diff options
Diffstat (limited to 'id')
154 files changed, 3486 insertions, 3074 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 9800fad7e..51bb941a4 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -97,6 +97,12 @@ <artifactId>moa-id-module-stork</artifactId> </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>${org.apache.commons.collections4.version}</version> + </dependency> + <dependency> <groupId>at.gv.util</groupId> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java new file mode 100644 index 000000000..a25cc44ef --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java @@ -0,0 +1,92 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule; + +/** + * @author tlenz + * + */ +public class PVPSOAPRequestSecurityPolicy extends + AbstractRequestSignedSecurityPolicyRule { + + /** + * @param trustEngine + * @param peerEntityRole + */ + public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + try { + HTTPMetadataProvider metadataProvider = ConfigurationProvider.getInstance().getMetaDataProvier(); + metadataProvider.setRequireValidMetadata(true); + metadataProvider.refresh(); + + return true; + + } catch (Exception e) { + + + } + + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof Envelope) { + Envelope envelope = (Envelope) inboundData; + if (envelope.getBody() != null) { + List<XMLObject> xmlElemList = envelope.getBody().getUnknownXMLObjects(); + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof SignableSAMLObject) + return (SignableSAMLObject) xmlElemList.get(0); + + } + } + + return null; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index cff08740b..17d3d9e50 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -40,6 +40,7 @@ import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -49,10 +50,12 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.validation.ValidationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; /** * @author tlenz @@ -77,25 +80,44 @@ public class SLOBackChannelServlet extends SLOBasicServlet { try { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = - new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); + + BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = +// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + //set trustPolicy +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new PVPSOAPRequestSecurityPolicy( +// PVP2Utils.getTrustEngine(getConfig()), +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); soapDecoder.decode(messageContext); - + Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); + LogoutResponse sloResp = null; + if (inboundMessage.getBody() != null) { List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - LogoutResponse sloResp; + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - sloResp = processLogOutRequest(sloReq, request); + //validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + KeyStore keyStore = getConfig().getPVP2KeyStore(); X509Credential authcredential = new KeyStoreX509CredentialAdapter( keyStore, @@ -111,24 +133,17 @@ public class SLOBackChannelServlet extends SLOBasicServlet { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - + } else { log.warn("Received request ist not of type LogOutRequest"); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; } } - } catch (MessageDecodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (SecurityException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (NoSuchAlgorithmException e) { - log.error("SLO message processing FAILED." , e); + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { + log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } catch (CertificateException e) { @@ -139,15 +154,14 @@ public class SLOBackChannelServlet extends SLOBasicServlet { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (ConfigurationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (MessageEncodingException e) { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } + } + + + } protected void doGet(HttpServletRequest request, diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 2a35e50b1..c70d34d7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -131,13 +131,13 @@ public class SLOBasicServlet extends HttpServlet { } else { log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.PARTIAL_LOGOUT_URI, request); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); } } - private LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); sloResp.setID(gen.generateIdentifier()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 8df7f9d5a..274aa21bf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -69,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; import at.gv.egovernment.moa.id.configuration.exception.PVP2Exception; import at.gv.egovernment.moa.id.configuration.exception.SLOException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -99,8 +98,15 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { //process user initiated single logout process Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - + String nameIDFormat = authUser.getNameIDFormat(); String nameID = authUser.getNameID(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e2a55db60..ab6c22858 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -54,6 +54,7 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; +import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul; @@ -65,8 +66,6 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; - public class ConfigurationProvider { @@ -602,7 +601,7 @@ public class ConfigurationProvider { } catch (Exception e) { log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("PVP2 authentification can not be initialized.", e); + throw new ConfigurationException("error.initialization.pvplogin", e); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 83795567c..95af93af3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -54,7 +54,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.util.MiscUtil; @@ -126,6 +128,7 @@ public class GeneralMOAIDConfig { private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; public GeneralMOAIDConfig() { chainigmodelist = new HashMap<String, String>(); @@ -133,6 +136,26 @@ public class GeneralMOAIDConfig { for (int i=0; i<values.length; i++) { chainigmodelist.put(values[i].value(), values[i].value()); } + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) + secLayerTransformation = new HashMap<String, byte[]>(); + for (TransformsInfoType el : authBlockTrans) + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + + } + } + + } catch (Exception e) { + + } + } public void parse(MOAIDConfiguration config) { @@ -163,7 +186,26 @@ public class GeneralMOAIDConfig { if (authgen.isTrustManagerRevocationChecking() != null) trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - publicURLPrefix = authgen.getPublicURLPreFix(); + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + //format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + publicURLPrefix = tmp; + } + + TimeOuts timeouts = authgen.getTimeOuts(); if (timeouts != null) { @@ -819,6 +861,7 @@ public class GeneralMOAIDConfig { * @return the secLayerTransformation */ public Map<String, byte[]> getSecLayerTransformation() { + return secLayerTransformation; } @@ -931,7 +974,12 @@ public class GeneralMOAIDConfig { * @param publicURLPrefix the publicURLPrefix to set */ public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; + if (MiscUtil.isNotEmpty(publicURLPrefix)) + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + else + this.publicURLPrefix = publicURLPrefix; + } /** @@ -961,6 +1009,23 @@ public class GeneralMOAIDConfig { public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 9b0172a24..d0232e86a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -31,17 +31,13 @@ import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentialsCredentialOIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; -import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 441c879be..bb98d2e64 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -27,10 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index e092d9e13..9ddb41d83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -29,23 +29,21 @@ import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.util.ArrayList; -import java.util.Date; +import java.util.Arrays; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import org.apache.log4j.Logger; -import edu.emory.mathcs.backport.java.util.Arrays; - import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index a658c3f34..504b598c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.math.BigInteger; -import java.util.*; - +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; @@ -58,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -179,7 +184,12 @@ public class EditGeneralConfigAction extends BasicAction { String error = saveFormToDatabase(); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); - addActionError(error); + + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); return Constants.STRUTS_ERROR_VALIDATION; } @@ -248,13 +258,27 @@ public class EditGeneralConfigAction extends BasicAction { // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if(pubURLPrefix.endsWith("/")) { - int length = pubURLPrefix.length(); - pubURLPrefix = pubURLPrefix.substring(0, length-1); - } - dbauthgeneral.setPublicURLPreFix(pubURLPrefix); + //set Public URL Prefix + String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index a2c5da247..a9889da9c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -53,8 +53,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; -import com.fasterxml.jackson.core.JsonProcessingException; - public class ImportExportAction extends BasicAction { private static final Logger log = Logger.getLogger(ImportExportAction.class); @@ -150,7 +148,7 @@ public class ImportExportAction extends BasicAction { } - } catch (JsonProcessingException | JAXBException | FileNotFoundException e) { + } catch (JAXBException | FileNotFoundException e) { log.info("Legacy configuration has an Import Error", e); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 8be24edb4..384f0662f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -271,7 +271,7 @@ public class InterfederationIDPAction extends BasicOAAction { businessID = new IdentificationNumber(); onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP"); + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); } else onlineapplication.setTarget("MOA-IDP"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index fc310900e..eca4c05ef 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -