDServlet extends AuthServlet { Element samlAssertion = response.getAssertion();
-// try {
-// System.out.println(DOMUtils.serializeNode(samlAssertion));
-// } catch (TransformerException e) {
-// e.printStackTrace();
-// }
+ try {
+ System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion));
+ } catch (TransformerException e) {
+ e.printStackTrace();
+ }
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); }
+
resp.setContentType("text/html");
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
@@ -210,84 +205,12 @@ public class GetForeignIDServlet extends AuthServlet { }
}
- /**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- private static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
- /**
- * Does the request to the SZR-GW
- * @param signature XMLDSIG signature
- * @return Identity link assertion
- * @throws SZRGWClientException
- */
- private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
-
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (GeneralSecurityException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (PKIException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- }
- }
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- }
-
- // create request
- CreateIdentityLinkResponse response = null;
- Element request = null;
- try {
- Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
- request = doc.getDocumentElement();
-
- // send request
- response = client.createIdentityLinkResponse(request);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- try {
- response = client.createIdentityLinkResponse(request);
- }
- catch (SZRGWClientException e1) {
- throw new SZRGWClientException(e1);
- }
- }
-
-
- return response;
-
- }
+
+
/**
- * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * Builds the szrgw:GetIdentityLinkRequest f�r the SZR-GW
* @param givenname
* @param familyname
* @param birthday
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 9d26ded8a..74b2f80b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -206,20 +206,6 @@ public class GetMISSessionIDServlet extends AuthServlet { }
} - /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - private static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - }
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java new file mode 100644 index 000000000..4ec894d47 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -0,0 +1,227 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+/**
+ * Endpoint for receiving STORK response messages
+ */
+public class PEPSConnectorServlet extends AuthServlet {
+ private static final long serialVersionUID = 1L;
+
+ public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
+
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ super.doGet(request, response);
+ }
+
+ /**
+ * Handles the reception of a STORK response message
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ try {
+
+ Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+ Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+ super.setNoCachingHeadersInHttpRespone(request, response);
+ Logger.trace("No Caching headers set for HTTP response");
+
+ //check if https or only http
+ super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+ Logger.debug("Trying to find MOA Session-ID");
+ HttpSession httpSession = request.getSession();
+ String moaSessionID = (String) httpSession.getAttribute("MOA-Session-ID");
+
+ if (StringUtils.isEmpty(moaSessionID)) {
+ //No authentication session has been started before
+ Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+ throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+ } else {
+ //We know user and MOA takes over session handling, invalidate HttpSession
+ httpSession.invalidate();
+ }
+
+ Logger.info("Found MOA sessionID: " + moaSessionID);
+
+ Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+ //extract STORK Response from HTTP Request
+ STORKResponse storkResponse = null;
+ try {
+ storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);
+ } catch (STORKException e) {
+ Logger.error("Unable to retrieve STORK Response", e);
+ throw new MOAIDException("stork.04", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response (pretty print): ");
+ Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));
+ Logger.trace("STORK response (original): ");
+ Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));
+
+ Logger.debug("Starting validation of SAML response");
+ //verify SAML response
+ try {
+ STORKResponseProcessor.verifySTORKResponse(storkResponse);
+ } catch (STORKException e) {
+ Logger.error("Failed to verify STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("SAML response succesfully verified!");
+
+ String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();
+
+ if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+ Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+ throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+ }
+
+ Logger.info("Got SAML response with authentication success message.");
+
+ //check if authentication request was created before
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ Logger.debug("MOA session is still valid");
+
+ STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+ if (storkAuthnRequest == null) {
+ Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+ throw new MOAIDException("stork.07", null);
+ }
+
+ Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+ Logger.debug("Starting validation of SAML assertion");
+ //verify SAML assertion
+ Assertion storkAssertion = storkResponse.getAssertions().get(0);
+ try {
+ STORKResponseProcessor.verifySTORKAssertion(
+ storkAssertion, //assertion
+ request.getRemoteAddr(), //IP address of user
+ storkAuthnRequest.getID(), //ID of STORK AuthnRequest
+ request.getRequestURL().toString(), //destination
+ HTTPUtils.getBaseURL(request), //audience
+ storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
+ } catch (STORKException e) {
+ Logger.error("Failed to verify STORK SAML Assertion", e);
+ throw new MOAIDException("stork.08", null);
+ }
+
+ Logger.info("SAML assertion succesfully verified!");
+
+ Logger.debug("Starting extraction of signedDoc attribute");
+ //extract signed doc element and citizen signature
+ Element citizenSignature = null;
+ try {
+
+ citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
+ moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
+ moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
+
+ } catch (Exception e) {
+ Logger.error("Could not extract citizen signature from C-PEPS", e);
+ throw new MOAIDException("stork.09", null);
+ }
+ Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+ Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+ Logger.debug("Starting connecting SZR Gateway");
+ //contact SZR Gateway
+ IdentityLink identityLink = null;
+ try {
+ identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
+ } catch (STORKException e) {
+ Logger.error("Error connecting SZR Gateway", e);
+ throw new MOAIDException("stork.10", null);
+ }
+ Logger.debug("SZR communication was successfull");
+
+ if (identityLink == null) {
+ Logger.error("SZR Gateway did not return an identity link.");
+ throw new MOAIDException("stork.10", null);
+ }
+ Logger.info("Received Identity Link from SZR Gateway");
+ moaSession.setIdentityLink(identityLink);
+
+ Logger.debug("Adding addtional STORK attributes to MOA assertion");
+ //add other stork attributes to MOA assertion
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes());
+ moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+
+ //We don't have BKUURL, setting from null to "Not applicable"
+ moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+ Logger.debug("Starting to assemble MOA assertion");
+ //produce MOA-Assertion and artifact
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ Logger.info("MOA assertion assembled and SAML Artifact generated.");
+
+ //redirect
+ String redirectURL = null;
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = moaSession.getOAURLRequested();
+ if (!moaSession.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+ }
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
+
+
+
+ } catch (AuthenticationException e) {
+ handleError(null, e, request, response);
+ } catch (MOAIDException e) {
+ handleError(null, e, request, response);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 355e85ce5..012ed4c14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; +import java.util.List; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -33,18 +34,29 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.saml2.metadata.RequestedAttribute; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; /** * Servlet requested for starting a MOA ID authentication session. @@ -77,7 +89,7 @@ public class StartAuthenticationServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); + Logger.debug("GET StartAuthentication"); String authURL = req.getScheme() + "://" + req.getServerName(); if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { authURL = authURL.concat(":" + req.getServerPort()); @@ -91,6 +103,7 @@ public class StartAuthenticationServlet extends AuthServlet { String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); // escape parameter strings target = StringEscapeUtils.escapeHtml(target); @@ -100,11 +113,9 @@ public class StartAuthenticationServlet extends AuthServlet { templateURL = StringEscapeUtils.escapeHtml(templateURL); sessionID = StringEscapeUtils.escapeHtml(sessionID); useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + setNoCachingHeadersInHttpRespone(req, resp); try { @@ -121,35 +132,56 @@ public class StartAuthenticationServlet extends AuthServlet { throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); if (!ParamValidatorUtils.isValidSourceID(sourceID)) throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); - + // get target and target friendly name from config String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + String targetFriendlyName = null; + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - String getIdentityLinkForm = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(ccc)) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); + Logger.debug("Starting STORK authentication"); - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); - } - else { - // use target from config - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); + AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID); + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); } - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); Logger.debug("Finished GET StartAuthentication"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f15f839d7..fbf700365 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -326,19 +326,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { // handleError(null, e, req, resp); // } // } - /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - private static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java new file mode 100644 index 000000000..7ffe59fd9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java @@ -0,0 +1,56 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import java.util.List; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.metadata.RequestedAttribute; +
+/**
+ * Interface to be implemented for verifying SAML assertions + * + * @author bzwattendorfer
+ *
+ */
+public interface AssertionVerifier {
+ + /** + * Verifies a given assertion + * @param assertion SAML assertion + * @param reqIPAddress IP address of the client + * @param authnRequestID ID of the corresponding authentication request for verification + * @param recipient recipient for verification + * @param audience audience for verification + * @param reqAttrList RequestedAttribute list for verification + * @throws SecurityException + */
+ public void verify(Assertion assertion, String reqIPAddress, String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java new file mode 100644 index 000000000..b95ab6218 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java @@ -0,0 +1,50 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import org.opensaml.xml.security.credential.Credential;
+
+import eu.stork.vidp.messages.exception.SAMLException;
+
+/**
+ * Interface supporting different kinds of Credentials + * + * @author bzwattendorfer
+ *
+ */
+public interface CredentialProvider {
+ + /** + * Gets appropriate credentials + * @return Credential object + * @throws SAMLException + */
+ public Credential getCredential() throws SAMLException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java new file mode 100644 index 000000000..467210b4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java @@ -0,0 +1,126 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.stork;
+
+import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.vidp.messages.exception.SAMLException; +
+/** + * Provides credentials from a KeyStore + * @author bzwattendorfer + * + */
+public class KeyStoreCredentialProvider implements CredentialProvider {
+
+ private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
+ + /** KeyStore Path */
+ private String keyStorePath;
+ + /** KeyStore Password */
+ private String keyStorePassword;
+ + /** Specific Key Name as Credential */
+ private String keyName;
+ + /** Key password */
+ private String keyPassword;
+
+ /** + * Creates a KeyStoreCredentialProvider object + * @param keyStorePath KeyStore Path + * @param keyStorePassword KeyStore Password + * @param keyName KeyName of the key to be retrieved + * @param keyPassword Password for the Key + */
+ public KeyStoreCredentialProvider(String keyStorePath,
+ String keyStorePassword, String keyName, String keyPassword) {
+ super();
+ this.keyStorePath = keyStorePath;
+ this.keyStorePassword = keyStorePassword;
+ this.keyName = keyName;
+ this.keyPassword = keyPassword;
+ }
+
+ + /** + * Gets the credential object from the KeyStore + */
+ public Credential getCredential() throws SAMLException {
+ log.trace("Retrieving credentials for signing SAML Response.");
+
+ if (StringUtils.isEmpty(this.keyStorePath))
+ throw new SAMLException("No keyStorePath specified");
+ + //KeyStorePassword optional
+ //if (StringUtils.isEmpty(this.keyStorePassword))
+ // throw new SAMLException("No keyStorePassword specified");
+
+ if (StringUtils.isEmpty(this.keyName))
+ throw new SAMLException("No keyName specified");
+ + //KeyStorePassword optional
+ //if (StringUtils.isEmpty(this.keyPassword))
+ // throw new SAMLException("No keyPassword specified");
+
+ KeyStore ks;
+ try {
+ ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);
+ } catch (Exception e) {
+ log.error("Failed to load keystore information", e);
+ throw new SAMLException(e);
+ }
+
+ //return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
+ BasicX509Credential credential = null;
+ try {
+ java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
+ PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
+ credential = new BasicX509Credential();
+ credential.setEntityCertificate(certificate);
+ credential.setPrivateKey(privateKey);
+
+ } catch (Exception e) {
+ log.error("Error retrieving signing credentials.", e);
+ throw new SAMLException(e);
+ }
+
+ return credential;
+
+ } + + +}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java new file mode 100644 index 000000000..3048ccbee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java @@ -0,0 +1,241 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.vidp.messages.saml.STORKAttribute; +import eu.stork.vidp.messages.util.SAMLUtil; +
+/**
+ * Verifies the SAML assertion according to the STORK specification + * @author bzwattendorfer
+ *
+ */
+public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
+
+ private static final int CLOCK_SKEW_MINUTES = 5; + + private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
+ */
+ public void verify(Assertion assertion, String reqIPAddress,
+ String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
+
+ //SAML assertion need not to be signed, skipping signature validation
+
+ verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient); + + Logger.debug("SubjectConfirmationData successfully verified"); +
+ verifyConditions(assertion, audience);
+ + Logger.debug("Conditions successfully verified"); + }
+
+
+ private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {
+ for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
+ verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
+ }
+
+ }
+
+ private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {
+ //NotBefore not allowed in SSO profile
+ verifyNotOnOrAfter(scData.getNotOnOrAfter()); + + Logger.trace("NotOnOrAfter successfully verified");
+
+ if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
+ verifyClientAddress(scData, reqAddress); + Logger.trace("User's client IP address successfully verified.");
+ } else {
+ Logger.warn("User's client IP address will not be verified.");
+ }
+
+ verifyRecipient(scData, recipient); + Logger.trace("Recipient successfully verified"); +
+ verifyInResponseTo(scData, requestID); + Logger.trace("InResponseTo successfully verified");
+
+ }
+
+ private void verifyNotBefore(DateTime notBefore) throws SecurityException {
+ if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
+ String msg = "Subject/Assertion not yet valid, Timestamp: ";
+ Logger.error(msg + notBefore);
+ throw new SecurityException(msg);
+ }
+
+ Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
+
+ }
+
+ private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
+ if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
+ String msg = "Subject/Assertion no longer valid.";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+
+ Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
+ }
+
+ private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
+ if (!reqAddress.equals(scData.getAddress())) {
+ String msg = "Response coming from wrong Client-Address";
+ Logger.error("Response coming from wrong Client-Address " + reqAddress + ", expected " + scData.getAddress());
+ throw new SecurityException(msg);
+ }
+
+ }
+
+ private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
+ if (!scData.getInResponseTo().equals(requestID)) {
+ String msg = "Assertion issued for wrong request";
+ Logger.error(msg);
+ throw new SecurityException(msg);
+ }
+ }
+
+ private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
+ if (!scData.getRecipient().equals(reqRecipient)) {
+ String msg = "Assertion intended for another recipient";
+ Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
+ throw new SecurityException(msg);
+ }
+
+ }
+
+ private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
+ for (Audience audience : audienceRestriction.getAudiences()) {
+ if (audience.getAudienceURI().equals(reqAudience))
+ return;
+ }
+ String msg = "Assertion sent to wrong audience";
+ Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
+ throw new SecurityException(msg);
+ }
+
+ private void verifyOneTimeUse(String assertionID) {
+ //not necessarily required to check since notBefore and notOnOrAfter are verified
+ //check response Store for already existing assertion
+
+ }
+
+ private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {
+ Conditions conditions = assertion.getConditions();
+
+ verifyNotBefore(conditions.getNotBefore()); + Logger.trace("NotBefore successfully verified"); +
+ verifyNotOnOrAfter(conditions.getNotOnOrAfter()); + Logger.trace("NotOnOrAfter successfully verified");
+
+ verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience); + + Logger.trace("Audience successfully verified");
+
+ } + + public static void validateRequiredAttributes( + List<RequestedAttribute> reqAttrList, + List<Attribute> attrList) + throws STORKException { + + Logger.debug("Starting required attribute validation"); + + if (reqAttrList == null || reqAttrList.isEmpty()) { + Logger.error("Requested Attributes list is empty."); + throw new STORKException("No attributes have been requested"); + } + + if (attrList == null || attrList.isEmpty()) { + Logger.error("STORK AttributeStatement is empty."); + throw new STORKException("No attributes have been received"); + } + + Logger.trace("These attributes have been requested and received: "); + int count = 0; + for (RequestedAttribute reqAttr : reqAttrList) { + Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired()); + for(Attribute attr : attrList) { + if (verifyRequestedAttribute(reqAttr, attr)) + count++; + } + } + + int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList); + Logger.trace("Number of requested required attributes: " + numRequiredReqAttr); + Logger.trace("Number of received required attributes: " + count); + + if (count != numRequiredReqAttr) { + Logger.error("Not all required attributes have been received"); + throw new STORKException("Not all required attributes have been received"); + } + Logger.debug("Received all required attributes!"); + + } + + private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) { + + if ((reqAttr.getName()).equals(attr.getName())) { + if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) { + Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr)); + return true; + } + } + return false; + } + + private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) { + int count = 0; + for (RequestedAttribute reqAttr : reqAttrList) + if (reqAttr.isRequired()) count++; + + return count; + } +
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java new file mode 100644 index 000000000..2deeb2aae --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java @@ -0,0 +1,153 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+ +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; +
+/**
+ * Verifies the SMAL response according to the STORK specification + * @author bzwattendorfer
+ *
+ */
+public class PEPSConnectorResponseVerifier implements ResponseVerifier {
+
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
+ */
+ public void verify(STORKResponse response) throws SecurityException {
+
+ verifySignature(response);
+ Logger.debug("Signature of SAML response valid.");
+
+ verifyStandardValidation(response);
+
+ Logger.debug("SAML response format valid.");
+
+ }
+
+
+ private void verifySignature(STORKResponse response) throws SecurityException {
+ //validate Signature
+ try {
+ if (response.isSigned()) { + + String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID(); + + Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID); +
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID); + + Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); + + Logger.trace("Calling MOA-SP"); + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { + String msg = "Signature of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signature of SAML response successfully verified"); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String msg = "Certificate of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signing certificate of SAML response succesfully verified"); +
+ } else {
+ String msg = "SAML Response is not signed.";
+ throw new SecurityException(msg);
+ }
+
+ } catch (ConfigurationException e) {
+ String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
+ } catch (ParseException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (BuildException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (ServiceException e) { + String msg = "Unable to invoke MOA-SP."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + }
+
+ }
+
+ private void verifyStandardValidation(STORKResponse response) throws SecurityException {
+ try {
+ SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
+ } catch (SAMLValidationException e) {
+ String msg ="SAML Response received not valid.";
+ throw new SecurityException(msg, e);
+ }
+
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java new file mode 100644 index 000000000..848937824 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java @@ -0,0 +1,44 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.stork;
+
+import eu.stork.mw.messages.saml.STORKResponse; + +/** + * Interface to be implemented for SAML response verification + * @author bzwattendorfer + * + */
+public interface ResponseVerifier {
+ + /** + * Verifies a STORK response + * @param response STORK response + * @throws SecurityException + */
+ public void verify(STORKResponse response) throws SecurityException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java new file mode 100644 index 000000000..ff30919bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java @@ -0,0 +1,170 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+import eu.stork.vidp.messages.util.SAMLUtil;
+
+/**
+ * Class handling all necessary functionality for STORK AuthnRequest processing
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAuthnRequestProcessor {
+
+ /**
+ * Creates a STORK AuthnRequest
+ * @param destination Destination URL
+ * @param acsURL Assertion Consumer Service URL
+ * @param providerName SP Provider Name
+ * @param issuerValue Issuer Name
+ * @param qaaLevel STORK QAALevel to be requested
+ * @param requestedAttributes Requested Attributes to be requested
+ * @param spSector Sp Sector
+ * @param spInstitution SP Institution
+ * @param spApplication SP Application
+ * @param spCountry SP Country
+ * @param textToBeSigned text to be included in signedDoc element
+ * @param mimeType mimeType for the text to be signed in signedDoc
+ * @return STORK AuthnRequest
+ */
+ public static STORKAuthnRequest generateSTORKAuthnRequest(
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ QualityAuthenticationAssuranceLevel qaaLevel,
+ RequestedAttributes requestedAttributes,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry,
+ String textToBeSigned,
+ String mimeType) {
+
+
+ STORKAuthnRequest storkAuthnRequest =
+ STORKMessagesBuilder.buildSTORKAuthnRequest(
+ destination,
+ acsURL,
+ providerName,
+ issuerValue,
+ qaaLevel,
+ requestedAttributes,
+ spSector,
+ spInstitution,
+ spApplication,
+ spCountry);
+
+ STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
+
+ Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
+
+ return storkAuthnRequest;
+
+ }
+
+ /**
+ * Signs a STORK AuthnRequest
+ * @param storkAuthnRequest STORK AuthRequest to sign
+ * @param keyStorePath KeyStorePath to the signing key
+ * @param keyStorePassword KeyStore Password
+ * @param keyName Signing key name
+ * @param keyPassword Signing key password
+ * @return Signed STORK AuthnRequest
+ * @throws SAMLException
+ */
+ public static STORKAuthnRequest signSTORKAuthnRequest(
+ STORKAuthnRequest storkAuthnRequest,
+ String keyStorePath,
+ String keyStorePassword,
+ String keyName,
+ String keyPassword) throws SAMLException {
+
+ Logger.trace("Building Credential Provider for signing process");
+
+ CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
+
+ Credential credential = credentialProvider.getCredential();
+
+ Logger.trace("Credentials found");
+
+ SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
+
+ return storkAuthnRequest;
+ }
+
+ /**
+ * Validates a STORK AuthnRequest
+ * @param storkAuthnRequest STORK AuthnRequest to validate
+ * @throws SAMLValidationException
+ */
+ public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
+
+ SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
+
+ }
+
+ /**
+ * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
+ * @param request HttpServletRequest
+ * @param response HttpServletResponse
+ * @param storkAuthnRequest STORK AuthnRequest to send
+ * @throws Exception
+ */
+ public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
+
+ Logger.trace("Create endpoint...");
+ Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
+ endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ endpoint.setLocation(storkAuthnRequest.getDestination());
+
+
+ Logger.trace("Prepare SAMLMessageContext...");
+ HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
+ BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
+ samlMessageContext.setOutboundMessageTransport(outTransport);
+ samlMessageContext.setPeerEntityEndpoint(endpoint);
+
+ Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
+ samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
+
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+
+// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
+ HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
+
+ Logger.trace("HTTP-Post encode SAMLMessageContext...");
+ encoder.encode(samlMessageContext);
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java new file mode 100644 index 000000000..5b737603b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java @@ -0,0 +1,42 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+
+/**
+ * Exception thrown if error occurs in STORK processing
+ * @author bzwattendorfer
+ *
+ */
+public class STORKException extends Exception{
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public STORKException() {
+ super();
+
+ }
+
+ public STORKException(String message, Throwable cause) {
+ super(message, cause);
+
+ }
+
+ public STORKException(String message) {
+ super(message);
+
+ }
+
+ public STORKException(Throwable cause) {
+ super(cause);
+
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java new file mode 100644 index 000000000..c98ca87b9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -0,0 +1,405 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.List;
+import java.util.Vector;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.namespace.QName;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.ws.transport.http.HTTPInTransport;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
+/**
+ *
+ * Handles all functionality for the processing of a STORK response
+ * @author bzwattendorfer
+ *
+ */
+public class STORKResponseProcessor {
+
+ /** OASIS DSS Namespace */
+ public static final String OASIS_DSS_NS = "urn:oasis:names:tc:dss:1.0:core:schema";
+
+ /** OASIS DSS Success Message */
+ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success";
+
+ /**
+ * Extracts a STORK response from a HTTP message
+ * @param request HttpServletRequest
+ * @param response HttpServletResponse
+ * @return STORK Response
+ * @throws STORKException
+ */
+ public static STORKResponse receiveSTORKRepsonse(HttpServletRequest request, HttpServletResponse response) throws STORKException {
+
+ HTTPInTransport httpInTransport = new HttpServletRequestAdapter(request);
+ HTTPOutTransport httpOutTransport = new HttpServletResponseAdapter(response, request.isSecure());
+
+ httpInTransport.getPeerAddress();
+
+ String samlResponseString = request.getParameter("SAMLResponse");
+
+ if (StringUtils.isEmpty(samlResponseString)) {
+ Logger.error("SAMLResponse not found in request.");
+ throw new STORKException("SAMLResponse not found in request.");
+ }
+
+ BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
+
+ samlMessageContext.setInboundMessageTransport(httpInTransport);
+ samlMessageContext.setOutboundMessageTransport(httpOutTransport);
+
+ HTTPPostDecoder postDecoder = new HTTPPostDecoder();
+
+ try {
+ postDecoder.decode(samlMessageContext);
+ } catch (Exception e) {
+ Logger.error("Error decoding SAMLResponse message", e);
+ throw new STORKException("Error decoding SAMLResponse message", e);
+ }
+
+ if (!(samlMessageContext.getInboundSAMLMessage() instanceof STORKResponse)) {
+ Logger.error("Message received is not a SAMLResponse message");
+ throw new STORKException("Message received is not a SAMLResponse message");
+ }
+
+ STORKResponse samlResponse = (STORKResponse) samlMessageContext.getInboundSAMLMessage();
+
+ return samlResponse;
+ }
+
+ /**
+ * Verifies a STORK response according STORK specification
+ * @param storkResponse STORK Response to verify
+ * @throws STORKException if validation fails
+ */
+ public static void verifySTORKResponse(STORKResponse storkResponse) throws STORKException {
+
+ ResponseVerifier responseVerifier = new PEPSConnectorResponseVerifier();
+ try {
+ responseVerifier.verify(storkResponse);
+ } catch (SecurityException e) {
+ Logger.error("Error validating response message from PEPS.", e);
+ throw new STORKException("Error validating response message from PEPS.");
+ }
+
+ }
+
+ /**
+ * Verifies a STORK assertion
+ * @param assertion STORK assertion
+ * @param ipAddress Client IP address
+ * @param authnRequestID ID of the AuthnRequest
+ * @param recipient recipient for verification
+ * @param audience audience for verification
+ * @param reqAttributeList RequestedAttribute list for verification
+ * @throws STORKException
+ */
+ public static void verifySTORKAssertion(
+ Assertion assertion,
+ String ipAddress,
+ String authnRequestID,
+ String recipient,
+ String audience,
+ List<RequestedAttribute> reqAttributeList) throws STORKException {
+
+ //validate Assertion
+ AssertionVerifier assertionVerifier = new PEPSConnectorAssertionVerifier();
+ try {
+ assertionVerifier.verify(assertion, ipAddress, authnRequestID, recipient, audience, reqAttributeList);
+
+ //verify if all required attributes are present
+ PEPSConnectorAssertionVerifier.validateRequiredAttributes(reqAttributeList, assertion.getAttributeStatements().get(0).getAttributes());
+
+ } catch (SecurityException e) {
+ Logger.error("Error verifying assertion from PEPS", e);
+ throw new STORKException("Error validating assertion received from PEPS.");
+ }
+
+ }
+
+ /**
+ * Extracts the citizen signature from the signedDoc element present in the STORK assertion
+ * @param storkAssertion STORK assertion
+ * @return citizen signature as XML
+ * @throws STORKException
+ */
+ public static Element extractCitizenSignature(Assertion storkAssertion) throws STORKException {
+
+ Logger.debug("Processing DSS signature response from PEPS");
+
+ Element signatureResponse = getSignedDocAttributeValue(storkAssertion);
+
+ if (signatureResponse == null) {
+ String msg = "Could not find DSS signature response in SAML assertion";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.debug("Found DSS signature in SAML assertion");
+
+ Logger.debug("DSS Signature creation response received from PEPS (pretty print):");
+ Logger.debug(XMLHelper.prettyPrintXML(signatureResponse));
+ Logger.trace("DSS Signature creation response received from PEPS (original):");
+ Logger.trace(XMLUtil.printXML(signatureResponse));
+
+ Element signature = getSignature(signatureResponse);
+
+ if (signature == null) {
+ String msg = "Could not find citizen signature in SAML assertion";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.debug("Found foreign citizen signature in SAML assertion (pretty print):");
+ Logger.debug(XMLHelper.prettyPrintXML(signature));
+ Logger.trace("Found foreign citizen signature in SAML assertion (original):");
+ Logger.trace(XMLUtil.printXML(signature));
+
+ return signature;
+ }
+
+ /**
+ * Extracts the signedDoc attribute from a STORK assertion as XML
+ * @param storkAssertion STORK assertion
+ * @return Value of signedDoc attribute
+ * @throws STORKException
+ */
+ private static Element getSignedDocAttributeValue(Assertion storkAssertion) throws STORKException {
+
+ XMLObject xmlObj = SAMLUtil.getAttributeValue(storkAssertion.getAttributeStatements().get(0).getAttributes(), STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC);
+
+
+ if (xmlObj instanceof XSAny)
+ return getSignedDocAttributeValueFromAny((XSAny) xmlObj);
+ else if (xmlObj instanceof XSString)
+ return getSignedDocAttributValueFromString((XSString) xmlObj);
+ else
+ return null;
+
+ }
+
+ /**
+ * Get signedDoc as XML if provided as anyType
+ * @param any AttributeValue as anyType
+ * @return signedDoc as XML
+ */
+ private static Element getSignedDocAttributeValueFromAny(XSAny any) {
+ if (!any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).isEmpty()) {
+ XMLObject xmlObj = any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).get(0);
+ return xmlObj.getDOM();
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Get signedDoc as XML if provided as String
+ * @param string AttributeValue as String
+ * @return signedDoc as XML
+ * @throws STORKException
+ */
+ private static Element getSignedDocAttributValueFromString(XSString string) throws STORKException {
+ try {
+ return XMLUtil.stringToDOM(string.getValue());
+ } catch (Exception e) {
+ Logger.error("Error building DOM", e);
+ throw new STORKException(e);
+
+ }
+ }
+
+ /**
+ * Extracts the signature value out of a DSS response
+ * @param signatureResponse DSS signature response
+ * @return signature
+ * @throws STORKException
+ */
+ private static Element getSignature(Element signatureResponse) throws STORKException {
+
+ NodeList nList = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "ResultMajor");
+
+ String resultMajor = XMLUtil.getFirstTextValueFromNodeList(nList);
+
+ if (StringUtils.isEmpty(resultMajor)) {
+ String msg = "DSS response not correct, ResultMajor element missing.";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.trace("ResultMajor of DSS response: " + resultMajor);
+
+ if (!OASIS_DSS_SUCCESS_MSG.equals(resultMajor)) {
+ String msg = "DSS response not correct, ResultMajor is " + resultMajor;
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ NodeList nList2 = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "Base64Signature");;
+
+ String base64SigString = XMLUtil.getFirstTextValueFromNodeList(nList2);
+
+ if (StringUtils.isEmpty(base64SigString)) {
+ String msg = "DSS response not correct, Base64Signature element missing.";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+ Logger.trace("Base64Signature element of DSS response: " + base64SigString);
+
+ String sigString = new String(Base64.decode(base64SigString));
+
+ try {
+ return XMLUtil.stringToDOM(sigString);
+ } catch (Exception e) {
+ String msg = "Unable to extract signature from DSS response";
+ Logger.error(msg);
+ throw new STORKException(msg);
+ }
+
+
+ }
+
+ /**
+ * Handels connection to SZR-GW and returns Identity Link on success
+ * @param citizenSignature Citizen signature
+ * @param attributeList Received attribute List in assertion
+ * @return Identity Link
+ * @throws STORKException
+ */
+ public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
+ Logger.trace("Calling SZR Gateway with the following attributes:");
+
+ String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);
+
+ String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
+
+ String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
+
+ String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
+
+ if (!StringUtils.isEmpty(dateOfBirth)) {
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
+ }
+
+ CreateIdentityLinkResponse response;
+ IdentityLink identityLink = null;
+ try {
+ Logger.trace("Starting call...");
+ response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);
+ if (response.isError()) {
+ Logger.error("Receveid ErrorResponse from SZR Gateway.");
+ throw new SZRGWClientException(response.getError());
+ }
+ else {
+ Logger.trace("Receveid Success Response from SZR Gateway.");
+ Element samlAssertion = response.getAssertion();
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ identityLink = ilParser.parseIdentityLink();
+
+
+ Logger.debug("Received Identity Link from SZR Gateway");
+ //TODO: is this ok?
+// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) {
+// identityLink.setDateOfBirth("9999-12-31");
+// }
+
+ }
+ } catch (SZRGWClientException e) {
+ Logger.error("Error connecting SZR-Gateway: ", e);
+ throw new STORKException("Error connecting SZR-Gateway: ", e);
+ } catch (ParseException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ }
+
+ return identityLink;
+
+ }
+
+
+ /**
+ * Transforms additional STORK attributes to MOA Extended attributes
+ * @param storkAttributeList STORK attribute list
+ * @return
+ */
+ public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(List<Attribute> storkAttributeList) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+
+ Logger.trace("Adding the following attributes to MOA assertion: ");
+ int count = 0;
+ //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc
+ for (Attribute attribute : storkAttributeList) {
+ //attribute is not in default returned attribute set
+ if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) {
+
+ String attributeValue = null;
+ if (!attribute.getAttributeValues().isEmpty()) {
+ //we have attribute value
+ attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0));
+ }
+ ExtendedSAMLAttribute extendedSAMLAttribute =
+ new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+ moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+ count++;
+ Logger.trace("Additional attribute: " + attribute.getName());
+ }
+ }
+
+
+ Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
+
+ return moaExtendedSAMLAttributeList;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java new file mode 100644 index 000000000..29478718f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java @@ -0,0 +1,88 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.stork;
+
+import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +
+/**
+ * Gets a Velocity Engine + * + * @author bzwattendorfer
+ *
+ */
+public class VelocityProvider {
+ + /** + * Gets velocityEngine from Classpath + * @return VelocityEngine + * @throws Exception + */
+ public static VelocityEngine getClassPathVelocityEngine() throws Exception {
+ VelocityEngine velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ velocityEngine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+
+ velocityEngine.init();
+
+ return velocityEngine;
+ }
+ + /** + * Gets VelocityEngine from File + * @param rootPath File Path to template file + * @return VelocityEngine + * @throws Exception + */
+ public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
+ VelocityEngine velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
+ velocityEngine.setProperty("file.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
+ velocityEngine.setProperty("file.resource.loader.path", rootPath);
+
+ velocityEngine.init();
+
+ return velocityEngine;
+ }
+ + /** + * Gets a basic VelocityEngine + * @return VelocityEngine + */
+ private static VelocityEngine getBaseVelocityEngine() {
+ VelocityEngine velocityEngine = new VelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+
+ return velocityEngine;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index c719484fa..13e7cb0f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -24,12 +24,13 @@ package at.gv.egovernment.moa.id.config; -import iaik.ixsil.util.Utils; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -39,20 +40,23 @@ import java.util.List; import java.util.Map; import java.util.Vector; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.message.encoder.MessageEncodingException; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import com.sun.xml.internal.fastinfoset.stax.events.Util; - import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -63,6 +67,12 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -80,6 +90,12 @@ public class ConfigurationBuilder { protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; /** an XPATH-Expression */ protected static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORK = Constants.STORK_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORKP= Constants.STORKP_PREFIX + ":"; // // chaining mode constants appearing in the configuration file @@ -220,8 +236,58 @@ public class ConfigurationBuilder { protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "C-PEPS"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE = "countryCode"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL = "URL"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureCreationParameter" ; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES = + STORK + "RequestedAttribute"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureVerificationParameter"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE = + CONF + "KeyStore"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME = + CONF + "KeyName"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD = + CONF + "KeyStore/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD = + CONF + "KeyName/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID = + CONF + "TrustProfileID"; + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_QAA = + CONF + "STORK/" + STORK + "QualityAuthenticationAssuranceLevel"; + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE = + CONF + "STORK/" + STORKP + "RequestedAttributes/" + STORK + "RequestedAttribute"; + /** * main configuration file directory name used to configure MOA-ID */ @@ -615,6 +681,32 @@ public class ConfigurationBuilder { oap.setMandateProfiles(profiles); } } + + //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) + QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); + if (qaaLevel != null) { + oap.setQaaLevel(qaaLevel); + Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); + } + + RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); + + if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { + //we have additional STORK attributes to request for this OA + Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); + for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { + if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { + addReqAttr.detach(); + oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); + Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); + } + } + + } else { + //do nothing, only request default attributes + } + + } OA_set.add(oap); } @@ -633,7 +725,7 @@ public class ConfigurationBuilder { */ private int buildConditionLength(String length) { - if (Util.isEmptyString(length)) + if (StringUtils.isEmpty(length)) return -1; else return new Integer(length).intValue(); @@ -1035,6 +1127,228 @@ public class ConfigurationBuilder { return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters); } } + + /** + * Creates a SignatureCreationParameter object from the MOA-ID configuration + * This configuration object contains KeyStore and Key data for signature creation (STORK SAML Signature Creation). + * + * @return KeyStore and Key data for signature creation (STORK SAML Signature Creation) + */ + public SignatureCreationParameter buildSTORKSignatureCreationParameter() { + + Logger.debug("Loading STORK signature creation parameters."); + + Element signatureCreationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER); + if (signatureCreationParameterElement == null) { + Logger.debug("No STORK signature parameters found, " + AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER + "is missing."); + return null; + } + + SignatureCreationParameter signatureCreationParameter = new SignatureCreationParameter(); + + Element keyStoreElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE); + if (keyStoreElement==null) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE + "is missing."); + return null; + } + + Element keyNameElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME); + if (keyNameElement==null) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME + "is missing."); + return null; + } + + String keyStorePath = DOMUtils.getText(keyStoreElement); + if (StringUtils.isEmpty(keyStorePath)) { + Logger.error("No KeyStorePath for STORK SAML Signing Certificate provided!"); + return null; + } + signatureCreationParameter.setKeyStorePath(FileUtils.makeAbsoluteURL(keyStorePath, rootConfigFileDir_)); + Logger.trace("Found KeyStorePath for STORK SAML Signing Certificate: " + keyStorePath); + + String keyStorePassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD, ""); + signatureCreationParameter.setKeyStorePassword(keyStorePassword); + + String keyName = DOMUtils.getText(keyNameElement); + if (StringUtils.isEmpty(keyName)) { + Logger.warn(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD + "is missing."); + return null; + } + signatureCreationParameter.setKeyName(keyName); + Logger.trace("Found KeyName for STORK SAML Signing Certificate: " + keyName); + + String keyPassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD, ""); + signatureCreationParameter.setKeyPassword(keyPassword); + + Logger.info("STORK signature creation parameters loaded."); + + return signatureCreationParameter; + + } + + /** + * Creates a SignatureVerificationParameter object from the MOA-ID configuration + * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification) + * + * @return TrustProfileID for signature verification (STORK SAML Signature Verification) + */ + public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() { + + Logger.debug("Loading STORK signature verification parameters."); + + Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER); + if (signatureVerificationParameterElement == null) { + Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing."); + return null; + } + + SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter(); + + String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null); + if (StringUtils.isEmpty(trustProfileID)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing."); + return null; + } + Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID); + signatureVerificationParameter.setTrustProfileID(trustProfileID); + + Logger.info("STORK signature verification parameters loaded."); + + return signatureVerificationParameter; + } + + /** + * Builds a C-PEPS object from configuration + * @param cpepsElement DOM Element of C-PEPS from configuration + * @return C-PEPS object + */ + public CPEPS buildSTORKCpeps(Element cpepsElement) { + + String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE); + String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL); + if (StringUtils.isEmpty(countryCode)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing."); + return null; + } + if (StringUtils.isEmpty(cpepsURLString)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing."); + return null; + } + + URL cpepsURL; + try { + cpepsURL = new URL(cpepsURLString); + } catch (MalformedURLException e) { + Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e); + return null; + } + CPEPS cpeps = new CPEPS(countryCode, cpepsURL); + Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL()); + + Element reqAttributeElement; + NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES); + + while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { + RequestedAttribute requestedAttribute; + try { + requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); + } catch (MessageEncodingException e) { + Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e); + return null; + } + //only add if STORK attribute is correct + if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { + cpeps.addCountrySpecificRequestedAttribute(requestedAttribute); + Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired()); + } else { + Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); + } + + } + + return cpeps; + } + + /** + * Builds the supported C-PEPS Map from configuration + * @return Map of C-PEPS + */ + public Map<String, CPEPS> buildSTORKcPEPSMap() { + + Logger.debug("Loading STORK C-PEPS information"); + + Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); + + NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); + + Element cpepsElement; + CPEPS cpeps; + + while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { + cpeps = buildSTORKCpeps(cpepsElement); + if (cpeps != null) { + cpepsMap.put(cpeps.getCountryCode(), cpeps); + } + } + + if(!cpepsMap.isEmpty()) { + Logger.info("STORK C-PEPS information loaded"); + } + + return cpepsMap; + + } + + /** + * Builds the required STORK QAALevel for this OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK QAALevel for this OA + */ + public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { + Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); + + if (qaaLevelElement == null) return null; + + try { + QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); + return qaaLevel; + } catch (MessageEncodingException e) { + Logger.error("Could not build STORK QAALevel, using default."); + return null; + } + + } + + /** + * Builds the Requested Attributes specific for an OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK RequestedAttributes for this OA + */ + public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { + List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); + + + Element reqAttributeElement; + NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); + + while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { + RequestedAttribute requestedAttribute; + try { + requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); + } catch (MessageEncodingException e) { + Logger.error("Provided RequestedAttributes Online Application is malformed.", e); + return null; + } + //only add if STORK attribute is correct + if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { + reqAttributeList.add(requestedAttribute); + } else { + Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); + } + } + + return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); + } /** * Method warn. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 04b92f209..b6ffb0c59 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -35,13 +35,17 @@ import java.util.List; import org.w3c.dom.Element; import org.w3c.dom.Node; +import eu.stork.vidp.messages.common.STORKBootstrap; + import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -183,6 +187,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private List trustedBKUs; + /** + * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) + */ + private STORKConfig storkConfig; + /** * Return the single instance of configuration data. * @@ -263,7 +272,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } - + + //Initialize OpenSAML for STORK + Logger.trace("Starting initialization of OpenSAML..."); + STORKBootstrap.bootstrap(); + Logger.debug("OpenSAML successfully initialized"); + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); @@ -293,6 +307,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { trustedCACertificates = builder.getTrustedCACertificates(); trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); trustedBKUs = builder.getTrustedBKUs(); + storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -370,6 +385,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } return null; } + /** * Return a string with a url-reference to the VerifyAuthBlock trust @@ -484,4 +500,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return defaultVerifyInfoboxParameters; } + /** + * Retruns the STORK Configuration + * @return STORK Configuration + */ + public STORKConfig getStorkConfig() { + return storkConfig; + } + + + }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 2959d9208..091a01bf7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -24,7 +24,15 @@ package at.gv.egovernment.moa.id.config.auth; +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + import at.gv.egovernment.moa.id.config.OAParameter; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; /** * Configuration parameters belonging to an online application, @@ -117,12 +125,28 @@ public class OAAuthParameter extends OAParameter { private String mandateProfiles; /** - * BZ + * * Type for authentication number (e.g. Firmenbuchnummer) */ private String identityLinkDomainIdentifierType; /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** * Returns <code>true</code> if the Security Layer version is version 1.2, * otherwise <code>false</code>. * @return <code>true</code> if the Security Layer version is version 1.2, @@ -441,4 +465,38 @@ public class OAAuthParameter extends OAParameter { return this.mandateProfiles; } + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java new file mode 100644 index 000000000..a5b160454 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java @@ -0,0 +1,98 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java new file mode 100644 index 000000000..485a44421 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -0,0 +1,90 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java new file mode 100644 index 000000000..1f66b7752 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java new file mode 100644 index 000000000..2d8402e4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 7b29051f3..a148aa690 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -40,9 +40,13 @@ import java.io.Reader; import java.net.HttpURLConnection; import java.net.URL; +import javax.servlet.http.HttpServletRequest; + import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.util.StringUtils; + /** * * @author Rudolf Schamberger @@ -88,5 +92,47 @@ public class HTTPUtils { conn.disconnect(); return buffer.toString(); } + + /** + * Helper method to retrieve server URL including context path + * @param request HttpServletRequest + * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth + */ + public static String getBaseURL(HttpServletRequest request) { + StringBuffer buffer = new StringBuffer(getServerURL(request)); + + // add context path if available + String contextPath = request.getContextPath(); + if (!StringUtils.isEmpty(contextPath)) { + buffer.append(contextPath); + } + + return buffer.toString(); + } + + /** + * Helper method to retrieve server URL + * @param request HttpServletRequest + * @return Server URL (e.g. http://localhost:8443) + */ + public static String getServerURL(HttpServletRequest request) { + StringBuffer buffer = new StringBuffer(); + + // get protocol + String protocol = request.getScheme(); + buffer.append(protocol).append("://"); + + // server name + buffer.append(request.getServerName()); + + // add port if necessary + int port = request.getServerPort(); + if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) { + buffer.append(':'); + buffer.append(port); + } + + return buffer.toString(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 790651adf..0862371dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -43,6 +43,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; public class ParamValidatorUtils {
@@ -54,10 +55,10 @@ public class ParamValidatorUtils { */
public static boolean isValidTarget(String target) {
- Logger.debug("Überprüfe Parameter Target");
+ Logger.debug("�berpr�fe Parameter Target");
// if non parameter is given return true
- if (target == null) {
+ if (StringUtils.isEmpty(target)) {
Logger.debug("Parameter Target ist null");
return true;
}
@@ -67,27 +68,57 @@ public class ParamValidatorUtils { Matcher matcher = pattern.matcher(target);
boolean b = matcher.matches();
if (b) {
- Logger.debug("Parameter Target erfolgreich überprüft");
+ Logger.debug("Parameter Target erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ Logger.error("Fehler �berpr�fung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
return false;
}
} /** + * Checks if the given ccc parameter is valid + * @param ccc HTTP parameter from request + * @return true if ccc is valid + */ + public static boolean isValidCCC(String ccc) { + + Logger.debug("�berpr�fe Parameter CCC"); + + // if non parameter is given return true + if (StringUtils.isEmpty(ccc)) { + Logger.debug("Parameter CCC ist null"); + return true; + } + + + Pattern pattern = Pattern.compile("[a-zA-Z]{2}"); + Matcher matcher = pattern.matcher(ccc); + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter CCC erfolgreich �berpr�ft"); + return true; + } + else { + Logger.error("Fehler �berpr�fung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)"); + return false; + } + + } + + /** * Checks if the given target is valid * @param sourceID HTTP parameter from request * @return */ public static boolean isValidSourceID(String sourceID) { - Logger.debug("Überprüfe Parameter sourceID"); + Logger.debug("�berpr�fe Parameter sourceID"); // if non parameter is given return true - if (sourceID == null) { + if (StringUtils.isEmpty(sourceID)) { Logger.debug("Parameter Target ist null"); return true; } @@ -97,11 +128,11 @@ public class ParamValidatorUtils { Matcher matcher = pattern.matcher(sourceID); boolean b = matcher.matches(); if (b) { - Logger.debug("Parameter sourceID erfolgreich überprüft"); + Logger.debug("Parameter sourceID erfolgreich �berpr�ft"); return true; } else { - Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); + Logger.error("Fehler �berpr�fung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); return false; } @@ -114,21 +145,21 @@ public class ParamValidatorUtils { */
public static boolean isValidUseMandate(String usemandate) {
- Logger.debug("Überprüfe Parameter useMandate");
+ Logger.debug("�berpr�fe Parameter useMandate");
// if non parameter is given return true
- if (usemandate== null) {
+ if (StringUtils.isEmpty(usemandate)) {
Logger.debug("Parameter useMandate ist null");
return true;
}
if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) {
- Logger.debug("Parameter useMandate erfolgreich überprüft");
+ Logger.debug("Parameter useMandate erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
+ Logger.error("Fehler �berpr�fung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
return false;
}
@@ -144,10 +175,10 @@ public class ParamValidatorUtils { * @return
*/
public static boolean isValidBKUURI(String bkuURI) {
- Logger.debug("Überprüfe Parameter bkuURI"); + Logger.debug("�berpr�fe Parameter bkuURI"); // if non parameter is given return true
- if (bkuURI == null) {
+ if (StringUtils.isEmpty(bkuURI)) {
Logger.debug("Parameter bkuURI ist null");
return true;
}
@@ -163,20 +194,20 @@ public class ParamValidatorUtils { bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 || bkuURI.compareToIgnoreCase("http://127.0.0.1:3495/http-security-layer-request") == 0 || bkuURI.compareToIgnoreCase("https://127.0.0.1:3496/https-security-layer-request") == 0) {
- Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ Logger.debug("Parameter bkuURI erfolgreich �berpr�ft");
return true;
}
else {
- Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs.");
+ Logger.debug("Parameter bkuURI ist keine lokale BKU. �berpr�fe Liste der vertrauensw�rdigen BKUs.");
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
List trustedBKUs = authConf.getTrustedBKUs();
boolean b = trustedBKUs.contains(bkuURI);
if (b) {
- Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ Logger.debug("Parameter bkuURI erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");
+ Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauensw�rdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");
return false;
}
}
@@ -184,16 +215,16 @@ public class ParamValidatorUtils { }
else {
- Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ Logger.error("Fehler �berpr�fung Parameter bkuURI", e);
return false;
} catch (ConfigurationException e) {
- Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ Logger.error("Fehler �berpr�fung Parameter bkuURI", e);
return false;
}
}
@@ -243,7 +274,7 @@ public class ParamValidatorUtils { //
// System.out.println("ret: " + ret);
//
-// Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
+// Logger.error("Fehler �berpr�fung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
// return false;
// }
//
@@ -257,26 +288,26 @@ public class ParamValidatorUtils { //
//// NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse");
//// if (l.getLength() != 0) {
-//// Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen.");
+//// Logger.error("Fehler �berpr�fung Parameter bkuURI. ErrorResponse von BKU empfangen.");
//// return false;
//// }
//
-// Logger.debug("Parameter Template bkuURI erfolgreich überprüft");
+// Logger.debug("Parameter Template bkuURI erfolgreich �berpr�ft");
// return true;
//
//// } catch (SAXException e) {
-//// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+//// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
//// return false;
// } catch (IOException e) {
-// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
// return false;
// } catch (ParserConfigurationException e) {
-// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// Logger.error("Fehler �berpr�fung Parameter bkuURI.", e);
// return false;
// }
// }
// else {
-// Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null.");
+// Logger.error("Fehler �berpr�fung Parameter bkuURI. bkuURI ist null.");
// return false;
// }
//
@@ -313,10 +344,10 @@ public class ParamValidatorUtils { */
public static boolean isValidTemplate(HttpServletRequest req, String template) {
- Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL");
+ Logger.debug("�berpr�fe Parameter Template bzw. bkuSelectionTemplateURL");
// if non parameter is given return true
- if (template == null) {
+ if (StringUtils.isEmpty(template)) {
Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null");
return true;
}
@@ -334,37 +365,37 @@ public class ParamValidatorUtils { if (template.startsWith(httpName) || template.startsWith(httpsName)) {
new URL(template);
- Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
return false;
}
}
else {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e);
+ Logger.error("Fehler �berpr�fung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
}
}
/**
- * Checks if the given template is valid
+ * Checks if the given sessionID is valid
* @param target HTTP parameter from request
* @return
*/
public static boolean isValidSessionID(String sessionID) {
- Logger.debug("Überprüfe Parameter MOASessionId");
+ Logger.debug("�berpr�fe Parameter MOASessionId");
// if non parameter is given return true
- if (sessionID == null) {
+ if (StringUtils.isEmpty(sessionID)) {
Logger.debug("Parameter MOASessionId ist null");
return true;
}
@@ -374,11 +405,11 @@ public class ParamValidatorUtils { Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
- Logger.debug("Parameter MOASessionId erfolgreich überprüft");
+ Logger.debug("Parameter MOASessionId erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ Logger.error("Fehler �berpr�fung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
return false;
}
@@ -394,9 +425,9 @@ public class ParamValidatorUtils { * @return
*/
public static boolean isValidOA(String oa) {
- Logger.debug("Überprüfe Parameter oa");
+ Logger.debug("�berpr�fe Parameter oa");
// if non parameter is given return true
- if (oa == null) {
+ if (StringUtils.isEmpty(oa)) {
Logger.debug("Parameter oa ist null");
return true;
}
@@ -407,16 +438,16 @@ public class ParamValidatorUtils { // check if template url starts with http or https
if (oa.startsWith("http") || oa.startsWith("https")) {
new URL(oa);
- Logger.debug("Parameter oa erfolgreich überprüft");
+ Logger.debug("Parameter oa erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter oa. oa beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter oa", e);
+ Logger.error("Fehler �berpr�fung Parameter oa", e);
return false;
}
@@ -429,10 +460,10 @@ public class ParamValidatorUtils { */
public static boolean isValidSignUrl(String signurl) {
- Logger.debug("Überprüfe Parameter signurl");
+ Logger.debug("�berpr�fe Parameter signurl");
// if non parameter is given return true
- if (signurl == null) {
+ if (StringUtils.isEmpty(signurl)) {
Logger.debug("Parameter signurl ist null");
return true;
}
@@ -443,16 +474,16 @@ public class ParamValidatorUtils { // check if signurl starts with http or https
if (signurl.startsWith("http") || signurl.startsWith("https")) {
new URL(signurl);
- Logger.debug("Parameter signurl erfolgreich überprüft");
+ Logger.debug("Parameter signurl erfolgreich �berpr�ft");
return true;
}
else {
- Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https");
+ Logger.error("Fehler �berpr�fung Parameter signurl. signurl beginnt nicht mit http or https");
return false;
}
} catch (MalformedURLException e) {
- Logger.error("Fehler Überprüfung Parameter signurl", e);
+ Logger.error("Fehler �berpr�fung Parameter signurl", e);
return false;
}
@@ -508,27 +539,27 @@ public class ParamValidatorUtils { public static boolean isValidXMLDocument(String document) {
- if (document == null)
+ if (StringUtils.isEmpty(document))
return false;
- Logger.debug("Überprüfe Parameter XMLDocument");
+ Logger.debug("Überprüfe Parameter XMLDocument");
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(document));
builder.parse(is);
- Logger.debug("Parameter XMLDocument erfolgreich überprüft");
+ Logger.debug("Parameter XMLDocument erfolgreich überprüft");
return true;
} catch (ParserConfigurationException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
} catch (SAXException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
} catch (IOException e) {
- Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
return false;
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index db6fbe990..8089b851c 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -173,3 +173,14 @@ validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Partei validator.66=Überprüfung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
+
+stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
+stork.01=STORK SAML AuthnRequest nicht gültig
+stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
+stork.04=STORK SAML Response konnte nicht decodiert werden
+stork.05=STORK SAML Response Validierung fehlgeschlagen
+stork.06=STORK SAML Response enthält eine Fehlermeldung: {0}
+stork.07=Es existiert kein STORK AuthnRequest für diese STORK Response
+stork.08=STORK SAML Assertion Validierung fehlgeschlagen
+stork.09=Fehler beim Überprüfen der STORK BürgerInnen Signatur
+stork.10=Fehler in der Verbindung zum SZR-Gateway
diff --git a/id/server/pom.xml b/id/server/pom.xml index 4590ae1d0..386f38ed6 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -18,6 +18,7 @@ <module>idserverlib</module>
<module>proxy</module>
<module>auth</module>
+ <module>stork-saml-engine</module>
</modules>
<properties>
diff --git a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs index d70bf9268..a519d2f62 100644 --- a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs +++ b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,5 @@ -#Mon Aug 17 10:06:16 CEST 2009
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index fad3275dd..dbb1dc825 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -1,17 +1,143 @@ <?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
- <wb-module deploy-name="moa-id-proxy">
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <property name="context-root" value="moa-id-proxy"/>
- <property name="java-output-path"/>
- </wb-module>
-</project-modules>
+<project-modules id="moduleCoreId" project-version="2.0">
+ <wb-module deploy-name="moa-id-proxy">
+ <property name="context-root" value="moa-id-proxy"/>
+ <wb-resource deploy-path="/" source-path="src/main/webapp"/>
+ <property name="java-output-path" value="/target/classes"/>
+ <dependent-module archiveName="axis-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis/1.1/axis-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-spss-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-jaxrpc-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-saaj-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-wsdl4j-1.5.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-discovery-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="activation-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mail-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-1.2.14.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="postgresql-7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_moa-1.32.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_ixsil-1.2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_cms-4.1_MOA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-common.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxen-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="saxpath-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="joda-time-1.6.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-fileupload-1.1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-fileupload/commons-fileupload/1.1.1/commons-fileupload-1.1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-io-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.1/commons-io-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-codec-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dav4j-0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dav4j/dav4j/0.1/dav4j-0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="httpsclient-JSSE-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/httpsclient/httpsclient/JSSE-1.0/httpsclient-JSSE-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_X509TrustManager-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="regexp-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/regexp/regexp/1.3/regexp-1.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang-2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="stork-saml-engine.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="opensaml-2.5.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/opensaml/2.5.3/opensaml-2.5.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="openws-1.4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/openws/1.4.4/openws-1.4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmltooling-1.3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="bcprov-jdk15-1.46.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/bouncycastle/bcprov-jdk15/1.46/bcprov-jdk15-1.46.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="not-yet-commons-ssl-0.3.9.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmlsec-1.4.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-apis-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xml-apis/2.10.0/xml-apis-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xercesImpl-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="serializer-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/serializer/2.10.0/serializer-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-resolver-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xalan-2.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xalan/xalan/2.7.1/xalan-2.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-api-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-api/1.6.4/slf4j-api-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-collections-3.2.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="velocity-1.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/velocity/velocity/1.5/velocity-1.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="esapi-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-log4j12-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-log4j12/1.6.4/slf4j-log4j12-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ </wb-module>
+</project-modules>
\ No newline at end of file diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml index f30a1de6e..a801c94a0 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/proxy/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
+ <fixed facet="jst.java"/>
+ <fixed facet="jst.web"/>
+ <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+</faceted-project>
\ No newline at end of file diff --git a/id/server/stork-saml-engine/pom.xml b/id/server/stork-saml-engine/pom.xml new file mode 100644 index 000000000..e7fad768f --- /dev/null +++ b/id/server/stork-saml-engine/pom.xml @@ -0,0 +1,93 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>moa-id</artifactId>
+ <groupId>MOA.id</groupId>
+ <version>1.5.2</version>
+ </parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ <name>STORK SAML Engine</name>
+ <description>SAML2 related stuff for STORK</description>
+
+ <build>
+
+<plugins>
+<plugin>
+<groupId>org.apache.maven.plugins</groupId>
+<artifactId>maven-compiler-plugin</artifactId>
+<configuration>
+<source>1.5</source>
+<target>1.5</target>
+</configuration>
+</plugin>
+</plugins>
+</build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.5.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>xmltooling</artifactId>
+ <version>1.3.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>openws</artifactId>
+ <version>1.4.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.6.4</version>
+ <scope>runtime</scope>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java new file mode 100644 index 000000000..b84721ff5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java @@ -0,0 +1,139 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.mw.messages.saml;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * Interface extending a SAML AuthnRequest by additional attributes required by STORK
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKAuthnRequest extends AuthnRequest {
+
+ /**
+ * Sets the ID of the requesting Service Provider
+ * @param spID ID of the Service Provider
+ */
+ public void setSPID(String spID);
+
+ /**
+ * Gets the ID of the Service Provider
+ * @return ID of the Service Provider
+ */
+ public String getSPID();
+
+ /**
+ * Sets the citizen country code
+ * @param citizenCountryCode citizen country code
+ */
+ public void setCitizenCountryCode(String citizenCountryCode);
+
+ /**
+ * Gets the citizen country code
+ * @return citizen country code
+ */
+ public String getCitizenCountryCode();
+
+ /**
+ * Sets the final redirect URL
+ * @param finalRedirectURL Final redirect URL
+ */
+ public void setFinalRedirectURL(String finalRedirectURL);
+
+ /**
+ * Gets the final redirect URL
+ * @return final redirect URL
+ */
+ public String getFinalRedirectURL();
+
+ /**
+ * Sets the signing certificate of the service provider
+ * @param signingCertificate Signing certificate of the SP
+ */
+ public void setSPCertSig(X509Certificate signingCertificate);
+
+ /**
+ * Gets the signing certificate of the service provider
+ * @return signing certificate of the service provider
+ */
+ public X509Certificate getSPCertSig();
+
+ /**
+ * Sets the encryption certificate of the service provider
+ * @param encryptionCertificate encryption certificate of the SP
+ */
+ public void setSPCertEnc(X509Certificate encryptionCertificate);
+
+ /**
+ * Gets the encryption certificate of the service provider
+ * @return encryption certificate of the SP
+ */
+ public X509Certificate getSPCertEnc();
+
+
+ /**
+ * Sets the original authentication request of the service provider
+ * @param spAuthRequest original SP authentication request
+ */
+ public void setOriginalSPAuthRequest(XMLObject spAuthRequest);
+
+ /**
+ * Gets the original authentication request of the service provider
+ * @return original SP authentication request
+ */
+ public XMLObject getOriginalSPAuthRequest();
+
+ /**
+ * Sets the requested STORK QAA level
+ * @param authLevel Requested STORK QAA level
+ */
+ public void setQAALevel(int authLevel);
+
+ /**
+ * Gets the requested STORK QAA level
+ * @return Requested STORK QAA level
+ */
+ public int getQAALevel();
+
+ /**
+ * Gets a list of requested attributes
+ * @return List containg all requested attributes
+ */
+ public List<RequestedAttribute> getRequestedAttributes();
+
+ /**
+ * Sets the requested attributes
+ * @param requestedAttributesList List containg all requested attributes
+ */
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributesList);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java new file mode 100644 index 000000000..28de6068b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java @@ -0,0 +1,52 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.mw.messages.saml;
+
+import org.opensaml.saml2.core.Response;
+
+/**
+ * Interface extending a SAML Response by attributes required by STORK
+ * @author bzwattendorfer
+ *
+ */
+public interface STORKResponse extends Response {
+
+ /**
+ * Sets the QAA level by which the user has been authenticated
+ * @param authLevel STORK QAA level used for authentication
+ */
+ public void setQAALevel(int authLevel);
+
+ /**
+ * Gets the QAA level by which the user has been authenticated
+ * @return STORK QAA level used for authentication
+ */
+ public int getQAALevel();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java new file mode 100644 index 000000000..2f9a19620 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java @@ -0,0 +1,1367 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.builder;
+
+import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +import org.apache.commons.lang.StringUtils; +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.SAMLObjectBuilder; +import org.opensaml.common.SAMLVersion; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContext; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.OneTimeUse; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusDetail; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.core.SubjectLocality; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.soap.common.SOAPObject; +import org.opensaml.ws.soap.common.SOAPObjectBuilder; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilder; +import org.opensaml.xml.schema.XSAny; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSAnyBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; +import org.opensaml.xml.signature.KeyInfo; +import org.opensaml.xml.signature.X509Data; +import org.opensaml.xml.util.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.saml.STORKAttribute; +import eu.stork.vidp.messages.saml.STORKAttributeValue; +import eu.stork.vidp.messages.saml.STORKExtensions; +import eu.stork.vidp.messages.saml.STORKRequestedAttribute; +import eu.stork.vidp.messages.stork.AuthenticationAttributes; +import eu.stork.vidp.messages.stork.CitizenCountryCode; +import eu.stork.vidp.messages.stork.EIDCrossBorderShare; +import eu.stork.vidp.messages.stork.EIDCrossSectorShare; +import eu.stork.vidp.messages.stork.EIDSectorShare; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.stork.SPAuthRequest; +import eu.stork.vidp.messages.stork.SPCertEnc; +import eu.stork.vidp.messages.stork.SPCertSig; +import eu.stork.vidp.messages.stork.SPCertType; +import eu.stork.vidp.messages.stork.SPID; +import eu.stork.vidp.messages.stork.SPInformation; +import eu.stork.vidp.messages.stork.SpApplication; +import eu.stork.vidp.messages.stork.SpCountry; +import eu.stork.vidp.messages.stork.SpInstitution; +import eu.stork.vidp.messages.stork.SpSector; +import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes; +
+/**
+ * Class providing several methods for SAML Object generation + * @author bzwattendorfer
+ *
+ */
+public class STORKMessagesBuilder {
+
+ final static Logger log = LoggerFactory.getLogger(STORKMessagesBuilder.class);
+ + /** + * Builds an arbitrary OpenSAML XML object + * @param <T> OpenSAML XMLObject + * @param objectQName QName of the XML element + * @return Builded OpenSAML XMLObject + */
+ @SuppressWarnings("unchecked")
+ public static <T extends XMLObject> T buildXMLObject(QName objectQName) {
+
+ try {
+ XMLObjectBuilder<T> builder = (XMLObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(), objectQName.getPrefix());
+ } catch (Exception e) {
+ log.error("Cannot build XML Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+ + /** + * Builds a SOAP object + * @param <T> SOAP Object or any extensions + * @param objectQName QName of the XML element + * @return SOAP Object or any extensions + */
+ @SuppressWarnings("unchecked")
+ public static <T extends SOAPObject> T buildSOAPObject(QName objectQName) {
+
+ try {
+ SOAPObjectBuilder<T> builder = (SOAPObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject();
+ } catch (Exception e) {
+ log.error("Cannot build SOAP Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+ + /** + * Builds an arbitrary OpenSAML SAML object + * @param <T> OpenSAML SAML Object + * @param objectQName QName of the SAML element + * @return Builded OpenSAML SAML Object + */
+ @SuppressWarnings("unchecked")
+ public static <T extends SAMLObject> T buildSAMLObject(QName objectQName) {
+
+ try {
+ SAMLObjectBuilder<T> builder = (SAMLObjectBuilder<T>) Configuration.getBuilderFactory().getBuilder(objectQName);
+ return builder.buildObject();
+ } catch (Exception e) {
+ log.error("Cannot build SAML Object {}: {}", objectQName.getLocalPart(), e);
+ throw new RuntimeException(e);
+ }
+
+ }
+
+
+
+ /** + * Builds SAML Issuer object + * @param issuerValue Value for the issuer element + * @return Issuer object + */
+ public static Issuer buildIssuer(String issuerValue) {
+ if (StringUtils.isEmpty(issuerValue))
+ return null;
+
+ Issuer issuer = buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
+ issuer.setValue(issuerValue);
+ issuer.setFormat(Issuer.ENTITY);
+
+ return issuer;
+ }
+ + /** + * Builds a QualityAuthenticationAssuranceLevel object + * @param qaaValue QAALevel (1 to 4) + * @return QualityAuthenticationAssuranceLevel object + */
+ public static QualityAuthenticationAssuranceLevel buildQualityAuthenticationAssuranceLevel(int qaaValue) {
+ if (qaaValue < 1 || qaaValue > 4) {
+ log.error("QAA Level must be between 1 and 4.");
+ return null;
+ }
+
+ QualityAuthenticationAssuranceLevel qaaLevel = buildXMLObject(QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_NAME);
+ qaaLevel.setValue(qaaValue);
+ return qaaLevel;
+ } +
+ /** + * Builds a STORK RequestedAttribute object + * @param name Name of the RequesteAttribute + * @param isRequired true or false if RequestedAttribute is required + * @param value Value of RequestedAttribute + * @return STORK RequestedAttribute object + */
+ public static RequestedAttribute buildRequestedAttribute(String name, boolean isRequired, String value) {
+
+ RequestedAttribute reqAttribute = buildXMLObject(STORKRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ reqAttribute.setName(name);
+ reqAttribute.setNameFormat(STORKRequestedAttribute.URI_REFERENCE);
+ reqAttribute.setIsRequired(isRequired);
+
+ if (!StringUtils.isEmpty(value)) {
+ XSString stringValue = buildXSString(STORKAttributeValue.DEFAULT_ELEMENT_NAME);
+ stringValue.setValue(value);
+ reqAttribute.getAttributeValues().add(stringValue);
+ }
+
+ return reqAttribute;
+ }
+ + /** + * Builds XML String type object with given QName + * @param qname QName for object to build + * @return XML object as String type + */
+ public static XSString buildXSString(QName qname) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ return stringBuilder.buildObject(qname, XSString.TYPE_NAME);
+ }
+ + /** + * Builds XML Any type object with given QName + * @param qname QName for object to build + * @return XML object as Any type + */
+ public static XSAny buildXSAny(QName qname) {
+ XSAnyBuilder anyBuilder = (XSAnyBuilder) Configuration.getBuilderFactory().getBuilder(XSAny.TYPE_NAME);
+ return anyBuilder.buildObject(qname, XSAny.TYPE_NAME);
+ }
+ + /** + * Builds a List of RequestedAttribute + * @param requestedAttributeArguments RequestedAttributes + * @return List of RequestedAttribute + */
+ public static RequestedAttributes buildRequestedAttributes(RequestedAttribute... requestedAttributeArguments) {
+
+ if (requestedAttributeArguments == null)
+ return null;
+
+ RequestedAttributes reqAttributes = buildXMLObject(RequestedAttributes.DEFAULT_ELEMENT_NAME);
+
+ for (RequestedAttribute reqAttr : requestedAttributeArguments) {
+ reqAttributes.getRequestedAttributes().add(reqAttr);
+ }
+
+ return reqAttributes;
+ }
+ + /** + * Builds RequestedAttributes object out of list of RequestedAttribute + * @param requestedAttributeList List of RequestedAttribute + * @return RequestedAttributes object + */
+ public static RequestedAttributes buildRequestedAttributes(List<RequestedAttribute> requestedAttributeList) {
+ if (requestedAttributeList == null)
+ return null;
+
+ RequestedAttributes reqAttributes = buildXMLObject(RequestedAttributes.DEFAULT_ELEMENT_NAME);
+ reqAttributes.getRequestedAttributes().addAll(requestedAttributeList);
+
+ return reqAttributes;
+ }
+ + /** + * Builds a STORK CitizenCountryCode object + * @param ccc ISO country code + * @return CitizenCountryCode object + */
+ public static CitizenCountryCode buildCitizenCountryCode(String ccc) {
+ if (StringUtils.isEmpty(ccc)) {
+ log.error("CitizenCountryCode must have a value.");
+ return null;
+ }
+
+ CitizenCountryCode citizenCountryCode = buildXMLObject(CitizenCountryCode.DEFAULT_ELEMENT_NAME);
+ citizenCountryCode.setValue(ccc);
+
+ return citizenCountryCode;
+ }
+
+ /** + * Builds a SPID object + * @param spIDString String to be used as SPID + * @return SPID object + */
+ public static SPID buildSPID(String spIDString) {
+ if (StringUtils.isEmpty(spIDString)) {
+ log.error("SPID must have a value.");
+ return null;
+ }
+
+ SPID spID = buildXMLObject(SPID.DEFAULT_ELEMENT_NAME);
+ spID.setValue(spIDString);
+
+ return spID;
+ }
+ + /** + * Builds SPCertType + * @param cert X509Certificate + * @return SPCertType + */
+ private static SPCertType buildSPCertType(X509Certificate cert) {
+ SPCertType spCertType = buildXMLObject(SPCertType.TYPE_NAME);
+ KeyInfo keyInfo = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
+ X509Data x509DataElem = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
+ org.opensaml.xml.signature.X509Certificate x509CertElem = buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
+
+ try {
+ x509CertElem.setValue(Base64.encodeBytes(cert.getEncoded()));
+ } catch (CertificateEncodingException e) {
+ log.error("Cannot encode certificate.", e);
+ throw new RuntimeException(e);
+ }
+
+ x509DataElem.getX509Certificates().add(x509CertElem);
+ keyInfo.getX509Datas().add(x509DataElem);
+ spCertType.setKeyInfo(keyInfo);
+ return spCertType;
+ }
+ + /** + * Builds SPCertSig object + * @param cert X509Certificate + * @return SPCertSig + */
+ public static SPCertSig buildSPCertSig(X509Certificate cert) {
+ return (SPCertSig) buildSPCertType(cert);
+ }
+ + /** + * Builds SPCertEnc object + * @param cert X509Certificate + * @return SPCertEnc + */
+ public static SPCertEnc buildSPCertEnc(X509Certificate cert) {
+ return (SPCertEnc) buildSPCertType(cert);
+ }
+ + /** + * Builds SPAuthRequest object + * @param xmlObject Abritrary XML object + * @return SPAuthRequest + */
+ public static SPAuthRequest buildSPAuthRequest(XMLObject xmlObject) {
+ SPAuthRequest authRequest = buildXMLObject(SPAuthRequest.DEFAULT_ELEMENT_NAME);
+ authRequest.getUnknownXMLObjects().add(xmlObject);
+ return authRequest;
+ }
+ + /** + * Builds SPInformation object + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @return SPInformations + */
+ public static SPInformation buildSPInformation(String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+
+ SPInformation spInformation = buildXMLObject(SPInformation.DEFAULT_ELEMENT_NAME);
+
+ SPID spID = buildSPID(spIDString);
+ spInformation.setSPID(spID);
+
+ if (sigCert != null) {
+ SPCertSig spCertSig = buildSPCertSig(sigCert);
+ spInformation.setSPCertSig(spCertSig);
+ }
+
+ if (encCert != null) {
+ SPCertEnc spCertEnc = buildSPCertEnc(encCert);
+ spInformation.setSPCertEnc(spCertEnc);
+ }
+
+ if (spAuthRequest != null) {
+ SPAuthRequest spAuthRequestElem = buildSPAuthRequest(spAuthRequest);
+ spInformation.setSPAuthRequest(spAuthRequestElem);
+ }
+
+ return spInformation;
+
+ }
+ + /** + * Builds VIDPAuthenticationAttributes objext + * @param ccc ISO citizen country code + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @return VIDPAuthenticationAttributes + */
+ public static VIDPAuthenticationAttributes buildVIDPAuthenticationAttributes(String ccc, String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = buildXMLObject(VIDPAuthenticationAttributes.DEFAULT_ELEMENT_NAME);
+
+ CitizenCountryCode citizenCountryCode = buildCitizenCountryCode(ccc);
+ SPInformation spInformation = buildSPInformation(spIDString, sigCert, encCert, spAuthRequest);
+
+ vidpAuthenticationAttributes.setCitizenCountryCode(citizenCountryCode);
+ vidpAuthenticationAttributes.setSPInformation(spInformation);
+
+ return vidpAuthenticationAttributes;
+ }
+ + /** + * Builds AuthenticationAttributes object + * @param ccc ISO citizen country code + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @return AuthenticationAttributes + */
+ public static AuthenticationAttributes buildAuthenticationAttributes(String ccc, String spIDString, X509Certificate sigCert, X509Certificate encCert, XMLObject spAuthRequest) {
+ AuthenticationAttributes authenticationAttributes = buildXMLObject(AuthenticationAttributes.DEFAULT_ELEMENT_NAME);
+
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = buildVIDPAuthenticationAttributes(ccc, spIDString, sigCert, encCert, spAuthRequest);
+
+ authenticationAttributes.setVIDPAuthenticationAttributes(vidpAuthenticationAttributes);
+ return authenticationAttributes;
+
+ }
+ + /** + * Builds SpSector object + * @param spSector Value SPSector value + * @return SpSector + */
+ public static SpSector buildSpSector(String spSectorValue) {
+
+ SpSector spSector = buildXMLObject(SpSector.DEFAULT_ELEMENT_NAME);
+ spSector.setValue(spSectorValue);
+
+ return spSector;
+ } + + /** + * Builds SpInstitution object + * @param spInstitutionValue Value for SpInstitution + * @return SpInstitution + */ + public static SpInstitution buildSpInstitution(String spInstitutionValue) { + + SpInstitution spInstitution = buildXMLObject(SpInstitution.DEFAULT_ELEMENT_NAME); + spInstitution.setValue(spInstitutionValue); + + return spInstitution; + }
+
+
+ /** + * Builds SpApplication object + * @param spApplicationValue Value for SpApplication + * @return SpApplication + */
+ public static SpApplication buildSpApplication(String spApplicationValue) {
+
+ SpApplication spApplication = buildXMLObject(SpApplication.DEFAULT_ELEMENT_NAME);
+ spApplication.setValue(spApplicationValue);
+
+ return spApplication;
+ }
+ + /** + * Builds SpCountry object + * @param spCountryValue ISO Code Value for SpCountry + * @return SpCountry + */
+ public static SpCountry buildSpCountry(String spCountryValue) {
+
+ SpCountry spCountry = buildXMLObject(SpCountry.DEFAULT_ELEMENT_NAME);
+ spCountry.setValue(spCountryValue);
+
+ return spCountry;
+ }
+
+ /** + * Generates secured randomized ID for SAML Messages + * @return secured randomized ID + */
+ public static String generateID() {
+ try {
+ IdentifierGenerator idGenerator = new SecureRandomIdentifierGenerator();
+ return idGenerator.generateIdentifier();
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Cannot generate id", e);
+ throw new RuntimeException(e);
+
+ }
+
+ }
+ + /** + * Builds STORKAuthnRequest object + * @param destination Endpoint for AuthnRequest + * @param acsURL Endpoint where STORK response wants to be received + * @param providerName Provider Name + * @param issuerValue Value for Issuer element + * @param qaaLevel STORK QAALevel + * @param requestedAttributes Attributes to be requested + * @param spSector SPSector + * @param spInstitution SPInstitution + * @param spApplication SPApplication + * @param spCountry SPCountry + * @return STORKAuthnRequest + */ + public static STORKAuthnRequest buildSTORKAuthnRequest( + String destination, + String acsURL, + String providerName, + String issuerValue, + QualityAuthenticationAssuranceLevel qaaLevel, + RequestedAttributes requestedAttributes, + String spSector, + String spInstitution, + String spApplication, + String spCountry) { + + //fixed values + String consent = STORKAuthnRequest.UNSPECIFIED_CONSENT; + boolean forceAuthn = true; + boolean isPassive = false; + String binding = SAMLConstants.SAML2_POST_BINDING_URI; + boolean eIDSectorShare = true; + boolean eIDCrossSectorShare = true; + boolean eIDCrossBorderShare = false; + + STORKAuthnRequest authnRequest = buildXMLObject(STORKAuthnRequest.DEFAULT_ELEMENT_NAME); + + authnRequest.setVersion(SAMLVersion.VERSION_20); + authnRequest.setID(generateID()); + authnRequest.setIssueInstant(new DateTime()); + + authnRequest.setConsent(consent); + authnRequest.setForceAuthn(forceAuthn); + authnRequest.setIsPassive(isPassive); + authnRequest.setProtocolBinding(binding); + + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(buildIssuer(issuerValue)); + + STORKExtensions extensions = buildSTORKExtensions(); + + authnRequest.setQAALevel(qaaLevel.getValue()); + extensions.setQAALevel(qaaLevel); + + authnRequest.setRequestedAttributes(requestedAttributes.getRequestedAttributes()); + extensions.setRequestedAttributes(requestedAttributes); + + EIDSectorShare eidSectorShareObj = buildXMLObject(EIDSectorShare.DEFAULT_ELEMENT_NAME); + eidSectorShareObj.setValue(eIDSectorShare); + + EIDCrossSectorShare eidCrossSectorShareObj = buildXMLObject(EIDCrossSectorShare.DEFAULT_ELEMENT_NAME); + eidCrossSectorShareObj.setValue(eIDCrossSectorShare); + + EIDCrossBorderShare eidCrossBorderShareObj = buildXMLObject(EIDCrossBorderShare.DEFAULT_ELEMENT_NAME); + eidCrossBorderShareObj.setValue(eIDCrossBorderShare); + + SpSector spSectorObj = buildSpSector(spSector); + SpInstitution spInstitutionObj = buildSpInstitution(spInstitution); + SpApplication spApplicationObj = buildSpApplication(spApplication); + SpCountry spCountryObj = buildSpCountry(spCountry); + + + extensions.getUnknownXMLObjects().add(qaaLevel); + extensions.getUnknownXMLObjects().add(spSectorObj); + extensions.getUnknownXMLObjects().add(spInstitutionObj); + extensions.getUnknownXMLObjects().add(spApplicationObj); + extensions.getUnknownXMLObjects().add(spCountryObj); + extensions.getUnknownXMLObjects().add(eidSectorShareObj); + extensions.getUnknownXMLObjects().add(eidCrossSectorShareObj); + extensions.getUnknownXMLObjects().add(eidCrossBorderShareObj); + extensions.getUnknownXMLObjects().add(requestedAttributes); + + authnRequest.setExtensions(extensions); + + return authnRequest; + } +
+ /** + * Builds STORKAuthnRequest object + * @param destination Endpoint for AuthnRequest + * @param acsURL Endpoint where STORK response wants to be received + * @param providerName Provider Name + * @param issuerValue Value for Issuer element + * @param qaaLevel STORK QAALevel + * @param requestedAttributeList List of STORK attributes to be requested + * @param ccc ISO citizen country code + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @param spSector SPSector + * @param spInstitution SPInstitution + * @param spApplication SPApplication + * @param spCountry SPCountry + * @return STORKAuthnRequest + */
+ public static STORKAuthnRequest buildSTORKAuthnRequest(
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ //fixed values via config
+ String consent = STORKAuthnRequest.UNSPECIFIED_CONSENT;
+ boolean forceAuthn = true;
+ boolean isPassive = false;
+ String binding = SAMLConstants.SAML2_POST_BINDING_URI;
+ boolean eIDSectorShare = true;
+ boolean eIDCrossSectorShare = true;
+ boolean eIDCrossBorderShare = false;
+
+ return buildSTORKAuthnRequest(consent, forceAuthn, isPassive, binding, eIDSectorShare, eIDCrossSectorShare, eIDCrossBorderShare, destination, acsURL, providerName, issuerValue, qaaLevel, requestedAttributeList, ccc, spID, sigCert, encCert, spAuthRequest, spSector, spInstitution, spApplication, spCountry);
+
+ }
+ + /** + * Builds STORKAuthnRequest object + * @param consent Consent for the request + * @param forceAuthn forceAuthn + * @param isPassive isPassive + * @param binding Binding the request is sent over + * @param eIDSectorShare Should eIdentifier be shared? + * @param eIDCrossSectorShare Should eIdentifier be shared across sectors? + * @param eIDCrossBorderShare Should eIdentifier be shared across borders? + * @param destination Endpoint for AuthnRequest + * @param acsURL Endpoint where STORK response wants to be received + * @param providerName Provider Name + * @param issuerValue Value for Issuer element + * @param qaaLevel STORK QAALevel + * @param requestedAttributeList List of STORK attributes to be requested + * @param ccc ISO citizen country code + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @param spSector SPSector + * @param spInstitution SPInstitution + * @param spApplication SPApplication + * @param spCountry SPCountry + * @return STORKAuthnRequest + */
+ public static STORKAuthnRequest buildSTORKAuthnRequest(
+ String consent,
+ boolean forceAuthn,
+ boolean isPassive,
+ String binding,
+ boolean eIDSectorShare,
+ boolean eIDCrossSectorShare,
+ boolean eIDCrossBorderShare,
+ String destination,
+ String acsURL,
+ String providerName,
+ String issuerValue,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ STORKAuthnRequest authnRequest = buildXMLObject(STORKAuthnRequest.DEFAULT_ELEMENT_NAME);
+
+ authnRequest.setVersion(SAMLVersion.VERSION_20);
+ authnRequest.setID(generateID());
+ authnRequest.setIssueInstant(new DateTime());
+
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(buildIssuer(issuerValue));
+ authnRequest.setQAALevel(qaaLevel);
+ authnRequest.setRequestedAttributes(requestedAttributeList);
+ authnRequest.setCitizenCountryCode(ccc);
+ authnRequest.setSPID(spID);
+ authnRequest.setSPCertSig(sigCert);
+ authnRequest.setSPCertEnc(encCert);
+ authnRequest.setOriginalSPAuthRequest(spAuthRequest);
+
+ authnRequest.setConsent(consent);
+ authnRequest.setForceAuthn(forceAuthn);
+ authnRequest.setIsPassive(isPassive);
+ authnRequest.setProtocolBinding(binding);
+
+ addSTORKExtensionsToAuthnRequest(authnRequest, qaaLevel, requestedAttributeList, ccc, spID, sigCert, encCert, spAuthRequest, eIDSectorShare, eIDCrossSectorShare, eIDCrossBorderShare, spSector, spInstitution, spApplication, spCountry);
+
+ return authnRequest;
+
+ }
+
+ /** + * Adds STORK Extensions to STORKAuthnRequest + * @param authnRequest + * @param qaaLevel STORK QAALevel + * @param requestedAttributeList List of STORK attributes to be requested + * @param ccc ISO citizen country code + * @param spIDString SPID + * @param sigCert SP signature certificate + * @param encCert SP encryption certificate + * @param spAuthRequest Original SP AuthnRequest + * @param spSector SPSector + * @param spInstitution SPInstitution + * @param spApplication SPApplication + * @param spCountry SPCountry + */
+ public static void addSTORKExtensionsToAuthnRequest(
+ STORKAuthnRequest authnRequest,
+ int qaaLevel,
+ List<RequestedAttribute> requestedAttributeList,
+ String ccc,
+ String spID,
+ X509Certificate sigCert,
+ X509Certificate encCert,
+ XMLObject spAuthRequest,
+ boolean eIDSectorShare,
+ boolean eIDCrossSectorShare,
+ boolean eIDCrossBorderShare,
+ String spSector,
+ String spInstitution,
+ String spApplication,
+ String spCountry) {
+
+ STORKExtensions extensions = buildSTORKExtensions();
+ authnRequest.setRequestedAttributes(requestedAttributeList);
+
+ QualityAuthenticationAssuranceLevel qaaLevelObj = buildQualityAuthenticationAssuranceLevel(qaaLevel);
+ RequestedAttributes requestedAttributesObj = buildRequestedAttributes(requestedAttributeList);
+ AuthenticationAttributes authenticationAttributesObj = buildAuthenticationAttributes(ccc, spID, sigCert, encCert, spAuthRequest);
+
+ EIDSectorShare eidSectorShareObj = buildXMLObject(EIDSectorShare.DEFAULT_ELEMENT_NAME);
+ eidSectorShareObj.setValue(eIDSectorShare);
+
+ EIDCrossSectorShare eidCrossSectorShareObj = buildXMLObject(EIDCrossSectorShare.DEFAULT_ELEMENT_NAME);
+ eidCrossSectorShareObj.setValue(eIDCrossSectorShare);
+
+ EIDCrossBorderShare eidCrossBorderShareObj = buildXMLObject(EIDCrossBorderShare.DEFAULT_ELEMENT_NAME);
+ eidCrossBorderShareObj.setValue(eIDCrossBorderShare);
+
+ SpSector spSectorObj = buildSpSector(spSector);
+ SpApplication spApplicationObj = buildSpApplication(spApplication);
+ SpCountry spCountryObj = buildSpCountry(spCountry);
+
+ extensions.setQAALevel(qaaLevelObj);
+ extensions.setRequestedAttributes(requestedAttributesObj);
+ extensions.setAuthenticationAttributes(authenticationAttributesObj);
+
+ extensions.getUnknownXMLObjects().add(qaaLevelObj);
+ extensions.getUnknownXMLObjects().add(spSectorObj);
+ extensions.getUnknownXMLObjects().add(spApplicationObj);
+ extensions.getUnknownXMLObjects().add(spCountryObj);
+ extensions.getUnknownXMLObjects().add(eidSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossSectorShareObj);
+ extensions.getUnknownXMLObjects().add(eidCrossBorderShareObj);
+ extensions.getUnknownXMLObjects().add(requestedAttributesObj);
+ extensions.getUnknownXMLObjects().add(authenticationAttributesObj);
+
+ authnRequest.setExtensions(extensions);
+
+ }
+ +
+ /** + * Builds STORKExtensions object + * @return STORKExtensions + */
+ public static STORKExtensions buildSTORKExtensions() {
+ QName samlProtocolExtensions = new QName(SAMLConstants.SAML20P_NS, STORKExtensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ return buildXMLObject(samlProtocolExtensions);
+ }
+ + /** + * Builds STORKResponse + * @param destination Endpoint where the STORKResponse should be sent to + * @param inResponseTo ID of the corresponding AuthnRequest + * @param issuer Issuer value of the response + * @param status Status of the response (success, error, etc.) + * @param assertion SAML assertion to be included + * @return STORKResponse + */
+ public static STORKResponse buildSTORKResponse(
+ String destination,
+ String inResponseTo,
+ Issuer issuer,
+ Status status,
+ Assertion assertion) {
+
+ STORKResponse response = buildXMLObject(STORKResponse.DEFAULT_ELEMENT_NAME);
+
+ response.setDestination(destination);
+ response.setInResponseTo(inResponseTo);
+ response.setConsent(STORKResponse.OBTAINED_CONSENT);
+ response.setID(generateID());
+ response.setIssueInstant(new DateTime());
+ response.setVersion(SAMLVersion.VERSION_20);
+
+ response.setIssuer(issuer);
+ response.setStatus(status);
+ response.getAssertions().add(assertion);
+
+ return response;
+ }
+ + /** + * Build STORKResponse + * @param destination Endpoint where the STORKResponse should be sent to + * @param inResponseTo ID of the corresponding AuthnRequest + * @param issuer Issuer value of the response + * @param status Status of the response (success, error, etc.) + * @param statusMessage Status message for the response + * @param assertion SAML assertion to be included + * @return STORKResponse + */
+ public static STORKResponse buildSTORKResponse(
+ String destination,
+ String inResponseTo,
+ String issuerString,
+ String statusCode,
+ String statusMessage,
+ Assertion assertion) {
+
+ Status status = buildStatus(statusCode, statusMessage);
+ Issuer issuer = buildIssuer(issuerString);
+
+ return buildSTORKResponse(destination, inResponseTo, issuer, status, assertion);
+ }
+ +
+ /** + * Builds a STORKResponse containing no assertion + * @param destination Endpoint where the STORKResponse should be sent to + * @param inResponseTo ID of the corresponding AuthnRequest + * @param issuer Issuer value of the response + * @param status Status of the response (success, error, etc.) + * @param statusMessage Status message for the response + * @return STORKResponse + */
+ public static STORKResponse buildSTORKErrorResponse(
+ String destination,
+ String inResponseTo,
+ String issuerString,
+ String statusCode,
+ String statusMessage) {
+
+ return buildSTORKResponse(destination, inResponseTo, issuerString, statusCode, statusMessage, null);
+ }
+
+ /** + * Builds Status object + * @param statusCodeValue StatusCode + * @param statusMessageValue StatusMessage + * @return Status + */
+ public static Status buildStatus(String statusCodeValue, String statusMessageValue) {
+ return buildStatus(statusCodeValue, statusMessageValue, null);
+ }
+
+ /** + * Builds Status object + * @param statusCodeValue StatusCode + * @param statusMessageValue StatusMessage + * @param detail Detail Message + * @return Status + */
+ public static Status buildStatus(String statusCodeValue, String statusMessageValue, XMLObject detail) {
+ StatusCode statusCode = buildXMLObject(StatusCode.DEFAULT_ELEMENT_NAME);
+ statusCode.setValue(statusCodeValue);
+
+ StatusMessage statusMessage = buildXMLObject(StatusMessage.DEFAULT_ELEMENT_NAME);
+ statusMessage.setMessage(statusMessageValue);
+
+ StatusDetail statusDetail = buildXMLObject(StatusDetail.DEFAULT_ELEMENT_NAME);
+ statusDetail.getUnknownXMLObjects().add(detail);
+
+ Status status = buildXMLObject(Status.DEFAULT_ELEMENT_NAME);
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ return status;
+
+ }
+ + /** + * Builds Assertion + * @param issuer Issuer value for assertion + * @param subject Subject of assertion + * @param conditions Conditions of assertion + * @param authnStatement AuthnStatement + * @param attributeStatement AttributeAtatement + * @return Assertion + */
+ public static Assertion buildAssertion(Issuer issuer,
+ Subject subject,
+ Conditions conditions,
+ AuthnStatement authnStatement,
+ AttributeStatement attributeStatement) {
+ Assertion assertion = buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+
+ assertion.setID(generateID());
+ assertion.setVersion(SAMLVersion.VERSION_20);
+ assertion.setIssueInstant(new DateTime());
+
+ assertion.setIssuer(issuer);
+ assertion.setSubject(subject);
+ assertion.setConditions(conditions);
+ assertion.getAuthnStatements().add(authnStatement);
+ assertion.getAttributeStatements().add(attributeStatement);
+
+ return assertion;
+ }
+ + /** + * Builds Assertion object + * @param issuerValue Value of the issuer + * @param nameQualifier nameQualifier + * @param spNameQualifier spNameQualifier + * @param spProviderID spProviderID + * @param ipAddress IP address of the client + * @param inResponseTo ID of the corresponding AuthnRequest + * @param notBefore Time before assertion is not valid + * @param notOnOrAfter Time after assertion is not valid + * @param recipient Recipient of the assertion + * @param attributeList Attributes to be included in the assertion + * @return Assertion + */
+ public static Assertion buildAssertion(
+ String issuerValue,
+ String nameQualifier,
+ String spNameQualifier,
+ String spProviderID,
+ String ipAddress,
+ String inResponseTo,
+ DateTime notBefore,
+ DateTime notOnOrAfter,
+ String recipient,
+ List<Attribute> attributeList) {
+
+ Issuer issuer = buildIssuer(issuerValue);
+ NameID nameID = buildNameID(NameID.UNSPECIFIED, nameQualifier, spNameQualifier, spProviderID, NameID.UNSPECIFIED);
+ SubjectConfirmationData scData = buildSubjectConfirmationData(ipAddress, inResponseTo, notOnOrAfter, recipient);
+ SubjectConfirmation subjectConfirmation = buildSubjectConfirmation(SubjectConfirmation.METHOD_BEARER, scData);
+ Subject subject = buildSubject(nameID, subjectConfirmation);
+
+ List<Audience> audienceList = buildAudienceList(recipient);
+ Conditions conditions = buildConditions(notBefore, notOnOrAfter, audienceList);
+ AuthnStatement authnStatement = buildAuthnStatement(ipAddress);
+ AttributeStatement attributeStatement = buildAttributeStatement(attributeList);
+
+ return buildAssertion(issuer, subject, conditions, authnStatement, attributeStatement);
+ }
+ + /** + * Builds List of Audience objects + * @param audiences Audience strings + * @return List of Audience + */
+ public static List<Audience> buildAudienceList(String... audiences) {
+ List<Audience> audienceList = new ArrayList<Audience>();
+
+ for (String audienceString : audiences) {
+ Audience audience = buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
+ audience.setAudienceURI(audienceString);
+ audienceList.add(audience);
+ }
+
+ return audienceList;
+ }
+
+ /** + * Builds NameID object + * @param format Format of the NameID + * @param nameQualifier nameQualifier + * @param spNameQualifier spNameQualifier + * @param spProviderID spProviderID + * @param value Value of the NameID + * @return NameID + */
+ public static NameID buildNameID(String format,
+ String nameQualifier,
+ String spNameQualifier,
+ String spProviderID,
+ String value) {
+
+ NameID nameID = buildXMLObject(NameID.DEFAULT_ELEMENT_NAME);
+
+ nameID.setFormat(format);
+ nameID.setNameQualifier(nameQualifier);
+ nameID.setSPNameQualifier(spNameQualifier);
+ nameID.setSPProvidedID(spProviderID);
+ nameID.setValue(value);
+
+ return nameID;
+
+ }
+ + /** + * Builds SubjectConfirmation object + * @param method Method of SubjectConfirmation + * @param scData SubjectConfirmationData + * @return SubjectConfirmation + */
+ public static SubjectConfirmation buildSubjectConfirmation(String method, SubjectConfirmationData scData) {
+
+ SubjectConfirmation subjectConfirmation = buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+
+ subjectConfirmation.setMethod(method);
+ subjectConfirmation.setSubjectConfirmationData(scData);
+
+ return subjectConfirmation;
+ }
+ + /** + * Builds SubjectConfirmationData object + * @param ipAddress IP address of the client + * @param inResponseTo ID of the corresponding AuthnRequest + * @param notOnOrAfter Time after subject is not valid + * @param recipient recipient of the assertion + * @return SubjectConfirmationData + */
+ public static SubjectConfirmationData buildSubjectConfirmationData(String ipAddress,
+ String inResponseTo,
+ DateTime notOnOrAfter,
+ String recipient) {
+
+ SubjectConfirmationData scData = buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
+
+ scData.setAddress(ipAddress);
+ scData.setInResponseTo(inResponseTo);
+ scData.setNotOnOrAfter(notOnOrAfter);
+ scData.setRecipient(recipient);
+
+ return scData;
+
+ }
+ + /** + * Builds Subject object + * @param nameID NameID object + * @param subjectConfirmation SubjectConfirmation + * @return Subject + */
+ public static Subject buildSubject(NameID nameID, SubjectConfirmation subjectConfirmation) {
+
+ Subject subject = buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
+ subject.setNameID(nameID);
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ return subject;
+ }
+ + /** + * Build Conditions object + * @param notBefore Time before assertion is not valid + * @param notOnOrAfter Time after assertion is not valid + * @param audienceList List of audience + * @return Conditions + */
+ public static Conditions buildConditions(DateTime notBefore, DateTime notOnOrAfter, List<Audience> audienceList) {
+ Conditions conditions = buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
+
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notOnOrAfter);
+
+ AudienceRestriction audienceRestriction = buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ audienceRestriction.getAudiences().addAll(audienceList);
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ OneTimeUse oneTimeUse = buildXMLObject(OneTimeUse.DEFAULT_ELEMENT_NAME);
+ conditions.getConditions().add(oneTimeUse);
+
+ return conditions;
+
+ }
+ + /** + * Build AuthnStatement object + * @param authInstant Time instant of authentication + * @param subjectLocality subjectLocality + * @param authnContext AuthnContext used + * @return AuthnStatement + */
+ public static AuthnStatement buildAuthnStatement(DateTime authInstant, SubjectLocality subjectLocality, AuthnContext authnContext) {
+ AuthnStatement authnStatement = buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
+
+ authnStatement.setAuthnInstant(authInstant);
+ authnStatement.setSubjectLocality(subjectLocality);
+ authnStatement.setAuthnContext(authnContext);
+
+ return authnStatement;
+ }
+ + /** + * Build AuthnStatement object + * @param ipAddress IP address of the client + * @return AuthnStatement + */
+ public static AuthnStatement buildAuthnStatement(String ipAddress) {
+ AuthnStatement authnStatement = buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
+
+ authnStatement.setAuthnInstant(new DateTime());
+
+ SubjectLocality subjectLocality = buildXMLObject(SubjectLocality.DEFAULT_ELEMENT_NAME);
+ subjectLocality.setAddress(ipAddress);
+ authnStatement.setSubjectLocality(subjectLocality);
+
+ AuthnContext authnContext = buildXMLObject(AuthnContext.DEFAULT_ELEMENT_NAME);
+ authnStatement.setAuthnContext(authnContext);
+
+ return authnStatement;
+ }
+ + /** + * Builds AttributeStatement object + * @return AttributeStatement + */
+ public static AttributeStatement buildAttributeStatement() {
+ return buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ }
+ + /** + * Builds AttributeStatement object + * @param attributeList List of attributes + * @return AttributeStatement + */
+ public static AttributeStatement buildAttributeStatement(List<Attribute> attributeList) {
+ AttributeStatement attributeStatement = buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ attributeStatement.getAttributes().addAll(attributeList);
+
+ return attributeStatement;
+ }
+ + /** + * Builds STORK String Attribute + * @param name Attribute Name + * @param friendlyName friendlyName of Attribute + * @param value Value of Attribute + * @param status STORK status of attribute + * @return STORK String Attribute + */
+ public static Attribute buildSTORKStringAttribute(String name, String friendlyName, String value, String status) {
+ XSString xsString = buildXSString(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsString.setValue(value);
+
+ return buildAttribute(name, friendlyName, status, xsString);
+ }
+ + /** + * Builds STORK XML Any Attribute + * @param name Attribute Name + * @param friendlyName friendlyName of Attribute + * @param value Value of Attribute + * @param status STORK status of attribute + * @return STORK XML Any Attribute + */
+ public static Attribute buildSTORKXMLAttribute(String name, String friendlyName, XMLObject value, String status) {
+ XSAny xsAny = buildXMLObject(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsAny.getUnknownXMLObjects().add(value);
+
+ return buildAttribute(name, friendlyName, status, xsAny);
+ }
+ + /** + * Builds STORK Attribute + * @param name Attribute Name + * @param friendlyName friendlyName of Attribute + * @param status STORK status of Attribute + * @param attributeValue Value of the Attribute + * @return Attribute + */
+ public static Attribute buildAttribute(String name, String friendlyName, String status, XMLObject attributeValue) {
+ Attribute attribute = buildXMLObject(STORKAttribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setNameFormat(STORKAttribute.URI_REFERENCE);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getUnknownAttributes().put(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME, status);
+ attribute.getAttributeValues().add(attributeValue);
+
+ return attribute;
+ }
+ + /** + * Builds STORK String Attribute + * @param name Attribute Name + * @param friendlyName friendlyName of Attribute + * @param status STORK status of Attribute + * @param attributeValue Value of the Attribute + * @return String Attribute + */
+ public static Attribute buildStringAttribute(String name, String friendlyName, String status, String attributeValue) {
+ Attribute attribute = buildXMLObject(STORKAttribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setNameFormat(STORKAttribute.URI_REFERENCE);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getUnknownAttributes().put(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME, status);
+
+ XSString xsString = buildXSString(AttributeValue.DEFAULT_ELEMENT_NAME);
+ xsString.setValue(attributeValue);
+ attribute.getAttributeValues().add(xsString);
+
+ return attribute;
+ }
+
+ /** + * Builds DSS signature request + * @param textToBeSigned Text to be included in the DSS request + * @param mimeType MimeType of the contents + * @return DSS signature request as String + */
+ public static String buildSignatureRequestString(String textToBeSigned, String mimeType) { + //MimeType=\"text/plain\" + //MimeType=\"application/xhtml+xml\"
+ String sigRequestString =
+ "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " +
+ "RequestID=\"" + generateID() + "\">" +
+ "<dss:InputDocuments>" +
+ "<dss:Document>" +
+ "<dss:Base64Data MimeType=\"" + mimeType + "\">" + Base64.encodeBytes(textToBeSigned.getBytes()) + "</dss:Base64Data>" +
+ "</dss:Document>" +
+ "</dss:InputDocuments>" +
+ "</dss:SignRequest>";
+
+ return sigRequestString;
+
+ }
+ + /** + * Builds STORK signedDoc RequestedAttribute + * @param textToBeSigned Text to be included in the DSS request + * @param mimeType MimeType of the contents + * @param isRequired true or false if signedDoc RequestedAttribute is required + * @return STORK signedDoc RequestedAttribute + */
+ public static RequestedAttribute buildSignatureRequestRequestedAttribute(String textToBeSigned, String mimeType, boolean isRequired) {
+ return buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, isRequired, buildSignatureRequestString(textToBeSigned, mimeType));
+ }
+ + /** + * Adds RequestedAttribute to STORKAuthnRequest + * @param authnRequest STORKAuthnRequest + * @param reqAttr RequestedAttribute + */
+ public static void addRequestedAttribute(STORKAuthnRequest authnRequest, RequestedAttribute reqAttr) {
+ if (authnRequest != null) {
+ RequestedAttributes requestedAttributes = (RequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects(RequestedAttributes.DEFAULT_ELEMENT_NAME).get(0);
+ requestedAttributes.getRequestedAttributes().add(reqAttr);
+ }
+ }
+ + /** + * Adds several RequestedAttribute to STORKAuthnRequest + * @param authnRequest STORKAuthnRequest + * @param reqAttr RequestedAttribute + */
+ public static void addRequestedAttributes(STORKAuthnRequest authnRequest, RequestedAttribute... reqAttrs) {
+ for (RequestedAttribute reqAttr : reqAttrs) {
+ addRequestedAttribute(authnRequest, reqAttr);
+ }
+ }
+ + /** + * Builds STORK signed doc attribute and adds it to STORKAuthnRequest + * @param authnRequest STORKAuthnRequest + * @param textToBeSigned Text to be included in the DSS request + * @param mimeType MimeType of the contents + * @param isRequired true or false if signedDoc RequestedAttribute is required + */
+ public static void buildAndAddSignatureRequestToAuthnRequest(STORKAuthnRequest authnRequest, String textToBeSigned, String mimeType, boolean isRequired) {
+ if (authnRequest != null && !StringUtils.isEmpty(textToBeSigned)) {
+ addRequestedAttribute(authnRequest, buildSignatureRequestRequestedAttribute(textToBeSigned, mimeType, isRequired));
+ }
+
+ }
+ + /** + * Adds DSS siganture request as String to STORKAuthnRequest + * @param authnRequest STORKAuthnRequest + * @param dssSignatureRequest DSS signature request as String + * @param isRequired true or false if signedDoc RequestedAttribute is required + */
+ public static void addSignatureRequestToAuthnRequest(STORKAuthnRequest authnRequest, String dssSignatureRequest, boolean isRequired) {
+ if (authnRequest != null && !StringUtils.isEmpty(dssSignatureRequest)) {
+ addRequestedAttribute(authnRequest, buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, isRequired, dssSignatureRequest));
+ }
+
+ }
+ + /** + * Adds Attribute to an assertion + * @param assertion Assertion + * @param attr Attribute + */
+ public static void addAttribute(Assertion assertion, Attribute attr) {
+ if (assertion != null) {
+ if (!assertion.getAttributeStatements().isEmpty()) {
+ assertion.getAttributeStatements().get(0).getAttributes().add(attr);
+ }
+ }
+ }
+ + /** + * Adds several Attribute to an assertion + * @param assertion Assertion + * @param attr Attribute + */
+ public static void addAttributes(Assertion assertion, Attribute... attrs) {
+ for (Attribute attr : attrs) {
+ addAttribute(assertion, attr);
+ }
+ }
+ + /** + * Adds several Attribute to first assertion in STORK response + * @param response STORK response + * @param attrs Attribute + */
+ public static void addAttribute(STORKResponse response, Attribute... attrs) {
+ if (response != null) {
+ if (!response.getAssertions().isEmpty()) {
+ addAttributes(response.getAssertions().get(0), attrs);
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java new file mode 100644 index 000000000..80556cfa5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java @@ -0,0 +1,73 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.common;
+
+import java.io.InputStream;
+
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLConfigurator;
+ +/** + * Class extending the default bootstrap mechanism of OpenSAML + * @author bzwattendorfer + * + */
+public class STORKBootstrap extends DefaultBootstrap {
+
+ /** + * Extends the default bootstrap mechanism of OpenSAML + * Adds STORK schemata and extension elements + * @throws ConfigurationException + */
+ public static synchronized void bootstrap() throws ConfigurationException {
+
+ SAMLSchemaBuilder.addExtensionSchema("stork-schema-assertion-1.0.xsd");
+ SAMLSchemaBuilder.addExtensionSchema("stork-schema-protocol-1.0.xsd");
+
+ DefaultBootstrap.bootstrap();
+
+ initStorkConfig("saml2-stork-config.xml");
+
+ }
+ + /** + * Initializes OpenSAML with config + * @param xmlConfig XML Config for STORK and SAML2 + * @throws ConfigurationException + */
+ private static void initStorkConfig(String xmlConfig) throws ConfigurationException {
+
+ XMLConfigurator configurator = new XMLConfigurator();
+
+ InputStream is = STORKBootstrap.class.getClassLoader().getResourceAsStream(xmlConfig);
+
+ configurator.load(is);
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java new file mode 100644 index 000000000..5a63e2dcd --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java @@ -0,0 +1,176 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.common;
+ +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +
+/** + * Interface encapuslating relevant STORK constants such as namespace, attribute names, etc. + * @author bzwattendorfer + * + */
+public interface STORKConstants {
+ + /** + * STORK namespace + */
+ public static final String STORK10_NS = "urn:eu:stork:names:tc:STORK:1.0:assertion";
+ + /** + * STORK namespace prefix + */
+ public static final String STORK10_PREFIX = "stork";
+ + /** + * STORK protocol namespace + */
+ public static final String STORKP10_NS = "urn:eu:stork:names:tc:STORK:1.0:protocol";
+ + /** + * STORK protocol namespace prefix + */
+ public static final String STORKP10_PREFIX = "storkp";
+ + /** + * STORK attribute name prefix + */
+ final static String STORK_ATTRIBUTE_NAME_PREFIX = "http://www.stork.gov.eu/1.0/";
+ + final static String STORK_ATTRIBUTE_NAME_SUFFIX_EIDENTIFIER = "eIdentifier"; + final static String STORK_ATTRIBUTE_EIDENTIFIER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_EIDENTIFIER; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_GIVENAME = "givenName"; + final static String STORK_ATTRIBUTE_GIVENNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_GIVENAME; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_SURNAME = "surname"; + final static String STORK_ATTRIBUTE_SURNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_SURNAME; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_INHERITED_FAMILYNAME = "inheritedFamilyName"; + final static String STORK_ATTRIBUTE_INHERITED_FAMILYNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_INHERITED_FAMILYNAME; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_ADOPTED_FAMILYNAME = "adoptedFamilyName"; + final static String STORK_ATTRIBUTE_ADOPTED_FAMILYNAME = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_ADOPTED_FAMILYNAME; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_GENDER = "gender"; + final static String STORK_ATTRIBUTE_GENDER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_GENDER; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH = "dateOfBirth"; + final static String STORK_ATTRIBUTE_DATEOFBIRTH = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_COUNTRYOFBIRTH = "countryCodeOfBirth"; + final static String STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_COUNTRYOFBIRTH; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_NATIONALITYCODE = "nationalityCode"; + final static String STORK_ATTRIBUTE_NATIONALITYCODE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_NATIONALITYCODE; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_MARTIALSTATUS = "maritalStatus"; + final static String STORK_ATTRIBUTE_MARTIALSTATUS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_MARTIALSTATUS; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_TEXT_RESIDENCE_ADDRESS = "textResidenceAddress"; + final static String STORK_ATTRIBUTE_TEXT_RESIDENCE_ADDRESS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_TEXT_RESIDENCE_ADDRESS; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_CANONICAL_RESIDENCE_ADDRESS = "canonicalResidenceAddress"; + final static String STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CANONICAL_RESIDENCE_ADDRESS; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_EMAIL = "eMail"; + final static String STORK_ATTRIBUTE_EMAIL = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_EMAIL; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_TITLE = "title"; + final static String STORK_ATTRIBUTE_TITLE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_TITLE; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_RESIDENCE_PERMIT = "residencePermit"; + final static String STORK_ATTRIBUTE_RESIDENCE_PERMIT = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_RESIDENCE_PERMIT; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_PSEUDONYM = "pseudonym"; + final static String STORK_ATTRIBUTE_PSEUDONYM = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_PSEUDONYM; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_AGE = "age"; + final static String STORK_ATTRIBUTE_AGE = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_AGE; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_ISAGEOVER = "isAgeOver"; + final static String STORK_ATTRIBUTE_ISAGEOVER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_ISAGEOVER; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_SIGNED_DOC = "signedDoc"; + final static String STORK_ATTRIBUTE_SIGNEDDOC = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_SIGNED_DOC; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_FISCALNUMBER = "fiscalNumber"; + final static String STORK_ATTRIBUTE_FISCALNUMBER = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_FISCALNUMBER; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL_OLD = "citizenQAAlevel"; + final static String STORK_ATTRIBUTE_CITIZENQAALEVEL_OLD = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL_OLD; + + final static String STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL = "citizenQAALevel"; + final static String STORK_ATTRIBUTE_CITIZENQAALEVEL = STORK_ATTRIBUTE_NAME_PREFIX + STORK_ATTRIBUTE_NAME_SUFFIX_CITIZENQAALEVEL; + + /** + * Full Set of accepted STORK attributes + */ + public final Set<String> FULL_STORK_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] {STORK_ATTRIBUTE_EIDENTIFIER, + STORK_ATTRIBUTE_GIVENNAME, + STORK_ATTRIBUTE_SURNAME, + STORK_ATTRIBUTE_INHERITED_FAMILYNAME, + STORK_ATTRIBUTE_ADOPTED_FAMILYNAME, + STORK_ATTRIBUTE_GENDER, + STORK_ATTRIBUTE_DATEOFBIRTH, + STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH, + STORK_ATTRIBUTE_NATIONALITYCODE, + STORK_ATTRIBUTE_MARTIALSTATUS, + STORK_ATTRIBUTE_TEXT_RESIDENCE_ADDRESS, + STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS, + STORK_ATTRIBUTE_TEXT_CANONICAL_ADDRESS, + STORK_ATTRIBUTE_EMAIL, + STORK_ATTRIBUTE_TITLE, + STORK_ATTRIBUTE_RESIDENCE_PERMIT, + STORK_ATTRIBUTE_PSEUDONYM, + STORK_ATTRIBUTE_AGE, + STORK_ATTRIBUTE_ISAGEOVER, + STORK_ATTRIBUTE_SIGNEDDOC, + STORK_ATTRIBUTE_FISCALNUMBER, + STORK_ATTRIBUTE_CITIZENQAALEVEL_OLD, + STORK_ATTRIBUTE_CITIZENQAALEVEL})); + + /** + * Default set of STORK attributes to be requested (without signedDoc) + */ + Set<String> DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] { + STORK_ATTRIBUTE_EIDENTIFIER, + STORK_ATTRIBUTE_GIVENNAME, + STORK_ATTRIBUTE_SURNAME, + STORK_ATTRIBUTE_DATEOFBIRTH,})); + + /** + * Default required set of returned STORK attributes + */ + Set<String> DEFAULT_STORK_RETURNED_ATTRIBUTE_SET = new HashSet<String>(Arrays.asList(new String[] { + STORK_ATTRIBUTE_EIDENTIFIER, + STORK_ATTRIBUTE_GIVENNAME, + STORK_ATTRIBUTE_SURNAME, + STORK_ATTRIBUTE_DATEOFBIRTH, + STORK_ATTRIBUTE_SIGNEDDOC}));
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java new file mode 100644 index 000000000..33ee67313 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.exception;
+
+/**
+ * Exception thrown if exception occurs in SAML message processing + * @author bzwattendorfer
+ *
+ */
+public class SAMLException extends Exception {
+ + /** {@inheritDoc} */
+ public SAMLException() {
+ super();
+ }
+ + /** {@inheritDoc} */
+ public SAMLException(String message, Throwable cause) {
+ super(message, cause);
+ }
+ + /** {@inheritDoc} */
+ public SAMLException(String message) {
+ super(message);
+ } + + /** {@inheritDoc} */
+ public SAMLException(Throwable cause) {
+ super(cause);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java new file mode 100644 index 000000000..51520d968 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.exception;
+ +/** + * Exception thrown if error occurs in SAML message validation + * @author bzwattendorfer + * + */
+public class SAMLValidationException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+ + /** {@inheritDoc} */
+ public SAMLValidationException() {
+
+ super();
+ }
+ + /** {@inheritDoc} */
+ public SAMLValidationException(String s) {
+
+ super(s);
+ }
+ + /** {@inheritDoc} */
+ public SAMLValidationException(Exception e) {
+
+ super(e);
+ }
+ + /** {@inheritDoc} */
+ public SAMLValidationException(String m, Exception e) {
+
+ super(m, e);
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java new file mode 100644 index 000000000..ec8232704 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java @@ -0,0 +1,65 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.Attribute;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * Interface extending original SAML Attribute for STORK with the XML attributeStatus attribute + * {@inheritDoc} + * @author bzwattendorfer
+ *
+ */
+public interface STORKAttribute extends Attribute {
+
+ public static final String STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME = "AttributeStatus";
+
+ public static final QName DEFAULT_STORK_ATTRIBUTE_QNAME = new QName(STORKConstants.STORK10_NS, STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME, STORKConstants.STORK10_PREFIX);
+
+ public static final String ALLOWED_ATTRIBUTE_STATUS_AVAIL = "Available";
+ public static final String ALLOWED_ATTRIBUTE_STATUS_NOT_AVAIL = "NotAvailable";
+ public static final String ALLOWED_ATTRIBUTE_STATUS_WITHHELD = "Withheld";
+ + /** + * Sets the STORK attributeStatus + * @param attributeStatus + */
+ public void setAttributeStatus(String attributeStatus);
+ + /** + * Gets the STORK attributeStatus + * @return + */
+ public String getAttributeStatus();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java new file mode 100644 index 000000000..2d511d62a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.core.AttributeValue;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * {@inheritDoc} + * @author bzwattendorfer
+ *
+ */
+public interface STORKAttributeValue extends AttributeValue {
+
+ /** Element name, no namespace. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AttributeValue";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java new file mode 100644 index 000000000..b5e12ea75 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java @@ -0,0 +1,78 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml;
+
+import org.opensaml.saml2.common.Extensions;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+ +/** + * Extends the SAML Extension element with STORK related functionality + * {@inheritDoc} + * @author bzwattendorfer + * + */
+public interface STORKExtensions extends Extensions {
+ + /** + * Sets the QAALevel object + * @param authLevel QAALevel object + */
+ public void setQAALevel(QualityAuthenticationAssuranceLevel authLevel);
+ + /** + * Gets the QAALevel object + * @return QAALevel object + */
+ public QualityAuthenticationAssuranceLevel getQAALevel();
+ + /** + * Gets the RequestedAttributes object + * @return RequestedAttributes object + */
+ public RequestedAttributes getRequestedAttributes();
+ + /** + * Sets RequestedAttributes + * @param requestedAttributes RequestedAttributes object + */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes);
+ + /** + * Gets AuthenticationAttributes + * @return AuthenticationAttributes + */
+ public AuthenticationAttributes getAuthenticationAttributes();
+ + /** + * Sets AuthenticationAttributes + * @param authenticationAttributes AuthenticationAttributes object + */
+ public void setAuthenticationAttributes(AuthenticationAttributes authenticationAttributes);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java new file mode 100644 index 000000000..38149bea5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java @@ -0,0 +1,53 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * {@inheritDoc} + * @author bzwattendorfer
+ *
+ */
+public interface STORKRequestedAttribute extends RequestedAttribute {
+
+
+ /** Default element name */
+ public final static QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ /** QName of the XSI type */
+ public final static QName TYPE_NAME = new QName(STORKConstants.STORK10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java new file mode 100644 index 000000000..413b5f6d7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AttributeBuilder;
+
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeBuilder extends AttributeBuilder {
+
+ /**
+ * Constructor.
+ */
+ public STORKAttributeBuilder() {
+
+ }
+
+ /** {@inheritDoc} */
+ public STORKAttribute buildObject() {
+ return buildObject(SAMLConstants.SAML20_NS, Attribute.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKAttributeImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java new file mode 100644 index 000000000..89ad90eae --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java @@ -0,0 +1,63 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AttributeImpl;
+
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeImpl extends AttributeImpl implements STORKAttribute {
+
+ private String attributeStatus;
+
+ protected STORKAttributeImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.saml.STORKAttribute#getAttributeStatus()
+ */
+ public String getAttributeStatus() {
+ return attributeStatus;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.saml.STORKAttribute#setAttributeStatus(java.lang.String)
+ */
+ public void setAttributeStatus(String attributeStatus) {
+ this.attributeStatus = attributeStatus;
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java new file mode 100644 index 000000000..ba8c2f1a3 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java @@ -0,0 +1,56 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AttributeMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class STORKAttributeMarshaller extends AttributeMarshaller {
+
+ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException {
+ STORKAttribute attribute = (STORKAttribute) samlElement;
+
+ if (attribute.getAttributeStatus() != null) {
+ domElement.setAttributeNS(STORKConstants.STORK10_NS, STORKAttribute.STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME, attribute.getName());
+ }
+
+ super.marshallAttributes(samlElement, domElement);
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java new file mode 100644 index 000000000..5a74dab7d --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +package eu.stork.vidp.messages.saml.impl; + +import javax.xml.namespace.QName; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.impl.AttributeUnmarshaller; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.UnmarshallingException; +import org.w3c.dom.Attr; + +import eu.stork.vidp.messages.saml.STORKAttribute; + +/** + * A thread-safe Unmarshaller for {@link org.opensaml.saml2.core.Attribute} objects. + */ +public class STORKAttributeUnmarshaller extends AttributeUnmarshaller { + + + protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { + + if (samlObject instanceof STORKAttribute) { + STORKAttribute attrib = (STORKAttribute) samlObject; + + if (attribute.getLocalName().equals(STORKAttribute.STORK_ATTRIBUTE_STATUS_ATTTRIB_NAME)) { + attrib.setAttributeStatus(attribute.getValue()); + } + } + + super.processAttribute(samlObject, attribute); + } + +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java new file mode 100644 index 000000000..8836b6c8e --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestBuilder extends AuthnRequestBuilder {
+
+ /** {@inheritDoc} */
+
+
+ public STORKAuthnRequest buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, AuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKAuthnRequest buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKAuthnRequestImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java new file mode 100644 index 000000000..c9375ceb9 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java @@ -0,0 +1,170 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.impl.AuthnRequestImpl;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestImpl extends AuthnRequestImpl implements STORKAuthnRequest {
+
+ private int qaaLevel;
+
+ private String ccc;
+
+ private String finalRedirectURL;
+
+ private String spID;
+
+ private XMLObject originalSPAuthRequest;
+
+ private X509Certificate spCertSig;
+
+ private X509Certificate spCertEnc;
+
+ //private XMLObjectChildrenList<RequestedAttribute> requestedAttributes;
+ private List<RequestedAttribute> requestedAttributes;
+
+ protected STORKAuthnRequestImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ //requestedAttributes = new IndexedXMLObjectChildrenList<RequestedAttribute>(this);
+ }
+
+ public STORKAuthnRequestImpl() {
+ super(SAMLConstants.SAML20P_NS, STORKAuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+
+
+ public int getQAALevel() {
+ return this.qaaLevel;
+ }
+
+ public void setQAALevel(int authLevel) {
+ this.qaaLevel = authLevel;
+
+ }
+
+ public String getCitizenCountryCode() {
+ return ccc;
+ }
+
+ public String getFinalRedirectURL() {
+ return finalRedirectURL;
+ }
+
+ public XMLObject getOriginalSPAuthRequest() {
+ return originalSPAuthRequest;
+ }
+
+ public X509Certificate getSPCertEnc() {
+ return spCertEnc;
+ }
+
+ public X509Certificate getSPCertSig() {
+ return spCertSig;
+ }
+
+ public String getSPID() {
+ return spID;
+ }
+
+ public void setCitizenCountryCode(String citizenCountryCode) {
+ this.ccc = citizenCountryCode;
+ }
+
+ public void setFinalRedirectURL(String finalRedirectURL) {
+ this.finalRedirectURL = finalRedirectURL;
+ }
+
+ public void setOriginalSPAuthRequest(XMLObject spAuthRequest) {
+ this.originalSPAuthRequest = spAuthRequest;
+ }
+
+ public void setSPCertEnc(X509Certificate encryptionCertificate) {
+ this.spCertEnc = encryptionCertificate;
+ }
+
+ public void setSPCertSig(X509Certificate signingCertificate) {
+ this.spCertSig = signingCertificate;
+ }
+
+ public void setSPID(String spID) {
+ this.spID = spID;
+ }
+
+ public List<RequestedAttribute> getRequestedAttributes() {
+// return (List<RequestedAttribute>) requestedAttributes.subList(new QName(STORKMessagesConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME, STORKMessagesConstants.STORK10_PREFIX));
+ return requestedAttributes;
+ }
+
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributesList) {
+ // this.requestedAttributes = (XMLObjectChildrenList<RequestedAttribute>) requestedAttributesList;
+ this.requestedAttributes = requestedAttributesList;
+ }
+
+// public List<XMLObject> getOrderedChildren() {
+// ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+//
+// if (super.getOrderedChildren() != null) {
+// children.addAll(super.getOrderedChildren());
+// }
+//
+// if (qaaLevel != 0 ) {
+// children.add(subject);
+// }
+//
+// if (nameIDPolicy != null) {
+// children.add(nameIDPolicy);
+// }
+//
+// if (conditions != null) {
+// children.add(conditions);
+// }
+//
+// if (requestedAuthnContext != null) {
+// children.add(requestedAuthnContext);
+// }
+//
+// if (scoping != null) {
+// children.add(scoping);
+// }
+//
+// if (children.size() == 0) {
+// return null;
+// }
+//
+// return Collections.unmodifiableList(children);
+// }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java new file mode 100644 index 000000000..faad3a835 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java @@ -0,0 +1,44 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.AuthnRequestMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class STORKAuthnRequestMarshaller extends AuthnRequestMarshaller {
+
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ STORKAuthnRequest req = (STORKAuthnRequest) samlObject;
+
+// if (sr.getQAA() != -1) {
+// //domElement.setAttributeNS(null, StatusResponseType.VERSION_ATTRIB_NAME, sr.getVersion().toString());
+// }
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java new file mode 100644 index 000000000..7924400fa --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.opensaml.saml2.core.impl.AuthnRequestUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.X509Data;
+import org.opensaml.xml.util.Base64;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPCertType;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class STORKAuthnRequestUnmarshaller extends AuthnRequestUnmarshaller {
+
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+ STORKAuthnRequest req = (STORKAuthnRequest) parentSAMLObject;
+
+ if (childSAMLObject instanceof STORKExtensions) {
+ STORKExtensions ext = (STORKExtensions) childSAMLObject;
+ req.setExtensions(ext);
+
+ if (ext.getQAALevel() != null)
+ req.setQAALevel(ext.getQAALevel().getValue());
+
+ if (ext.getRequestedAttributes() != null) {
+ //List<RequestedAttribute> reqAttrList = new ArrayList<RequestedAttribute>();
+// for (RequestedAttribute reqAtt : ext.getRequestedAttributes().getRequestedAttributes()) {
+// req.getRequestedAttributes().add(reqAtt);
+// }
+ req.setRequestedAttributes(ext.getRequestedAttributes().getRequestedAttributes());
+
+ }
+
+ if (ext.getAuthenticationAttributes() != null) {
+ VIDPAuthenticationAttributes vidpAuthAttributes = ext.getAuthenticationAttributes().getVIDPAuthenticationAttributes();
+ if (vidpAuthAttributes != null) {
+ if (vidpAuthAttributes.getCitizenCountryCode() != null)
+ req.setCitizenCountryCode(vidpAuthAttributes.getCitizenCountryCode().getValue());
+
+ SPInformation spInformation = vidpAuthAttributes.getSPInformation();
+ if (spInformation != null) {
+ if (spInformation.getSPID() != null)
+ req.setSPID(spInformation.getSPID().getValue());
+
+ if (spInformation.getSPCertSig() != null) {
+ SPCertSig spCertSig = spInformation.getSPCertSig();
+ try {
+ req.setSPCertSig(getCertificateFromX509Data(spCertSig));
+ } catch (Exception e) {
+ throw new UnmarshallingException("Error reading SP signing certificate");
+ }
+ }
+
+ if (spInformation.getSPCertEnc() != null) {
+ SPCertEnc spCertEnc = spInformation.getSPCertEnc();
+ try {
+ req.setSPCertEnc(getCertificateFromX509Data(spCertEnc));
+ } catch (Exception e) {
+ throw new UnmarshallingException("Error reading SP encryption certificate");
+ }
+ }
+
+ if (spInformation.getSPAuthRequest() != null) {
+ req.setOriginalSPAuthRequest(spInformation.getSPAuthRequest());
+ }
+
+ }
+ }
+ }
+
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+ private X509Certificate getCertificateFromX509Data(SPCertType spCert) throws CertificateException {
+ if (spCert.getKeyInfo() != null)
+ if (!spCert.getKeyInfo().getX509Datas().isEmpty()) {
+ X509Data samlX509Data = spCert.getKeyInfo().getX509Datas().get(0);
+
+ if (samlX509Data != null) {
+ if (!samlX509Data.getX509Certificates().isEmpty()) {
+ org.opensaml.xml.signature.X509Certificate samlX509Cert = samlX509Data.getX509Certificates().get(0);
+ if (samlX509Cert != null) {
+ if (samlX509Cert.getValue() != null && samlX509Cert.getValue().length() != 0) {
+ InputStream inStream = new ByteArrayInputStream( Base64.decode(samlX509Cert.getValue()));
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
+ return cert;
+ }
+
+ }
+
+ }
+ }
+ }
+
+ return null;
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java new file mode 100644 index 000000000..96004871c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.impl.ExtensionsBuilder;
+import org.opensaml.saml2.core.Response;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+
+public class STORKExtensionsBuilder extends ExtensionsBuilder {
+
+ public STORKExtensions buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Response.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKExtensions buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKExtensionsImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java new file mode 100644 index 000000000..5417481c7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java @@ -0,0 +1,74 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsImpl;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class STORKExtensionsImpl extends ExtensionsImpl implements STORKExtensions {
+
+ private QualityAuthenticationAssuranceLevel qaaLevel;
+
+ private RequestedAttributes requestedAttributes;
+
+ private AuthenticationAttributes authenticationAttributes;
+
+ protected STORKExtensionsImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public AuthenticationAttributes getAuthenticationAttributes() {
+ return authenticationAttributes;
+ }
+
+ public QualityAuthenticationAssuranceLevel getQAALevel() {
+ return qaaLevel;
+ }
+
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ public void setAuthenticationAttributes(
+ AuthenticationAttributes authenticationAttributes) {
+ this.authenticationAttributes = authenticationAttributes;
+ }
+
+ public void setQAALevel(QualityAuthenticationAssuranceLevel authLevel) {
+ this.qaaLevel = authLevel;
+ }
+
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java new file mode 100644 index 000000000..7aa86c2ed --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java @@ -0,0 +1,32 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsMarshaller;
+
+public class STORKExtensionsMarshaller extends ExtensionsMarshaller {
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java new file mode 100644 index 000000000..a701c9e6f --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.common.impl.ExtensionsUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class STORKExtensionsUnmarshaller extends ExtensionsUnmarshaller {
+
+ protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject)
+ throws UnmarshallingException {
+ STORKExtensions extensions = (STORKExtensions) parentXMLObject;
+
+ if (childXMLObject instanceof QualityAuthenticationAssuranceLevel) {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) childXMLObject;
+ extensions.setQAALevel(qaa);
+ } if (childXMLObject instanceof RequestedAttributes) {
+ RequestedAttributes requestedAttributes = (RequestedAttributes) childXMLObject;
+ extensions.setRequestedAttributes(requestedAttributes);
+ } if (childXMLObject instanceof AuthenticationAttributes) {
+ AuthenticationAttributes authenticationAttributes = (AuthenticationAttributes) childXMLObject;
+ extensions.setAuthenticationAttributes(authenticationAttributes);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+
+}
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java new file mode 100644 index 000000000..1e23a9f2b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * + */ + +package eu.stork.vidp.messages.saml.impl; + +import org.opensaml.common.impl.AbstractSAMLObjectBuilder; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.saml.STORKRequestedAttribute; + +/** + * Builder for {@link org.opensaml.saml2.metadata.impl.RequestedAttributeImpl}. + */ +public class STORKRequestedAttributeBuilder extends AbstractSAMLObjectBuilder<RequestedAttribute> { + + /** Constructor */ + public STORKRequestedAttributeBuilder() { + + } + + /** {@inheritDoc} */ + public STORKRequestedAttribute buildObject() { + return buildObject(STORKConstants.STORK10_NS, STORKRequestedAttribute.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX); + } + + /** {@inheritDoc} */ + public STORKRequestedAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) { + return new STORKRequestedAttributeImpl(namespaceURI, localName, namespacePrefix); + } +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java new file mode 100644 index 000000000..e3921919a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java @@ -0,0 +1,66 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +
+/**
+ *
+ */
+
+package eu.stork.vidp.messages.saml.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.impl.RequestedAttributeImpl;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.vidp.messages.saml.STORKRequestedAttribute;
+
+/**
+ * Concrete implementation of {@link org.opensaml.saml2.metadata.RequestedAttribute}
+ */
+public class STORKRequestedAttributeImpl extends RequestedAttributeImpl implements STORKRequestedAttribute {
+
+ /**
+ * Constructor
+ *
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ protected STORKRequestedAttributeImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.addAll(getAttributeValues());
+
+ return Collections.unmodifiableList(children);
+ }
+}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java new file mode 100644 index 000000000..6b7771c72 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java @@ -0,0 +1,64 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +/** + * + */ + +package eu.stork.vidp.messages.saml.impl; + +import javax.xml.namespace.QName; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.impl.RequestedAttributeUnmarshaller; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.UnmarshallingException; + +import eu.stork.vidp.messages.common.STORKConstants; + + +/** + * A thread-safe Unmarshaller for {@link org.opensaml.saml2.metadata.RequestedAttribute} objects. + */ +public class STORKRequestedAttributeUnmarshaller extends RequestedAttributeUnmarshaller { + + protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) + throws UnmarshallingException { + + Attribute attribute = (Attribute) parentSAMLObject; + + QName childQName = childSAMLObject.getElementQName(); + if (childQName.getLocalPart().equals("AttributeValue") + && childQName.getNamespaceURI().equals(STORKConstants.STORK10_NS)) { + attribute.getAttributeValues().add(childSAMLObject); + } else { + super.processChildElement(parentSAMLObject, childSAMLObject); + } +} + + +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java new file mode 100644 index 000000000..24cebaef7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.impl.ResponseBuilder;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseBuilder extends ResponseBuilder {
+
+ /** {@inheritDoc} */
+
+
+ public STORKResponse buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Response.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public STORKResponse buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new STORKResponseImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java new file mode 100644 index 000000000..08b5dc9bc --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java @@ -0,0 +1,59 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.impl.ResponseImpl;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseImpl extends ResponseImpl implements STORKResponse {
+
+ private int qaaLevel;
+
+ protected STORKResponseImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+
+ public STORKResponseImpl() {
+ super(SAMLConstants.SAML20P_NS, STORKResponse.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+ }
+
+
+ public int getQAALevel() {
+ return this.qaaLevel;
+ }
+
+ public void setQAALevel(int authLevel) {
+ this.qaaLevel = authLevel;
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java new file mode 100644 index 000000000..1a4654d01 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java @@ -0,0 +1,44 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.ResponseMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class STORKResponseMarshaller extends ResponseMarshaller {
+
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ STORKResponse sr = (STORKResponse) samlObject;
+
+// if (sr.getQAA() != -1) {
+// //domElement.setAttributeNS(null, StatusResponseType.VERSION_ATTRIB_NAME, sr.getVersion().toString());
+// }
+ }
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java new file mode 100644 index 000000000..c2a7bcef9 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl;
+
+import org.opensaml.saml2.core.impl.ResponseUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.vidp.messages.saml.STORKExtensions;
+
+public class STORKResponseUnmarshaller extends ResponseUnmarshaller {
+
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+ STORKResponse resp = (STORKResponse) parentSAMLObject;
+
+ if (childSAMLObject instanceof STORKExtensions) {
+ STORKExtensions ext = (STORKExtensions) childSAMLObject;
+
+ if (ext.getQAALevel() != null)
+ resp.setQAALevel(ext.getQAALevel().getValue());
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java new file mode 100644 index 000000000..73f9cd503 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java @@ -0,0 +1,55 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface AuthenticationAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AuthenticationAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "AuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setVIDPAuthenticationAttributes(VIDPAuthenticationAttributes authenticationAttributes);
+
+ public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java new file mode 100644 index 000000000..8c7847dd7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface CitizenCountryCode extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "CitizenCountryCode";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(String citizenCountryCode);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java new file mode 100644 index 000000000..c0f7cb291 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java @@ -0,0 +1,54 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDCrossBorderShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDCrossBorderShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java new file mode 100644 index 000000000..a04376fb2 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java @@ -0,0 +1,54 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDCrossSectorShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDCrossSectorShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java new file mode 100644 index 000000000..4fbd4a2d9 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java @@ -0,0 +1,54 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public interface EIDSectorShare extends ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "eIDSectorShare";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(boolean value);
+
+ public boolean getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java new file mode 100644 index 000000000..2869177b2 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface QualityAuthenticationAssuranceLevel extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "QualityAuthenticationAssuranceLevel";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(int level);
+
+ public int getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java new file mode 100644 index 000000000..0dcb1964c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface RequestedAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setRequestedAttributes(List<RequestedAttribute> requestedAttributes);
+
+ public List<RequestedAttribute> getRequestedAttributes();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java new file mode 100644 index 000000000..8a5fd8644 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package eu.stork.vidp.messages.stork; + +import javax.xml.namespace.QName; + +import org.opensaml.xml.ElementExtensibleXMLObject; +import org.opensaml.xml.validation.ValidatingXMLObject; + +import eu.stork.vidp.messages.common.STORKConstants; + +/** + * SAML 2.0 Extensions + */ +public interface SPAuthRequest extends ValidatingXMLObject, ElementExtensibleXMLObject { + + /** Local name, no namespace */ + public final static String LOCAL_NAME = "SPAuthRequest"; + + /** Default element name. */ + public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, LOCAL_NAME, + STORKConstants.STORKP10_PREFIX); + +} diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java new file mode 100644 index 000000000..fd0ff31ae --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java @@ -0,0 +1,44 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertEnc extends
+ SPCertType {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPCertEnc";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java new file mode 100644 index 000000000..c54d23505 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java @@ -0,0 +1,44 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertSig extends
+ SPCertType {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPCertSig";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java new file mode 100644 index 000000000..e24db06a7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java @@ -0,0 +1,49 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPCertType extends
+ ValidatingXMLObject {
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "SPCertType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setKeyInfo(KeyInfo keyInfo);
+
+ public KeyInfo getKeyInfo();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java new file mode 100644 index 000000000..6c8122b88 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPID extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPID";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setValue(String spID);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java new file mode 100644 index 000000000..e0926cd65 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java @@ -0,0 +1,67 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SPInformation extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "SPInformation";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "SPInformationType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setSPID(SPID spID);
+
+ public SPID getSPID();
+
+ public void setSPCertSig(SPCertSig spCertSig);
+
+ public SPCertSig getSPCertSig();
+
+ public void setSPCertEnc(SPCertEnc spCertEnc);
+
+ public SPCertEnc getSPCertEnc();
+
+ public void setSPAuthRequest(SPAuthRequest spAuthRequest);
+
+ public SPAuthRequest getSPAuthRequest();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java new file mode 100644 index 000000000..c68a29297 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpApplication extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spApplication";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spApplication);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java new file mode 100644 index 000000000..d7708cb62 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpCountry extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spCountry";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spCountry);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java new file mode 100644 index 000000000..dddd9e599 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpInstitution extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spInstitution";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spInstitution);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java new file mode 100644 index 000000000..f29bf02c8 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java @@ -0,0 +1,48 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface SpSector extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "spSector";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORK10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORK10_PREFIX);
+
+ public void setValue(String spSector);
+
+ public String getValue();
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java new file mode 100644 index 000000000..89c4bec61 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.validation.ValidatingXMLObject;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+
+public interface VIDPAuthenticationAttributes extends
+ ValidatingXMLObject {
+
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "VIDPAuthenticationAttributes";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(STORKConstants.STORKP10_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "VIDPAuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(STORKConstants.STORKP10_NS, TYPE_LOCAL_NAME,
+ STORKConstants.STORKP10_PREFIX);
+
+ public void setCitizenCountryCode(CitizenCountryCode citizenCountryCode);
+
+ public CitizenCountryCode getCitizenCountryCode();
+
+ public void setSPInformation(SPInformation spInformation);
+
+ public SPInformation getSPInformation();
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java new file mode 100644 index 000000000..7fb418f74 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+
+public class AuthenticationAttributesBuilder extends
+ AbstractXMLObjectBuilder<AuthenticationAttributes> {
+
+ @Override
+ public AuthenticationAttributes buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new AuthenticationAttributesImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public AuthenticationAttributes buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, AuthenticationAttributes.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java new file mode 100644 index 000000000..68e751fdc --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java @@ -0,0 +1,74 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class AuthenticationAttributesImpl extends
+ AbstractValidatingXMLObject implements
+ AuthenticationAttributes {
+
+ private VIDPAuthenticationAttributes authenticationAttributes;
+
+
+ protected AuthenticationAttributesImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes() {
+ return authenticationAttributes;
+ }
+
+ public void setVIDPAuthenticationAttributes(
+ VIDPAuthenticationAttributes authenticationAttributes) {
+ this.authenticationAttributes = authenticationAttributes;
+ }
+
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (authenticationAttributes != null) {
+ children.add(authenticationAttributes);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java new file mode 100644 index 000000000..05f1f9aec --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java @@ -0,0 +1,35 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class AuthenticationAttributesMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java new file mode 100644 index 000000000..564d62383 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java @@ -0,0 +1,52 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class AuthenticationAttributesUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ AuthenticationAttributes attributes = (AuthenticationAttributes) parentXMLObject;
+
+ if (childXMLObject instanceof VIDPAuthenticationAttributes) {
+ attributes.setVIDPAuthenticationAttributes((VIDPAuthenticationAttributes) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java new file mode 100644 index 000000000..de380d780 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeBuilder extends
+ AbstractXMLObjectBuilder<CitizenCountryCode> {
+
+ @Override
+ public CitizenCountryCode buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new CitizenCountryCodeImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public CitizenCountryCode buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, CitizenCountryCode.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java new file mode 100644 index 000000000..3de591116 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeImpl extends
+ AbstractValidatingXMLObject implements
+ CitizenCountryCode {
+
+ private String citizenCountryCode;
+
+ protected CitizenCountryCodeImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return citizenCountryCode;
+ }
+
+ public void setValue(String citizenCountryCode) {
+ this.citizenCountryCode = citizenCountryCode;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java new file mode 100644 index 000000000..8d47d6117 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ CitizenCountryCode ccc = (CitizenCountryCode) xmlObject;
+ XMLHelper.appendTextContent(domElement, ccc.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java new file mode 100644 index 000000000..69bd4cdb1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class CitizenCountryCodeUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ CitizenCountryCode ccc = (CitizenCountryCode) xmlObject;
+ ccc.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java new file mode 100644 index 000000000..d2b1bba08 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareBuilder extends
+ AbstractXMLObjectBuilder<EIDCrossBorderShare> {
+
+ @Override
+ public EIDCrossBorderShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDCrossBorderShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDCrossBorderShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDCrossBorderShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java new file mode 100644 index 000000000..e5182aff1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java @@ -0,0 +1,80 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDCrossBorderShareImpl extends AbstractValidatingXMLObject implements
+ EIDCrossBorderShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDCrossBorderShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java new file mode 100644 index 000000000..1b98e8a2b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDCrossBorderShare cbs = (EIDCrossBorderShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(cbs.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java new file mode 100644 index 000000000..bb7b9d762 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDCrossBorderShare;
+
+public class EIDCrossBorderShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDCrossBorderShare cbs = (EIDCrossBorderShare) xmlObject;
+ cbs.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java new file mode 100644 index 000000000..c02b11a7f --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareBuilder extends
+ AbstractXMLObjectBuilder<EIDCrossSectorShare> {
+
+ @Override
+ public EIDCrossSectorShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDCrossSectorShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDCrossSectorShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDCrossSectorShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java new file mode 100644 index 000000000..b58ee4c4b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java @@ -0,0 +1,80 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDCrossSectorShareImpl extends AbstractValidatingXMLObject implements
+ EIDCrossSectorShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDCrossSectorShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java new file mode 100644 index 000000000..bcffdad4a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDCrossSectorShare css = (EIDCrossSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(css.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java new file mode 100644 index 000000000..a249c4628 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDCrossSectorShare;
+
+public class EIDCrossSectorShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDCrossSectorShare css = (EIDCrossSectorShare) xmlObject;
+ css.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java new file mode 100644 index 000000000..79e0d1122 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareBuilder extends
+ AbstractXMLObjectBuilder<EIDSectorShare> {
+
+ @Override
+ public EIDSectorShare buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new EIDSectorShareImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public EIDSectorShare buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, EIDSectorShare.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java new file mode 100644 index 000000000..ae65ad36c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java @@ -0,0 +1,80 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class EIDSectorShareImpl extends AbstractValidatingXMLObject implements
+ EIDSectorShare {
+
+ private boolean value;
+
+ /**
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ public EIDSectorShareImpl(String namespaceURI, String elementLocalName,
+ String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#getValue()
+ */
+ public boolean getValue() {
+ return this.value;
+ }
+
+ /* (non-Javadoc)
+ * @see eu.stork.mw.common.messages.stork.EIDSectorShare#setValue(boolean)
+ */
+ public void setValue(boolean value) {
+ this.value = value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.xml.XMLObject#getOrderedChildren()
+ */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java new file mode 100644 index 000000000..ed18cfbd4 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ EIDSectorShare ss = (EIDSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(ss.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java new file mode 100644 index 000000000..6631e1ac2 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+public class EIDSectorShareUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ EIDSectorShare ss = (EIDSectorShare) xmlObject;
+ ss.setValue(Boolean.parseBoolean(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java new file mode 100644 index 000000000..d536372e8 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelBuilder extends
+ AbstractXMLObjectBuilder<QualityAuthenticationAssuranceLevel> {
+
+ @Override
+ public QualityAuthenticationAssuranceLevel buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new QualityAuthenticationAssuranceLevelImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public QualityAuthenticationAssuranceLevel buildObject() {
+ return buildObject(STORKConstants.STORKP10_NS, QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORKP10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java new file mode 100644 index 000000000..69548c149 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelImpl extends
+ AbstractValidatingXMLObject implements
+ QualityAuthenticationAssuranceLevel {
+
+ private int qaaLevel;
+
+ protected QualityAuthenticationAssuranceLevelImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public int getValue() {
+ return this.qaaLevel;
+ }
+
+ public void setValue(int level) {
+ this.qaaLevel = level;
+
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java new file mode 100644 index 000000000..7f0d28895 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) samlObject;
+ XMLHelper.appendTextContent(domElement, String.valueOf(qaa.getValue()));
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java new file mode 100644 index 000000000..f024261f8 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class QualityAuthenticationAssuranceLevelUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ QualityAuthenticationAssuranceLevel qaa = (QualityAuthenticationAssuranceLevel) xmlObject;
+ qaa.setValue(Integer.parseInt(elementContent));
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java new file mode 100644 index 000000000..d1e80abbb --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +/** + * + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.xml.AbstractXMLObjectBuilder; + +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Builder for {@link org.opensaml.saml2.core.impl.AudienceRestrictionImpl} objects. + */ +public class RequestedAttributesBuilder extends AbstractXMLObjectBuilder<RequestedAttributes> { + + /** Constructor. */ + public RequestedAttributesBuilder() { + + } + + /** {@inheritDoc} */ + public RequestedAttributes buildObject() { + return buildObject(STORKConstants.STORK10_NS, RequestedAttributes.DEFAULT_ELEMENT_LOCAL_NAME, + STORKConstants.STORK10_PREFIX); + } + + /** {@inheritDoc} */ + public RequestedAttributes buildObject(String namespaceURI, String localName, String namespacePrefix) { + return new RequestedAttributesImpl(namespaceURI, localName, namespacePrefix); + } +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java new file mode 100644 index 000000000..cd2b4a490 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java @@ -0,0 +1,88 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +/** + * + */ + +package eu.stork.vidp.messages.stork.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.util.XMLObjectChildrenList; +import org.opensaml.xml.validation.AbstractValidatingXMLObject; + +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Concrete implementation of {@link org.opensaml.saml2.core.AudienceRestriction}. + */ +public class RequestedAttributesImpl extends AbstractValidatingXMLObject implements RequestedAttributes { + + /** List of the audiences. */ + private XMLObjectChildrenList<RequestedAttribute> requestedAttributes; + + /** + * Constructor. + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace + */ + protected RequestedAttributesImpl(String namespaceURI, String elementLocalName, String namespacePrefix) { + super(namespaceURI, elementLocalName, namespacePrefix); + requestedAttributes = new XMLObjectChildrenList<RequestedAttribute>(this); + } + + /** {@inheritDoc} */ + public List<RequestedAttribute> getRequestedAttributes() { + return requestedAttributes; + } + + + /** {@inheritDoc} */ + public List<XMLObject> getOrderedChildren() { + ArrayList<XMLObject> children = new ArrayList<XMLObject>(); + + children.addAll(requestedAttributes); + + return Collections.unmodifiableList(children); + } + + public void setRequestedAttributes( + List<RequestedAttribute> requestedAttributes) { + this.requestedAttributes = (XMLObjectChildrenList<RequestedAttribute>) requestedAttributes; + + } + + + + +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java new file mode 100644 index 000000000..8716c45a5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java @@ -0,0 +1,40 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +/** + * + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.xml.io.BaseXMLObjectMarshaller; + +/** + * A thread safe Marshaller for {@link org.opensaml.saml2.core.AudienceRestriction} objects. + */ +public class RequestedAttributesMarshaller extends BaseXMLObjectMarshaller { + +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java new file mode 100644 index 000000000..94e603bd9 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java @@ -0,0 +1,55 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + + +/** + * + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.BaseXMLObjectUnmarshaller; +import org.opensaml.xml.io.UnmarshallingException; + +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * A thread-safe Unmarshaller for {@link org.opensaml.saml2.core.AudienceRestriction} objects. + */ +public class RequestedAttributesUnmarshaller extends BaseXMLObjectUnmarshaller { + + /** {@inheritDoc} */ + protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { + RequestedAttributes requestedAttributes = (RequestedAttributes) parentObject; + + if (childObject instanceof RequestedAttribute) { + requestedAttributes.getRequestedAttributes().add((RequestedAttribute) childObject); + } else { + super.processChildElement(parentObject, childObject); + } + } +}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java new file mode 100644 index 000000000..1febbf399 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java @@ -0,0 +1,50 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.xml.AbstractXMLObjectBuilder; + +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.SPAuthRequest; + +/** + * Builder of {@link org.opensaml.saml2.common.impl.ExtensionsImpl} objects. + */ +public class SPAuthRequestBuilder extends AbstractXMLObjectBuilder<SPAuthRequest> { + + /** + * {@inheritDoc} + */ + public SPAuthRequest buildObject() { + return buildObject(STORKConstants.STORK10_NS, SPAuthRequest.LOCAL_NAME, STORKConstants.STORK10_PREFIX); + } + + /** + * {@inheritDoc} + */ + public SPAuthRequest buildObject(String namespaceURI, String localName, String namespacePrefix) { + return new SPAuthRequestImpl(namespaceURI, localName, namespacePrefix); + } +} diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java new file mode 100644 index 000000000..9ea20b9cc --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java @@ -0,0 +1,76 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+
+/**
+ *
+ */
+public class SPAuthRequestImpl extends AbstractValidatingXMLObject implements SPAuthRequest {
+
+ /** "any" children */
+ private final IndexedXMLObjectChildrenList<XMLObject> unknownChildren;
+
+ /**
+ * Constructor
+ *
+ * @param namespaceURI
+ * @param elementLocalName
+ * @param namespacePrefix
+ */
+ protected SPAuthRequestImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ unknownChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public List<XMLObject> getUnknownXMLObjects() {
+ return unknownChildren;
+ }
+
+ /** {@inheritDoc} */
+ @SuppressWarnings("unchecked")
+ public List<XMLObject> getUnknownXMLObjects(QName typeOrName) {
+ return (List<XMLObject>) unknownChildren.subList(typeOrName);
+ }
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.unmodifiableList(unknownChildren);
+ }
+}
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java new file mode 100644 index 000000000..feb730935 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.AbstractXMLObjectMarshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Element; + +/** + * A thread-safe Marshaller for {@link org.opensaml.saml2.common.Extensions} objects. + */ +public class SPAuthRequestMarshaller extends AbstractXMLObjectMarshaller { + + /** + * Constructor + */ + public SPAuthRequestMarshaller() { + super(); + } + + /** + * {@inheritDoc} + */ + protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException { + // no attributes + } + + /** + * {@inheritDoc} + */ + protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException { + // no content + } +} diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java new file mode 100644 index 000000000..7d5be220d --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java @@ -0,0 +1,70 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package eu.stork.vidp.messages.stork.impl; + +import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.AbstractXMLObjectUnmarshaller; +import org.opensaml.xml.io.UnmarshallingException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Attr; + +import eu.stork.vidp.messages.stork.SPAuthRequest; + +public class SPAuthRequestUnmarshaller extends AbstractXMLObjectUnmarshaller { + + /** Logger. */ + private final Logger log = LoggerFactory.getLogger(AbstractSAMLObjectUnmarshaller.class); + + /** Constructor. */ + public SPAuthRequestUnmarshaller() { + super(); + } + + /** + * {@inheritDoc} + */ + protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject) + throws UnmarshallingException { + SPAuthRequest spAuthRequest = (SPAuthRequest) parentXMLObject; + + spAuthRequest.getUnknownXMLObjects().add(childXMLObject); + } + + /** + * {@inheritDoc} + */ + protected void processAttribute(XMLObject xmlObject, Attr attribute) throws UnmarshallingException { + log.debug("Ignorning unknown attribute {}", attribute.getLocalName()); + } + + /** + * {@inheritDoc} + */ + protected void processElementContent(XMLObject xmlObject, String elementContent) { + log.debug("Ignoring element content {}", elementContent); + } +} diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java new file mode 100644 index 000000000..eb13ddf73 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+
+public class SPCertEncBuilder extends
+ AbstractXMLObjectBuilder<SPCertEnc> {
+
+ @Override
+ public SPCertEnc buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPCertEncImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPCertEnc buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPCertEnc.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java new file mode 100644 index 000000000..2ee08e1ec --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java @@ -0,0 +1,39 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import eu.stork.vidp.messages.stork.SPCertEnc;
+
+public class SPCertEncImpl extends
+ SPCertTypeImpl implements
+ SPCertEnc {
+
+ protected SPCertEncImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java new file mode 100644 index 000000000..091676959 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java @@ -0,0 +1,34 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertEncMarshaller extends
+ SPCertTypeMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java new file mode 100644 index 000000000..3b6339609 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java @@ -0,0 +1,33 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertEncUnmarshaller extends
+ SPCertTypeUnmarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java new file mode 100644 index 000000000..5e75a0e2c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPCertSig;
+
+public class SPCertSigBuilder extends
+ AbstractXMLObjectBuilder<SPCertSig> {
+
+ @Override
+ public SPCertSig buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPCertSigImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPCertSig buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPCertSig.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java new file mode 100644 index 000000000..f98e3ede3 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java @@ -0,0 +1,39 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import eu.stork.vidp.messages.stork.SPCertSig;
+
+public class SPCertSigImpl extends
+ SPCertTypeImpl implements
+ SPCertSig {
+
+ protected SPCertSigImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java new file mode 100644 index 000000000..e9f3d14da --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java @@ -0,0 +1,34 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertSigMarshaller extends
+ SPCertTypeMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java new file mode 100644 index 000000000..d706223cb --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java @@ -0,0 +1,33 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+
+public class SPCertSigUnmarshaller extends
+ SPCertTypeUnmarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java new file mode 100644 index 000000000..a9a30dada --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java @@ -0,0 +1,72 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPCertType;
+
+public class SPCertTypeImpl extends
+ AbstractValidatingXMLObject implements
+ SPCertType {
+
+ private KeyInfo keyInfo;
+
+ protected SPCertTypeImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public KeyInfo getKeyInfo() {
+ return keyInfo;
+ }
+
+ public void setKeyInfo(KeyInfo keyInfo) {
+ this.keyInfo = keyInfo;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (keyInfo != null) {
+ children.add(keyInfo);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java new file mode 100644 index 000000000..0443a721a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java @@ -0,0 +1,34 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class SPCertTypeMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java new file mode 100644 index 000000000..e23ff6b54 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java @@ -0,0 +1,53 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.KeyInfo;
+
+import eu.stork.vidp.messages.stork.SPCertType;
+
+public class SPCertTypeUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ SPCertType spCertType = (SPCertType) parentXMLObject;
+
+ if (childXMLObject instanceof KeyInfo) {
+ spCertType.setKeyInfo((KeyInfo) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java new file mode 100644 index 000000000..f892c88c3 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDBuilder extends
+ AbstractXMLObjectBuilder<SPID> {
+
+ @Override
+ public SPID buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPIDImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPID buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPID.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java new file mode 100644 index 000000000..34bde4caa --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDImpl extends
+ AbstractValidatingXMLObject implements
+ SPID {
+
+ private String spID;
+
+ protected SPIDImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spID;
+ }
+
+ public void setValue(String spID) {
+ this.spID = spID;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java new file mode 100644 index 000000000..8455d5033 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SPID spID = (SPID) xmlObject;
+ XMLHelper.appendTextContent(domElement, spID.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java new file mode 100644 index 000000000..f2eb1eb00 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class SPIDUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SPID spID = (SPID) xmlObject;
+ spID.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java new file mode 100644 index 000000000..1bc9c6ae8 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationBuilder extends
+ AbstractXMLObjectBuilder<SPInformation> {
+
+ @Override
+ public SPInformation buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SPInformationImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SPInformation buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SPInformation.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java new file mode 100644 index 000000000..e42c1cff5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java @@ -0,0 +1,121 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPID;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationImpl extends
+ AbstractValidatingXMLObject implements
+ SPInformation {
+
+ private SPID spID;
+
+ private SPCertSig spCertSig;
+
+ private SPCertEnc spCertEnc;
+
+ private SPAuthRequest spAuthRequest;
+
+ protected SPInformationImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public SPAuthRequest getSPAuthRequest() {
+ return spAuthRequest;
+ }
+
+ public SPCertEnc getSPCertEnc() {
+ return spCertEnc;
+ }
+
+ public SPCertSig getSPCertSig() {
+ return spCertSig;
+ }
+
+ public SPID getSPID() {
+ return spID;
+ }
+
+ public void setSPAuthRequest(SPAuthRequest spAuthRequest) {
+ this.spAuthRequest = spAuthRequest;
+ }
+
+ public void setSPCertEnc(SPCertEnc spCertEnc) {
+ this.spCertEnc = spCertEnc;
+ }
+
+ public void setSPCertSig(SPCertSig spCertSig) {
+ this.spCertSig = spCertSig;
+ }
+
+ public void setSPID(SPID spID) {
+ this.spID = spID;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (spID != null) {
+ children.add(spID);
+ }
+
+ if (spCertSig != null) {
+ children.add(spCertSig);
+ }
+
+ if (spCertEnc != null) {
+ children.add(spCertEnc);
+ }
+
+ if (spAuthRequest != null) {
+ children.add(spAuthRequest);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java new file mode 100644 index 000000000..aea91af92 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java @@ -0,0 +1,35 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class SPInformationMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java new file mode 100644 index 000000000..e7f9bd98e --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java @@ -0,0 +1,61 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.SPAuthRequest;
+import eu.stork.vidp.messages.stork.SPCertEnc;
+import eu.stork.vidp.messages.stork.SPCertSig;
+import eu.stork.vidp.messages.stork.SPID;
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class SPInformationUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ SPInformation spInformation = (SPInformation) parentXMLObject;
+
+ if (childXMLObject instanceof SPID) {
+ spInformation.setSPID((SPID) childXMLObject);
+ } else if (childXMLObject instanceof SPCertSig) {
+ spInformation.setSPCertSig((SPCertSig) childXMLObject);
+ } if (childXMLObject instanceof SPCertEnc) {
+ spInformation.setSPCertEnc((SPCertEnc) childXMLObject);
+ } if (childXMLObject instanceof SPAuthRequest) {
+ spInformation.setSPAuthRequest((SPAuthRequest) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java new file mode 100644 index 000000000..596d77908 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationBuilder extends
+ AbstractXMLObjectBuilder<SpApplication> {
+
+ @Override
+ public SpApplication buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpApplicationImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpApplication buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpApplication.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java new file mode 100644 index 000000000..d9c3b3ad2 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationImpl extends
+ AbstractValidatingXMLObject implements
+ SpApplication {
+
+ private String spApplication;
+
+ protected SpApplicationImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spApplication;
+ }
+
+ public void setValue(String spApplication) {
+ this.spApplication = spApplication;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java new file mode 100644 index 000000000..1b484e338 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpApplication spApplication = (SpApplication) xmlObject;
+ XMLHelper.appendTextContent(domElement, spApplication.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java new file mode 100644 index 000000000..70aef824a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class SpApplicationUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpApplication spSector = (SpApplication) xmlObject;
+ spSector.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java new file mode 100644 index 000000000..29c765128 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryBuilder extends
+ AbstractXMLObjectBuilder<SpCountry> {
+
+ @Override
+ public SpCountry buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpCountryImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpCountry buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpCountry.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java new file mode 100644 index 000000000..66e2e81a6 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryImpl extends
+ AbstractValidatingXMLObject implements
+ SpCountry {
+
+ private String spCountry;
+
+ protected SpCountryImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spCountry;
+ }
+
+ public void setValue(String spCountry) {
+ this.spCountry = spCountry;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java new file mode 100644 index 000000000..60a1f7838 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpCountry spCountry = (SpCountry) xmlObject;
+ XMLHelper.appendTextContent(domElement, spCountry.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java new file mode 100644 index 000000000..66558248b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class SpCountryUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpCountry spCountry = (SpCountry) xmlObject;
+ spCountry.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java new file mode 100644 index 000000000..4ddc48d53 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionBuilder extends
+ AbstractXMLObjectBuilder<SpInstitution> {
+
+ @Override
+ public SpInstitution buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpInstitutionImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpInstitution buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpInstitution.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java new file mode 100644 index 000000000..8d9753328 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionImpl extends
+ AbstractValidatingXMLObject implements
+ SpInstitution {
+
+ private String spInstitution;
+
+ protected SpInstitutionImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spInstitution;
+ }
+
+ public void setValue(String spInstitution) {
+ this.spInstitution = spInstitution;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java new file mode 100644 index 000000000..ec150523d --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpInstitution spInstitution = (SpInstitution) xmlObject;
+ XMLHelper.appendTextContent(domElement, spInstitution.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java new file mode 100644 index 000000000..34fa89281 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class SpInstitutionUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpInstitution spInstitution = (SpInstitution) xmlObject;
+ spInstitution.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java new file mode 100644 index 000000000..08daa3c7b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java @@ -0,0 +1,47 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorBuilder extends
+ AbstractXMLObjectBuilder<SpSector> {
+
+ @Override
+ public SpSector buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new SpSectorImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public SpSector buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, SpSector.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java new file mode 100644 index 000000000..f52d2c83d --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorImpl extends
+ AbstractValidatingXMLObject implements
+ SpSector {
+
+ private String spSector;
+
+ protected SpSectorImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public String getValue() {
+ return spSector;
+ }
+
+ public void setValue(String spSector) {
+ this.spSector = spSector;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ return Collections.emptyList();
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java new file mode 100644 index 000000000..78772c956 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorMarshaller extends
+ BaseXMLObjectMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallElementContent(XMLObject xmlObject, Element domElement) throws MarshallingException {
+ SpSector spSector = (SpSector) xmlObject;
+ XMLHelper.appendTextContent(domElement, spSector.getValue());
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java new file mode 100644 index 000000000..ea65413a2 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class SpSectorUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processElementContent(XMLObject xmlObject,
+ String elementContent) {
+ SpSector spSector = (SpSector) xmlObject;
+ spSector.setValue(elementContent);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java new file mode 100644 index 000000000..a7827f652 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.AbstractXMLObjectBuilder;
+
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesBuilder extends
+ AbstractXMLObjectBuilder<VIDPAuthenticationAttributes> {
+
+ @Override
+ public VIDPAuthenticationAttributes buildObject(String namespaceURI, String localName,
+ String namespacePrefix) {
+ return new VIDPAuthenticationAttributesImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+ public VIDPAuthenticationAttributes buildObject() {
+ return buildObject(STORKConstants.STORK10_NS, VIDPAuthenticationAttributes.DEFAULT_ELEMENT_LOCAL_NAME, STORKConstants.STORK10_PREFIX);
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java new file mode 100644 index 000000000..3c8d960db --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java @@ -0,0 +1,91 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.AbstractValidatingXMLObject;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesImpl extends
+ AbstractValidatingXMLObject implements
+ VIDPAuthenticationAttributes {
+
+ private CitizenCountryCode citizenCountryCode;
+
+ private SPInformation spInformation;
+
+ protected VIDPAuthenticationAttributesImpl(String namespaceURI,
+ String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ public CitizenCountryCode getCitizenCountryCode() {
+ return citizenCountryCode;
+ }
+
+
+ public SPInformation getSPInformation() {
+ return spInformation;
+ }
+
+ public void setCitizenCountryCode(CitizenCountryCode citizenCountryCode) {
+ this.citizenCountryCode = citizenCountryCode;
+ }
+
+
+ public void setSPInformation(SPInformation spInformation) {
+ this.spInformation = spInformation;
+ }
+
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (citizenCountryCode != null) {
+ children.add(citizenCountryCode);
+ }
+
+
+ if (spInformation != null) {
+ children.add(spInformation);
+ }
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java new file mode 100644 index 000000000..f21b492a9 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java @@ -0,0 +1,35 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.io.BaseXMLObjectMarshaller;
+
+public class VIDPAuthenticationAttributesMarshaller extends
+ BaseXMLObjectMarshaller {
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java new file mode 100644 index 000000000..3b7a1b20e --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java @@ -0,0 +1,55 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.stork.impl;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.BaseXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+import eu.stork.vidp.messages.stork.SPInformation;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class VIDPAuthenticationAttributesUnmarshaller extends
+ BaseXMLObjectUnmarshaller {
+
+ @Override
+ protected void processChildElement(XMLObject parentXMLObject,
+ XMLObject childXMLObject) throws UnmarshallingException {
+ VIDPAuthenticationAttributes attributes = (VIDPAuthenticationAttributes) parentXMLObject;
+
+ if (childXMLObject instanceof CitizenCountryCode) {
+ attributes.setCitizenCountryCode((CitizenCountryCode) childXMLObject);
+ } else if (childXMLObject instanceof SPInformation) {
+ attributes.setSPInformation((SPInformation) childXMLObject);
+ } else {
+ super.processChildElement(parentXMLObject, childXMLObject);
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java new file mode 100644 index 000000000..6a4ba1648 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java @@ -0,0 +1,405 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.util;
+
+import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.Configuration; +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.schema.XSAny; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.opensaml.xml.validation.ValidationException; +import org.opensaml.xml.validation.ValidatorSuite; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Element; + +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.saml.STORKAttribute; +
+/**
+ * + * Helper class for SAML message processing + * @author bzwattendorfer
+ *
+ */
+public class SAMLUtil {
+
+ private final static Logger log = LoggerFactory.getLogger(SAMLUtil.class);
+ + /** + * Signs a SAML object + * @param samlObject SAML object to sign + * @param signingCredential Credentials to be used for signing + * @throws SAMLException + */
+ public static void signSAMLObject(SignableSAMLObject samlObject, Credential signingCredential) throws SAMLException {
+
+ log.trace("Signing " + samlObject.getElementQName());
+
+ Signature signature = STORKMessagesBuilder.buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+
+ signature.setSigningCredential(signingCredential);
+
+ //TODO: Make signing algorithm configurable
+ signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ try {
+ //TODO SecurityConfiguration, default signature credentials
+ SecurityHelper.prepareSignatureParams(signature, signingCredential, null, null);
+ } catch (SecurityException e) {
+ throw new SAMLException("Error preparing signature for signing", e);
+ }
+
+ samlObject.setSignature(signature);
+
+ Marshaller assertionMarshaller = Configuration.getMarshallerFactory().getMarshaller(samlObject);
+ try {
+ assertionMarshaller.marshall(samlObject);
+ Signer.signObject(signature);
+ } catch (MarshallingException e) {
+ throw new SAMLException("Unable to marshall " + samlObject.getElementQName() + " for signing", e);
+ } catch (SignatureException e) {
+ throw new SAMLException("Unable to sign " + samlObject.getElementQName(), e);
+ }
+
+ }
+ + /** + * Validated SAML object according the given validation config + * @param samlObject SAML object to validaate + * @param validatorSuiteConfig Validation config + * @throws SAMLValidationException + */
+ public static void verifySAMLObjectStandardValidation(SignableSAMLObject samlObject, String validatorSuiteConfig) throws SAMLValidationException {
+
+ ValidatorSuite validatorSuite = Configuration.getValidatorSuite(validatorSuiteConfig);
+ try {
+ validatorSuite.validate(samlObject);
+ } catch (ValidationException e) {
+ log.error(e.getMessage(), e);
+ throw new SAMLValidationException("Could not validate " + samlObject.getElementQName(), e);
+ }
+
+ }
+ + /** + * Gets the STORK attribute status from a SAML attribute + * @param attribute SAML attribute + * @return STORK attribute status + */
+ public static String getStatusFromAttribute(Attribute attribute) {
+ return attribute.getUnknownAttributes().get(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME);
+ }
+ + /** + * Gets the XML value of an XML object as String + * @param xmlObj XML object + * @return XML value as String + */
+ public static String getStringValueFromXMLObject(XMLObject xmlObj) {
+ if (xmlObj instanceof XSString) {
+ return ((XSString) xmlObj).getValue();
+ } else if (xmlObj instanceof XSAny) { + return ((XSAny) xmlObj).getTextContent(); + }
+ return null;
+ }
+
+ /** + * Gets the attribute value as String of an attribute whereas the attribute is in a given list + * @param attrList List of attributes + * @param name Name of the attribute where the value should be extracted + * @return attribute value as String + */
+ public static String getAttributeStringValue(List<? extends Attribute> attrList, String name) {
+ XMLObject xmlObj = getAttributeValue(attrList, name);
+ return getStringValueFromXMLObject(xmlObj);
+ }
+ + /** + * Gets the attribute value as String of an attribute + * @param attribute Attribute + * @return attribute value as String + */
+ public static String getAttributeStringValue(Attribute attribute) {
+ return ((XSString) attribute.getAttributeValues().get(0)).getValue();
+ }
+ + /** + * Gets the attribute value as anyType of an attribute + * @param attribute Attribute + * @return value as anyType + */
+ public static XSAny getAttributeXSAnyValue(Attribute attribute) {
+ return (XSAny) attribute.getAttributeValues().get(0);
+ }
+ + /** + * Gets the attribute value as anyType of an attribute whereas the attribute is in a given list + * @param attrList List of attributes + * @param name Name of the attribute where the value should be extracted + * @return attribute value as anyType + */
+ public static XSAny getXSAnyAttributeValue(List<Attribute> attrList, String name) {
+ //XMLObject xmlObj = getAttributeValue(attrList, name);
+ return (XSAny) getAttributeValue(attrList, name);
+ }
+ + /** + * Gets the attribute value as XMLObject of an attribute whereas the attribute is in a given list + * @param attrList List of attributes + * @param name Name of the attribute where the value should be extracted + * @return attribute value as XMLObject + */
+ public static XMLObject getAttributeValue(List<? extends Attribute> attrList, String name) { + Attribute attribute = getAttribute(attrList, name); + return (attribute != null && !attribute.getAttributeValues().isEmpty()) ? attribute.getAttributeValues().get(0) : null; + }
+ + /** + * Gets the attribute specified by name out of a list + * @param attrList List of attributes + * @param name attribute name of the attribute to extract + * @return attribute + */
+ public static Attribute getAttribute(List<? extends Attribute> attrList, String name) {
+ for (Attribute attribute : attrList) {
+ if (attribute.getName().equals(name)) {
+ return attribute;
+ }
+ }
+
+ return null;
+ }
+ + /** + * Gets the attribute specified by name out of a list and immediately removes it from the list + * @param attrList List of attributes + * @param name attribute name of the attribute to extract and remove + * @return attribute + */
+ public static String getAttributeStringValueAndRemove(List<? extends Attribute> attrList, String name) { + + Attribute attribute = getAttribute(attrList, name); + String value = getAttributeStringValue(attrList, name); + attrList.remove(attribute); + + return value; + }
+ + /** + * Checks if an attribute with a given name is present in a SAML assertion + * @param storkAssertion STORK SAML assertion + * @param attributeName attribute name + * @return true if attribute is present + */
+ public static boolean containsAttribute(Assertion storkAssertion, String attributeName) {
+ AttributeStatement attrStatement = storkAssertion.getAttributeStatements().get(0);
+
+ for (Attribute attribute : attrStatement.getAttributes()) {
+ if (attribute.getName().equals(attributeName) && (SAMLUtil.getStatusFromAttribute(attribute) == null || SAMLUtil.getStatusFromAttribute(attribute).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL))) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+ + /** + * Checks if an attribute with a given name is present in a List of attributes + * @param attributeList List of attributes + * @param attributeName attribute name + * @return true if attribute is present + */
+ public static boolean containsAttribute(List<? extends Attribute> attributeList, String attributeName) {
+ for (Attribute attr : attributeList) {
+ if (attr.getName().equals(attributeName))
+ return true;
+ }
+ return false;
+ }
+ + /** + * Remeoves attribute with a given name from an attribute list + * @param attributeList List of attributes + * @param attributeName name of the attribute to be removed from list + */
+ public static void removeAttribute(List<? extends Attribute> attributeList, String attributeName) {
+ if (containsAttribute(attributeList, attributeName)) {
+ attributeList.remove(getAttribute(attributeList, attributeName));
+ }
+ } + + /** + * Gets the String value of an XML object (Only if XMLObject contains String) + * @param xmlObj XMLObject + * @return String value of XMLObject + */ + public static String getXSStringValueFromXMLObject(XMLObject xmlObj) { + if (xmlObj instanceof XSString) + return ((XSString) xmlObj).getValue(); + + return null; + } + + + /** + * Marshalls an XMLObject to an XML element (DOM) + * @param message XMLObject + * @return DOM representation of XMLObject + */ + public static Element marshallMessage(XMLObject message) { + + try { + Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(message); + if (marshaller == null) { + log.error("Unable to marshall message, no marshaller registered for message object: " + + message.getElementQName()); + } + Element messageElem = marshaller.marshall(message); + return messageElem; + } catch (MarshallingException e) { + log.error("Encountered error marshalling message to its DOM representation", e); + throw new RuntimeException("Encountered error marshalling message into its DOM representation", e); + } + } + + /** + * Unmarshalls a DOM XML element into an OpenSAML XMLObject + * @param element DOM element + * @return OpenSAML XMLObject + * @throws MessageEncodingException + */ + public static XMLObject unmarshallMessage(Element element) throws MessageEncodingException { + + try { + Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(element); + if (unmarshaller == null) { + log.error("Unable to unmarshall element, no unmarshaller registered for message element: " + + element.getNodeName()); + } + + return unmarshaller.unmarshall(element); + } catch (UnmarshallingException e) { + log.error("Encountered error unmarshalling element to its XMLObject representation", e); + throw new MessageEncodingException("Encountered error unmarshalling element to its XMLObject representation", e); + } + } + + /** + * Releases the DOM element from an XML document + * @param xmlObjList List of XMLObjects to release + * @return List of released XMLObjects + */ + public static List<? extends XMLObject> releaseDOM(List<? extends XMLObject> xmlObjList) { + + List<XMLObject> newXMLObjList = new ArrayList<XMLObject>(); + Iterator<? extends XMLObject> it = xmlObjList.iterator(); + + while (it.hasNext()) { + XMLObject xmlObj = it.next(); + xmlObj.detach(); + newXMLObjList.add(xmlObj); + } + + return newXMLObjList; + + } + + /** + * Makes a union of two RequestedAttribute lists (first list has priority and overrides attributes in the second list if equal) + * @param priorityList Priority list if attributes might be equal + * @param list low priority list + * @return Union of both lists + */ + public static List<RequestedAttribute> buildRequestedAttributesUnion(List<RequestedAttribute> priorityList, List<RequestedAttribute> list) { + List<RequestedAttribute> reqAttrList = new ArrayList<RequestedAttribute>(); + + if (priorityList == null || list == null) + return reqAttrList; + + if (priorityList == null || priorityList.isEmpty()) { + if (list == null || list.isEmpty()) { + return reqAttrList; + } else { + reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(list)); + return reqAttrList; + } + } else { + if (list == null || list.isEmpty()) { + reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(priorityList)); + return reqAttrList; + } else { + reqAttrList.addAll((List<RequestedAttribute>) releaseDOM(priorityList)); + for (RequestedAttribute reqAttr : list) { + boolean found = false; + for (RequestedAttribute prioReqAttr : priorityList) { + if (!prioReqAttr.getName().equals(reqAttr.getName())) { + found = true; + } + } + if (!found) { + reqAttr.detach(); + reqAttrList.add(reqAttr); + log.debug("Adding additional requested attribute: {} , isRequired: {}", reqAttr.getName(), reqAttr.isRequired()); + } + } + } + } + + + + return reqAttrList; + } + +
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java new file mode 100644 index 000000000..3ca38ec03 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java @@ -0,0 +1,143 @@ +/**
+ *
+ */
+package eu.stork.vidp.messages.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Helper class for XML processing
+ * @author bzwattendorfer
+ *
+ */
+public class XMLUtil {
+
+ /**
+ * Transforms a string representation to a DOM representation
+ * @param xmlString XML as string
+ * @return DOM representation of String
+ * @throws ParserConfigurationException
+ * @throws SAXException
+ * @throws IOException
+ */
+ public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+
+ Reader reader = new StringReader(xmlString);
+ InputSource src = new InputSource(reader);
+ Document domDoc = builder.parse(src);
+ return domDoc.getDocumentElement();
+ }
+
+ /**
+ * Creates a new and empty XML document
+ * @return New XML document
+ * @throws ParserConfigurationException
+ */
+ public static Document createNewDocument() throws ParserConfigurationException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Transforms an XML to a String
+ * @param node XML node
+ * @return String represenation of XML
+ */
+ public static String printXML(Node node) {
+ TransformerFactory tfactory = TransformerFactory.newInstance();
+ Transformer serializer;
+ try {
+ serializer = tfactory.newTransformer();
+
+ serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
+
+ StringWriter output = new StringWriter();
+ serializer.transform(new DOMSource(node), new StreamResult(output));
+ return output.toString();
+ } catch (TransformerException e) {
+
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Writes an XML element to a given file
+ * @param doc XML element
+ * @param filename Filename of the file where to write XML
+ */
+ public static void writeXmlFile(Element doc, String filename) {
+ try {
+
+ Source source = new DOMSource(doc);
+ File file = new File(filename);
+ Result result = new StreamResult(file);
+
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, result);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Gets the first text value of a NodeList
+ * @param nList NodeList
+ * @return first text value of a NodeList
+ */
+ public static String getFirstTextValueFromNodeList(NodeList nList) {
+ if (nList != null && nList.getLength() != 0) {
+ return nList.item(0).getTextContent();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the first element of a Node
+ * @param parent Node
+ * @return first element of a Node
+ */
+ public static Element getFirstElement(Node parent) {
+ Node n = parent.getFirstChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getNextSibling();
+ }
+ if (n == null) {
+ return null;
+ }
+ return (Element)n;
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java new file mode 100644 index 000000000..c412ba6a0 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java @@ -0,0 +1,91 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.validator.AssertionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAssertionValidator extends AssertionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAssertionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Assertion assertion) throws ValidationException {
+
+ super.validate(assertion);
+
+ if(assertion.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if(assertion.getVersion() == null || !assertion.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version of assertion not present or invalid.");
+ }
+
+ if(assertion.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if(assertion.getSubject() == null) {
+
+ throw new ValidationException("Subject is required.");
+ }
+
+ if(assertion.getConditions() == null) {
+
+ throw new ValidationException("Conditions is required.");
+ }
+
+ if(assertion.getAuthnStatements() == null ||
+ assertion.getAuthnStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AuthnStatements.");
+ }
+
+ if(assertion.getAttributeStatements() != null) {
+
+ if(assertion.getAttributeStatements().size() != 0 &&
+ assertion.getAttributeStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AttributeStatements.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java new file mode 100644 index 000000000..6e37725d1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java @@ -0,0 +1,204 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern; + +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.validator.AttributeSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.util.AttributeMap; +import org.opensaml.xml.validation.ValidationException; + +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.saml.STORKAttribute; +
+public class StorkAttributeValidator extends AttributeSchemaValidator {
+
+ private static final String PATTERN_EIDENTIFIER = "^[A-Z]{2}/[A-Z]{2}/[A-Za-z0-9+/=\r\n]+$";
+ private static final String PATTERN_GENDER = "^[MF]{1}$";
+ private static final String PATTERN_COUNTRYCODEOFBIRTH = "^[A-Z]{2}|[A-Z]{4}$";
+ private static final String PATTERN_COUNTRYCODE = "^[A-Z]{2}$";
+ private static final String PATTERN_MARTIALSTATUS = "^[SMPDW]{1}$";
+ private static final String PATTERN_EMAIL = "^[-+.\\w]{1,64}@[-.\\w]{1,64}\\.[-.\\w]{2,6}$";
+ private static final String PATTERN_AGE = "^[0-9]{1,3}$";
+ private static final int MAX_AGE = 120;
+ private static final String PATTERN_ISAGEOVER = PATTERN_AGE;
+ private static final String PATTERN_CITIZENQAALEVEL = "^[1-4]{1}$";
+
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Attribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if(attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if(attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+
+ if(attr.getUnknownAttributes() != null) {
+
+ AttributeMap map = attr.getUnknownAttributes();
+
+ String value = map.get(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME);
+
+ if (value == null || value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
+ //if AttributeStatus not present, default is "Available" thus AttributeValue must be present
+ if (attr.getAttributeValues().isEmpty()) {
+ //isAgeOver can have no value
+ if (!attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ throw new ValidationException("AttributeStatus indicates that attribute is available but no AttributeValue is present.");
+ }
+ }
+
+ //throw new ValidationException("AttributeStatus not present.");
+
+ } else if(!value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_NOT_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_WITHHELD)) {
+
+ throw new ValidationException("AttributeStatus is invalid.");
+ }
+
+ }
+
+ if (!attr.getAttributeValues().isEmpty()) {
+ //validate individual attributes if present
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (!(attrValueObject instanceof XSString)) {
+ //Only validate String attributes
+ return;
+ }
+
+ String value = ((XSString) attr.getAttributeValues().get(0)).getValue();
+ String attrName = attr.getName();
+
+ //only isAgeOver can be empty if provided
+ if (value == null) {
+ //only isAgeOver can be empty if provided
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ return;
+ } else {
+ throw new ValidationException("Provided AttributeValue is empty");
+ }
+ }
+
+ //validate eIdentifier
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, PATTERN_EIDENTIFIER);
+
+ //validate gender
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_GENDER, PATTERN_GENDER);
+
+ //validate dateOfBirth
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH)) {
+ verifyDate(value);
+ }
+
+ //validate countryCode of birth
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH, PATTERN_COUNTRYCODEOFBIRTH);
+
+ //validate countryCode
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_NATIONALITYCODE, PATTERN_COUNTRYCODE);
+
+ //validate martialStatus
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_MARTIALSTATUS, PATTERN_MARTIALSTATUS);
+
+ //validate email
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EMAIL, PATTERN_EMAIL);
+
+ //validate age and isAgeOver
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_AGE, PATTERN_AGE);
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_ISAGEOVER, PATTERN_ISAGEOVER);
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_AGE) || attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (Integer.valueOf(((XSString) attr.getAttributeValues().get(0)).getValue()) > MAX_AGE) {
+ throw new ValidationException("Maximum age reached");
+ }
+ }
+
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_CITIZENQAALEVEL, PATTERN_CITIZENQAALEVEL);
+ }
+
+ }
+
+ private void validateAttributeValueFormat(String value, String currentAttrName, String attrNameToTest, String pattern) throws ValidationException {
+ if (currentAttrName.equals(attrNameToTest)) {
+ if (!Pattern.matches(pattern, value)) {
+ throw new ValidationException(attrNameToTest + " has incorrect format.");
+ }
+ }
+
+ }
+
+ private static void verifyDate(String pepsDate) throws ValidationException {
+ DateTimeFormatter fmt = null;
+
+ switch (pepsDate.length()) {
+ case 4:
+ fmt = DateTimeFormat.forPattern("yyyy");
+ break;
+ case 6:
+ fmt = DateTimeFormat.forPattern("yyyyMM");
+ break;
+ case 8:
+ fmt = DateTimeFormat.forPattern("yyyyMMdd");
+ break;
+ default:
+ throw new ValidationException("Date has wrong format");
+ }
+
+ try {
+ fmt.parseDateTime(pepsDate);
+ } catch (IllegalArgumentException e) {
+ throw new ValidationException("Date has wrong format");
+ }
+
+
+ }
+
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java new file mode 100644 index 000000000..a561d4c33 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java @@ -0,0 +1,56 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAudienceRestrictionValidator extends
+ AudienceRestrictionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAudienceRestrictionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AudienceRestriction res) throws ValidationException {
+
+ super.validate(res);
+
+ if(res.getAudiences() == null || res.getAudiences().size() < 1) {
+
+ throw new ValidationException("Audience is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java new file mode 100644 index 000000000..1997da7b6 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkAuthenticationAttributesValidator implements Validator<AuthenticationAttributes> {
+
+
+ public StorkAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(AuthenticationAttributes authenticationAttributes) throws ValidationException {
+
+ //check AuthenticationAttributes for VIDPs
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = authenticationAttributes.getVIDPAuthenticationAttributes();
+
+ if(vidpAuthenticationAttributes == null) {
+
+ throw new ValidationException("VIDPAuthenticationAttributes is required for sending requests to VIDPs.");
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java new file mode 100644 index 000000000..0e8722d55 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class StorkAuthnRequestValidator extends AuthnRequestSchemaValidator {
+
+ private static final String ALLOWED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+ private static final String ALLOWED_PROTOCOL_BINDING_1 = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+ private static final String ALLOWED_PROTOCOL_BINDING_2 = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnRequestValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnRequest req) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(req.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML AuthnRequest exceeds max size.");
+ }
+
+ super.validate(req);
+
+ STORKAuthnRequest request = (STORKAuthnRequest) req;
+
+ if (request.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if (request.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else {
+
+ if (!request.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+ }
+
+ if (request.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if (request.getConsent() != null) {
+
+ if (!request.getConsent().equals(ALLOWED_CONSENT)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+ if (request.isForceAuthn() == null) {
+
+ throw new ValidationException("ForceAuthn is required.");
+ } else if (!request.isForceAuthn()) {
+
+ throw new ValidationException("ForceAuthn is invalid.");
+ }
+
+ if (request.isPassive() == null) {
+
+ throw new ValidationException("IsPassive is required.");
+ } else if (request.isPassive()) {
+
+ throw new ValidationException("IsPassive is invalid.");
+ }
+
+ if (request.getProtocolBinding() == null) {
+
+ throw new ValidationException("ProtocolBinding is required.");
+ } else {
+ if (!request.getProtocolBinding()
+ .equals(ALLOWED_PROTOCOL_BINDING_1)
+ && !request.getProtocolBinding().equals(
+ ALLOWED_PROTOCOL_BINDING_2)) {
+
+ throw new ValidationException("ProtocolBinding is invalid.");
+ }
+
+ }
+
+ if(request.getAssertionConsumerServiceURL() == null) {
+
+ throw new ValidationException("AssertionConsumerServiceURL is required.");
+ }
+
+ if(request.getProviderName() == null) {
+
+ throw new ValidationException("ProviderName is required.");
+ }
+
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java new file mode 100644 index 000000000..b25b5621f --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java @@ -0,0 +1,62 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAuthnStatementValidator extends
+ AuthnStatementSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnStatementValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnStatement stmnt) throws ValidationException {
+
+ super.validate(stmnt);
+
+ if(stmnt.getAuthnInstant() == null) {
+
+ throw new ValidationException("AuthnInstant is required.");
+ }
+
+ if(stmnt.getSubjectLocality() == null) {
+
+ throw new ValidationException("SubjectLocality is required.");
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java new file mode 100644 index 000000000..15f8e2dd1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java @@ -0,0 +1,63 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class StorkCitizenCountryCodeValidator implements
+ Validator<CitizenCountryCode> {
+
+ public static final String REGEX_PATTERN = "^[A-Za-z]{2}$";
+
+ public StorkCitizenCountryCodeValidator() {
+
+ }
+
+ public void validate(CitizenCountryCode ccc) throws ValidationException {
+
+ if(ccc == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+ if (ccc.getValue() == null) {
+ throw new ValidationException("CitizenCountryCode has no value");
+ }
+
+
+ if (!Pattern.matches(REGEX_PATTERN, ccc.getValue())) {
+ throw new ValidationException("CitizenCountryCode not valid: " + ccc.getValue());
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java new file mode 100644 index 000000000..81b7957fd --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java @@ -0,0 +1,70 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.validator.ConditionsSpecValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkConditionsValidator extends ConditionsSpecValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkConditionsValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Conditions conditions) throws ValidationException {
+
+ super.validate(conditions);
+
+ if(conditions.getNotBefore() == null) {
+
+ throw new ValidationException("NotBefore is required.");
+ }
+
+ if(conditions.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if(conditions.getAudienceRestrictions() == null || conditions.getAudienceRestrictions().size() < 1) {
+
+ throw new ValidationException("AudienceRestriction is required.");
+ }
+
+ if(conditions.getOneTimeUse() == null) {
+
+ throw new ValidationException("OneTimeUse is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java new file mode 100644 index 000000000..96555e660 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class StorkEIDSectorShareValidator implements Validator<EIDSectorShare> {
+
+ public StorkEIDSectorShareValidator() {
+
+ }
+
+ public void validate(EIDSectorShare eidSectorShare) throws ValidationException {
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java new file mode 100644 index 000000000..48464b6ec --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java @@ -0,0 +1,50 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedAttribute;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedAttributeValidator implements
+ Validator<EncryptedAttribute> {
+
+ public StorkEncryptedAttributeValidator() {
+
+ }
+
+ public void validate(EncryptedAttribute encAttr) throws ValidationException {
+
+ if(encAttr.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java new file mode 100644 index 000000000..79450b1dc --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedID;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedIdValidator implements Validator<EncryptedID> {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkEncryptedIdValidator() {
+
+ }
+
+ public void validate(EncryptedID encId) throws ValidationException {
+
+ if(encId.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java new file mode 100644 index 000000000..21b247071 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java @@ -0,0 +1,66 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkExtensionsValidator implements Validator<STORKExtensions> {
+
+
+ public StorkExtensionsValidator() {
+
+ }
+
+ public void validate(STORKExtensions ext) throws ValidationException {
+
+ // check QAALevel
+ List<XMLObject> qaaList = ext.getUnknownXMLObjects(QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_NAME);
+
+ if(qaaList == null || qaaList.size() != 1) {
+
+ throw new ValidationException("QAALevel is required.");
+ }
+
+ //check AuthenticationAttributes for VIDPs
+// AuthenticationAttributes authenticationAttributes = ext.getAuthenticationAttributes();
+//
+// if(authenticationAttributes == null) {
+//
+// throw new ValidationException("AuthenticationAttributes is required for sending requests to VIDPs.");
+// }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java new file mode 100644 index 000000000..df32ee6ad --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java @@ -0,0 +1,61 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.validator.IssuerSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkIssuerValidator extends IssuerSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkIssuerValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Issuer issuer) throws ValidationException {
+
+ super.validate(issuer);
+
+ // format is optional
+ if(issuer.getFormat() != null) {
+
+ if(!issuer.getFormat().equals(FORMAT_ALLOWED_VALUE)) {
+
+ throw new ValidationException("Format has an invalid value.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java new file mode 100644 index 000000000..85fbeff17 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java @@ -0,0 +1,67 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.validator.NameIDSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkNameIDValidator extends NameIDSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+ private static final String FORMAT_ALLOWED_VALUE_OLD = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkNameIDValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(NameID nameID) throws ValidationException {
+
+ super.validate(nameID);
+
+ if (nameID.getNameQualifier() == null) {
+
+ throw new ValidationException("NameQualifier is required.");
+ }
+
+ if (nameID.getFormat() == null) {
+
+ throw new ValidationException("Format is required.");
+
+ } else if(!(nameID.getFormat().equals(FORMAT_ALLOWED_VALUE) || nameID.getFormat().equals(FORMAT_ALLOWED_VALUE_OLD))) {
+
+ throw new ValidationException("Format is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java new file mode 100644 index 000000000..7d98b5e60 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java @@ -0,0 +1,52 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkNameIdPolicyValidator implements Validator<NameIDPolicy> {
+
+ public StorkNameIdPolicyValidator() {
+
+ }
+
+ public void validate(NameIDPolicy nameIDPolicy) throws ValidationException {
+
+
+ if(nameIDPolicy.getAllowCreate() != null) {
+
+ if(!nameIDPolicy.getAllowCreate()) {
+
+ throw new ValidationException("AllowCreate is invalid.");
+ }
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java new file mode 100644 index 000000000..5c23fe04b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java @@ -0,0 +1,54 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkQualityAuthenticationAssuranceLevelValidator implements
+ Validator<QualityAuthenticationAssuranceLevel> {
+
+
+ private static final int MIN_VAL = 1;
+ private static final int MAX_VAL = 4;
+
+ public StorkQualityAuthenticationAssuranceLevelValidator() {
+
+ }
+
+ public void validate(QualityAuthenticationAssuranceLevel qaaLevel)
+ throws ValidationException {
+
+ if(qaaLevel.getValue() < MIN_VAL || qaaLevel.getValue() > MAX_VAL) {
+
+ throw new ValidationException("QAALevel is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java new file mode 100644 index 000000000..b9b26a38a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java @@ -0,0 +1,92 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.validator.RequestedAttributeSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSAny; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.validation.ValidationException; + +import eu.stork.vidp.messages.common.STORKConstants; +
+public class StorkRequestedAttributeValidator extends
+ RequestedAttributeSchemaValidator {
+
+ private static final String PATTERN_ISAGEOVER = "^[0-9]{1,3}$";
+
+ public StorkRequestedAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(RequestedAttribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if (attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if (attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+ if (!STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(attr.getName()) && attr.isRequired()) {
+ throw new ValidationException("Unknown attribute " + attr.getName() + " requested mandatory.");
+ }
+
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (attr.getAttributeValues().isEmpty()) {
+ throw new ValidationException("isAgeOver requires attribute value");
+ }
+
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (attrValueObject instanceof XSString) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSString) attr.getAttributeValues().get(0)).getValue())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+ } else if (attrValueObject instanceof XSAny) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSAny) attrValueObject).getTextContent())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ } else {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java new file mode 100644 index 000000000..0324079f3 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class StorkRequestedAttributesValidator implements
+ Validator<RequestedAttributes> {
+
+ public StorkRequestedAttributesValidator() {
+
+ }
+
+ public void validate(RequestedAttributes attrs) throws ValidationException {
+
+ // empty so far
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java new file mode 100644 index 000000000..8028173fa --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.StatusCode;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.validator.ResponseSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class StorkResponseValidator extends ResponseSchemaValidator {
+
+ private static final String CONSENT_ALLOWED_VALUE_1 = "urn:oasis:names:tc:SAML:2.0:consent:obtained";
+ private static final String CONSENT_ALLOWED_VALUE_2 = "urn:oasis:names:tc:SAML:2.0:consent:prior";
+ private static final String CONSENT_ALLOWED_VALUE_3 = "urn:oasis:names:tc:SAML:2.0:consent:curent-implicit";
+ private static final String CONSENT_ALLOWED_VALUE_4 = "urn:oasis:names:tc:SAML:2.0:consent:curent-explicit";
+ private static final String CONSENT_ALLOWED_VALUE_5 = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkResponseValidator() {
+
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public void validate(Response response) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(response.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML Response exceeds max size.");
+ }
+
+ super.validate(response);
+
+ STORKResponse resp = (STORKResponse) response;
+
+ if (resp.getID() == null) {
+
+ throw new ValidationException("ID is required");
+ }
+
+ if (resp.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required");
+ }
+
+ if (resp.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else if(!resp.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+
+ if (resp.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required");
+ }
+
+ if (resp.getDestination() == null) {
+
+ throw new ValidationException("Destination is required");
+ }
+
+ // Consent is optional
+ if (resp.getConsent() != null) {
+
+ String consent = resp.getConsent();
+
+ if (!consent.equals(CONSENT_ALLOWED_VALUE_1)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_2)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_3)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_4)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_5)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+
+ if (resp.getIssuer() == null) {
+
+ throw new ValidationException("Issuer is required.");
+ }
+
+ if (resp.getStatus() == null) {
+
+ throw new ValidationException("Status is required.");
+ }
+
+
+ if(resp.getSignature() == null) {
+
+ throw new ValidationException("Signature is required.");
+ }
+
+
+ if (resp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
+ if (resp.getAssertions() == null || resp.getAssertions().size() == 0) {
+
+ throw new ValidationException("Assertion is required");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java new file mode 100644 index 000000000..a42d7a453 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java @@ -0,0 +1,64 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class StorkSPIDValidator implements Validator<SPID> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 40;
+
+ public StorkSPIDValidator() {
+
+ }
+
+ public void validate(SPID spid) throws ValidationException {
+
+
+ if(spid == null) {
+
+ throw new ValidationException("SPID value is required.");
+ }
+
+ if(spid != null) {
+
+ if (spid.getValue() == null) {
+ throw new ValidationException("SPID has no value");
+ }
+
+ if (spid.getValue().length() <= MIN_SIZE || spid.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("SPID has wrong size: " + spid.getValue().length());
+ }
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java new file mode 100644 index 000000000..9c54fd620 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java @@ -0,0 +1,49 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class StorkSPInformationValidator implements Validator<SPInformation> {
+
+ public StorkSPInformationValidator() {
+
+ }
+
+ public void validate(SPInformation spi) throws ValidationException {
+
+ if(spi.getSPID() == null) {
+
+ throw new ValidationException("SPID is required.");
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java new file mode 100644 index 000000000..08551e03e --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java @@ -0,0 +1,63 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class StorkSpApplicationValidator implements
+ Validator<SpApplication> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 100;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpApplicationValidator() {
+
+ }
+
+ public void validate(SpApplication spApplication) throws ValidationException {
+
+ if(spApplication != null) {
+
+ if (spApplication.getValue() == null) {
+ throw new ValidationException("spApplication has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spApplication.getValue().length() < MIN_SIZE || spApplication.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spApplication.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java new file mode 100644 index 000000000..e6ae0f1b7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class StorkSpCountryValidator implements
+ Validator<SpCountry> {
+
+ public static final String REGEX_PATTERN = "^[A-Z]{2}$";
+
+ public StorkSpCountryValidator() {
+
+ }
+
+ public void validate(SpCountry spCountry) throws ValidationException {
+
+ if(spCountry != null) {
+
+ if (spCountry.getValue() == null) {
+ throw new ValidationException("spCountry has no value");
+ }
+
+ if (!Pattern.matches(REGEX_PATTERN, spCountry.getValue())) {
+ throw new ValidationException("spCountry not valid: " + spCountry.getValue());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java new file mode 100644 index 000000000..9d50d9122 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java @@ -0,0 +1,62 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class StorkSpInstitutionValidator implements
+ Validator<SpInstitution> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 50;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,50}$";
+
+ public StorkSpInstitutionValidator() {
+
+ }
+
+ public void validate(SpInstitution spInstitution) throws ValidationException {
+
+ if(spInstitution != null) {
+
+ if (spInstitution.getValue() == null) {
+ throw new ValidationException("spInstitution has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spInstitution.getValue().length() < MIN_SIZE || spInstitution.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spInstitution has wrong size: " + spInstitution.getValue().length());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java new file mode 100644 index 000000000..2cfaa7a4c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java @@ -0,0 +1,65 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class StorkSpSectorValidator implements
+ Validator<SpSector> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 20;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpSectorValidator() {
+
+ }
+
+ public void validate(SpSector spSector) throws ValidationException {
+
+ if(spSector != null) {
+
+ if (spSector.getValue() == null) {
+ throw new ValidationException("spSector has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spSector.getValue())) {
+// throw new ValidationException("spSector has wrong format: " + spSector.getValue());
+// }
+
+ if (spSector.getValue().length() < MIN_SIZE || spSector.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spSector.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java new file mode 100644 index 000000000..3ee214c46 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java @@ -0,0 +1,139 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.validator.StatusCodeSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusCodeValidator extends StatusCodeSchemaValidator {
+
+ // supported values according to SAML v2.0 specification
+ private static String[] ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:Success",
+ "urn:oasis:names:tc:SAML:2.0:status:Requester",
+ "urn:oasis:names:tc:SAML:2.0:status:Responder",
+ "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"};
+
+ private static String[] ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:NoPassive",
+ "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:PartialLogout",
+ "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestDenied",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow",
+ "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized",
+ "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal",
+ "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding",
+ "http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported"
+ };
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusCodeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(StatusCode statusCode) throws ValidationException {
+
+ super.validate(statusCode);
+
+
+ if(statusCode.getValue() == null) {
+
+ throw new ValidationException("StatusCode is required");
+ }
+
+ boolean valid = false;
+
+ if (statusCode.getParent() instanceof Status) {
+ //first level Status Codes
+
+ String value = statusCode.getValue();
+
+
+
+
+ for(String allowedVal : ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES) {
+
+ if(value.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("First Level StatusCode has an invalid value.");
+ }
+ } else {
+ //parent is status code
+ //second level Status Codes
+
+ if(statusCode != null) {
+
+ valid = false;
+
+ String subVal = statusCode.getValue();
+
+ for(String allowedVal : ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES) {
+
+ if(subVal.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("Second Level StatusCode has an invalid value.");
+ }
+
+ }
+
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java new file mode 100644 index 000000000..36d7ffab5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java @@ -0,0 +1,55 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.validator.StatusSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusValidator extends StatusSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Status status) throws ValidationException {
+
+ super.validate(status);
+
+ if(status.getStatusCode() == null) {
+
+ throw new ValidationException("StatusCode is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java new file mode 100644 index 000000000..0f1fad295 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java @@ -0,0 +1,128 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.X509Data; +import org.opensaml.xml.validation.ValidationException; +
+public class StorkSubjectConfirmationValidator extends
+ SubjectConfirmationSchemaValidator {
+
+ private static final String ALLOWED_METHOD_1 = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+ private static final String ALLOWED_METHOD_2 = "oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectConfirmationValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(SubjectConfirmation subjectConfirmation)
+ throws ValidationException {
+
+ super.validate(subjectConfirmation);
+
+ String method = subjectConfirmation.getMethod();
+
+ if (!(method.equals(ALLOWED_METHOD_1) || method.equals(ALLOWED_METHOD_2))) {
+ throw new ValidationException("Method is invalid.");
+ }
+
+ if (subjectConfirmation.getSubjectConfirmationData() == null) {
+ throw new ValidationException("SubjectConfirmationData required.");
+
+ }
+
+ SubjectConfirmationData confData = subjectConfirmation.getSubjectConfirmationData(); +
+
+ if (method.equals(ALLOWED_METHOD_1)) {
+ if (confData.getNotBefore() != null) {
+ throw new ValidationException("NotBefore in SubjectConfirmationData not allowed if confirmation method is \"bearer\".");
+ }
+
+ }
+
+ if (confData.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if (confData.getRecipient() == null) {
+
+ throw new ValidationException("Recipient is required.");
+ }
+
+ if (confData.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required.");
+ }
+
+ if(method.equals(ALLOWED_METHOD_2)) {
+
+ List<XMLObject> childrenKeyInfo = confData.getUnknownXMLObjects(new QName("KeyInfo"));
+
+ if(childrenKeyInfo.size() < 1) {
+
+ throw new ValidationException("KeyInfo is required.");
+ }
+
+ List<XMLObject> childrenKeyData = confData.getUnknownXMLObjects(new QName("X509Data"));
+
+ if(childrenKeyData.size() != 1) {
+
+ throw new ValidationException("Invalid number of X509Data elements.");
+ } else {
+
+ X509Data data = (X509Data)childrenKeyData.get(0);
+
+ if(data.getX509Certificates() == null || data.getX509Certificates().size() < 1 ) {
+
+ throw new ValidationException("X509Certificate is required.");
+ }
+
+ }
+
+ }
+
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java new file mode 100644 index 000000000..33c7b4478 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java @@ -0,0 +1,47 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkSubjectLocalityValidator implements
+ Validator<SubjectLocality> {
+
+ public StorkSubjectLocalityValidator() {
+
+ }
+
+ public void validate(SubjectLocality sloc) throws ValidationException {
+
+ if (sloc.getAddress() == null) {
+
+ throw new ValidationException("Address is required.");
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java new file mode 100644 index 000000000..077b6294a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.validator.SubjectSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkSubjectValidator extends SubjectSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Subject subject) throws ValidationException {
+
+ super.validate(subject);
+
+ if(subject.getNameID() == null && subject.getEncryptedID() == null) {
+
+ throw new ValidationException("Neither NameID nor EncryptedID is provided.");
+ }
+
+ if(subject.getSubjectConfirmations() == null || subject.getSubjectConfirmations().size() < 1) {
+
+ throw new ValidationException("SubjectConfirmation is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java new file mode 100644 index 000000000..88ff7bed4 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkVIDPAuthenticationAttributesValidator implements
+ Validator<VIDPAuthenticationAttributes> {
+
+ public StorkVIDPAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(VIDPAuthenticationAttributes attr)
+ throws ValidationException {
+
+
+ if(attr.getCitizenCountryCode() == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+
+ if(attr.getSPInformation() == null) {
+
+ throw new ValidationException("SPInformation is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm b/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm new file mode 100644 index 000000000..cac0bda76 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm @@ -0,0 +1,38 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response +## Contains target attribute to delegate PEPS authentication out of iFrame + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + + <body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support JavaScript, + you must press the Continue button once to proceed. + </p> + </noscript> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end + + #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end + + #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue"/> + </div> + </noscript> + </form> + + </body> +</html>
\ No newline at end of file diff --git a/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml b/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml new file mode 100644 index 000000000..988480f55 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml @@ -0,0 +1,242 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.opensaml.org/xmltooling-config ../../src/schema/xmltooling-config.xsd"
+ xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"
+ xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns="http://www.opensaml.org/xmltooling-config">
+
+ <!-- SAML 2.0 Protocol Object providers -->
+ <ObjectProviders>
+
+
+ <!-- AuthnRequest provider -->
+ <ObjectProvider qualifiedName="saml2p:AuthnRequest">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKAuthnRequestUnmarshaller" />
+ </ObjectProvider>
+
+ <!-- Response provider -->
+ <ObjectProvider qualifiedName="saml2p:Response">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKResponseBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKResponseMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKResponseUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="saml2p:Extensions">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKExtensionsUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:AuthenticationAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.AuthenticationAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:CitizenCountryCode">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.CitizenCountryCodeUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPAuthRequest">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPAuthRequestUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPCertEnc">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPCertEncBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertEncMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertEncUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPCertSig">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPCertSigBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertSigMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPCertSigUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPID">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPIDBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPIDMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPIDUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:SPInformation">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SPInformationBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SPInformationMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SPInformationUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:VIDPAuthenticationAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.VIDPAuthenticationAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:QualityAuthenticationAssuranceLevel">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.QualityAuthenticationAssuranceLevelUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:RequestedAttributes">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.RequestedAttributesUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:RequestedAttribute">
+ <BuilderClass className="eu.stork.vidp.messages.saml.impl.STORKRequestedAttributeBuilder" />
+ <MarshallingClass className="org.opensaml.saml2.metadata.impl.RequestedAttributeMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.saml.impl.STORKRequestedAttributeUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDSectorShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDSectorShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDCrossSectorShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossSectorShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="storkp:eIDCrossBorderShare">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.EIDCrossBorderShareUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spSector">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpSectorBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpSectorMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpSectorUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spApplication">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpApplicationBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpApplicationMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpApplicationUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spCountry">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpCountryBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpCountryMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpCountryUnmarshaller" />
+ </ObjectProvider>
+
+ <ObjectProvider qualifiedName="stork:spInstitution">
+ <BuilderClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionBuilder" />
+ <MarshallingClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionMarshaller" />
+ <UnmarshallingClass className="eu.stork.vidp.messages.stork.impl.SpInstitutionUnmarshaller" />
+ </ObjectProvider>
+
+ </ObjectProviders>
+
+ <!-- Validation rules for SAML 2.0 SAMLObjects -->
+ <ValidatorSuites>
+
+ <!-- SAML 2.0 Schema Validation Rules -->
+ <ValidatorSuite id="saml2-core-schema-and-stork-validator">
+ <Validator qualifiedName="saml2:Action" className="org.opensaml.saml2.core.validator.ActionSchemaValidator" />
+ <Validator qualifiedName="saml2p:Artifact" className="org.opensaml.saml2.core.validator.ArtifactSchemaValidator" />
+ <Validator qualifiedName="saml2p:ArtifactResolve" className="org.opensaml.saml2.core.validator.ArtifactResolveSchemaValidator" />
+ <Validator qualifiedName="saml2p:ArtifactResponse" className="org.opensaml.saml2.core.validator.ArtifactResponseSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Assertion" className="org.opensaml.saml2.core.validator.AssertionSchemaValidator" /-->
+ <Validator qualifiedName="saml2:AssertionIDRef" className="org.opensaml.saml2.core.validator.AssertionIDRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AssertionIDRequest" className="org.opensaml.saml2.core.validator.AssertionIDRequestSchemaValidator" />
+ <Validator qualifiedName="saml2:AssertionURIRef" className="org.opensaml.saml2.core.validator.AssertionURIRefSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Attribute" className="org.opensaml.saml2.core.validator.AttributeSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:AttributeQuery" className="org.opensaml.saml2.core.validator.AttributeQuerySchemaValidator" />
+ <Validator qualifiedName="saml2:AttributeStatement" className="org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator" />
+ <Validator qualifiedName="saml2:Audience" className="org.opensaml.saml2.core.validator.AudienceSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:AudienceRestriction" className="org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator" /-->
+ <Validator qualifiedName="saml2:AuthenticatingAuthority" className="org.opensaml.saml2.core.validator.AuthenticatingAuthoritySchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextClassRef" className="org.opensaml.saml2.core.validator.AuthnContextClassRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextDeclRef" className="org.opensaml.saml2.core.validator.AuthnContextDeclRefSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextDecl" className="org.opensaml.saml2.core.validator.AuthnContextDeclSchemaValidator" />
+ <Validator qualifiedName="saml2p:AuthnQuery" className="org.opensaml.saml2.core.validator.AuthnQuerySchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:AuthnRequest" className="org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2:AuthnStatement" className="org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:AuthzDecisionQuery" className="org.opensaml.saml2.core.validator.AuthzDecisionQuerySchemaValidator" />
+ <Validator qualifiedName="saml2:AuthzDecisionStatement" className="org.opensaml.saml2.core.validator.AuthzDecisionStatementSchemaValidator" />
+ <Validator qualifiedName="saml2:AuthnContextClassRef" className="org.opensaml.saml2.core.validator.AuthnContextClassRefSchemaValidator" />
+ <Validator qualifiedName="saml2:Evidence" className="org.opensaml.saml2.core.validator.EvidenceSchemaValidator" />
+ <Validator qualifiedName="saml2p:GetComplete" className="org.opensaml.saml2.core.validator.GetCompleteSchemaValidator" />
+ <Validator qualifiedName="saml2p:IDPEntry" className="org.opensaml.saml2.core.validator.IDPEntrySchemaValidator" />
+ <Validator qualifiedName="saml2p:IDPList" className="org.opensaml.saml2.core.validator.IDPListSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Issuer" className="org.opensaml.saml2.core.validator.IssuerSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:LogoutRequest" className="org.opensaml.saml2.core.validator.LogoutRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:LogoutResponse" className="org.opensaml.saml2.core.validator.LogoutResponseSchemaValidator" />
+ <Validator qualifiedName="saml2p:ManageNameIDRequest" className="org.opensaml.saml2.core.validator.ManageNameIDRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:ManageNameIDResponse" className="org.opensaml.saml2.core.validator.ManageNameIDResponseSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:NameID" className="org.opensaml.saml2.core.validator.NameIDSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:NameIDMappingRequest" className="org.opensaml.saml2.core.validator.NameIDMappingRequestSchemaValidator" />
+ <Validator qualifiedName="saml2p:NameIDMappingResponse" className="org.opensaml.saml2.core.validator.NameIDMappingResponseSchemaValidator" />
+ <Validator qualifiedName="saml2p:NewID" className="org.opensaml.saml2.core.validator.NewIDSchemaValidator" />
+ <Validator qualifiedName="saml2p:RequestedAuthnContext" className="org.opensaml.saml2.core.validator.RequestedAuthnContextSchemaValidator" />
+ <Validator qualifiedName="saml2p:RequesterID" className="org.opensaml.saml2.core.validator.RequesterIDSchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:Response" className="org.opensaml.saml2.core.validator.ResponseSchemaValidator" /-->
+ <Validator qualifiedName="saml2:SessionIndex" className="org.opensaml.saml2.core.validator.SessionIndexSchemaValidator" />
+ <!-- Validator qualifiedName="saml2p:Status" className="org.opensaml.saml2.core.validator.StatusSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2p:StatusCode" className="org.opensaml.saml2.core.validator.StatusCodeSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:StatusMessage" className="org.opensaml.saml2.core.validator.StatusMessageSchemaValidator" />
+ <!-- Validator qualifiedName="saml2:Subject" className="org.opensaml.saml2.core.validator.SubjectSchemaValidator" /-->
+ <!-- Validator qualifiedName="saml2:SubjectConfirmation" className="org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator" /-->
+ <Validator qualifiedName="saml2p:Response" className="eu.stork.vidp.messages.validation.StorkResponseValidator" />
+ <Validator qualifiedName="saml2:Issuer" className="eu.stork.vidp.messages.validation.StorkIssuerValidator" />
+ <Validator qualifiedName="saml2p:Status" className="eu.stork.vidp.messages.validation.StorkStatusValidator" />
+ <Validator qualifiedName="saml2p:StatusCode" className="eu.stork.vidp.messages.validation.StorkStatusCodeValidator" />
+ <Validator qualifiedName="saml2:Assertion" className="eu.stork.vidp.messages.validation.StorkAssertionValidator" />
+ <Validator qualifiedName="saml2:Subject" className="eu.stork.vidp.messages.validation.StorkSubjectValidator" />
+ <Validator qualifiedName="saml2:NameID" className="eu.stork.vidp.messages.validation.StorkNameIDValidator" />
+ <Validator qualifiedName="saml2:EncryptedID" className="eu.stork.vidp.messages.validation.StorkEncryptedIdValidator" />
+ <Validator qualifiedName="saml2:SubjectConfirmation" className="eu.stork.vidp.messages.validation.StorkSubjectConfirmationValidator" />
+ <Validator qualifiedName="saml2:AudienceRestriction" className="eu.stork.vidp.messages.validation.StorkAudienceRestrictionValidator" />
+ <Validator qualifiedName="saml2:Conditions" className="eu.stork.vidp.messages.validation.StorkConditionsValidator" />
+ <Validator qualifiedName="saml2:AuthnStatement" className="eu.stork.vidp.messages.validation.StorkAuthnStatementValidator" />
+ <Validator qualifiedName="saml2:SubjectLocality" className="eu.stork.vidp.messages.validation.StorkSubjectLocalityValidator" />
+ <Validator qualifiedName="saml2:Attribute" className="eu.stork.vidp.messages.validation.StorkAttributeValidator" />
+ <Validator qualifiedName="saml2:EncryptedAttribute" className="eu.stork.vidp.messages.validation.StorkEncryptedAttributeValidator" />
+ <Validator qualifiedName="saml2p:AuthnRequest" className="eu.stork.vidp.messages.validation.StorkAuthnRequestValidator" />
+ <Validator qualifiedName="storkp:AuthenticationAttributes" className="eu.stork.vidp.messages.validation.StorkAuthenticationAttributesValidator" />
+ <Validator qualifiedName="storkp:SPID" className="eu.stork.vidp.messages.validation.StorkSPIDValidator" />
+ <Validator qualifiedName="storkp:SPInformation" className="eu.stork.vidp.messages.validation.StorkSPInformationValidator" />
+ <!-- Validator qualifiedName="stork:FinalRedirectURL" className="eu.stork.vidp.messages.validation.StorkFinalRedirectURLValidator" /-->
+ <Validator qualifiedName="storkp:CitizenCountryCode" className="eu.stork.vidp.messages.validation.StorkCitizenCountryCodeValidator" />
+ <Validator qualifiedName="storkp:VIDPAuthenticationAttributes" className="eu.stork.vidp.messages.validation.StorkVIDPAuthenticationAttributesValidator" />
+ <Validator qualifiedName="stork:RequestedAttribute" className="eu.stork.vidp.messages.validation.StorkRequestedAttributeValidator" />
+ <Validator qualifiedName="storkp:RequestedAttributes" className="eu.stork.vidp.messages.validation.StorkRequestedAttributesValidator" />
+ <Validator qualifiedName="stork:QualityAuthenticationAssuranceLevel" className="eu.stork.vidp.messages.validation.StorkQualityAuthenticationAssuranceLevelValidator" />
+ <Validator qualifiedName="saml2p:Extensions" className="eu.stork.vidp.messages.validation.StorkExtensionsValidator" />
+ <Validator qualifiedName="saml2:NameIdPolicy" className="eu.stork.vidp.messages.validation.StorkNameIdPolicyValidator" />
+ <Validator qualifiedName="ds:Signature" className="org.opensaml.xml.signature.validator.SignatureSchemaValidator" />
+ <Validator qualifiedName="stork:spSector" className="eu.stork.vidp.messages.validation.StorkSpSectorValidator" />
+ <Validator qualifiedName="stork:spApplication" className="eu.stork.vidp.messages.validation.StorkSpApplicationValidator" />
+ <Validator qualifiedName="stork:spCountry" className="eu.stork.vidp.messages.validation.StorkSpCountryValidator" />
+ <Validator qualifiedName="stork:Institution" className="eu.stork.vidp.messages.validation.StorkSpInstitutionValidator" />
+
+
+ </ValidatorSuite>
+
+ <!-- SAML 2.0 Specification Validation Rules -->
+ <ValidatorSuite id="saml2-core-spec-validator">
+ <Validator qualifiedName="saml2:Assertion" className="org.opensaml.saml2.core.validator.AssertionSpecValidator" />
+ <Validator qualifiedName="saml2:Conditions" className="org.opensaml.saml2.core.validator.ConditionsSpecValidator" />
+ </ValidatorSuite>
+
+ </ValidatorSuites>
+
+
+ </XMLTooling>
\ No newline at end of file |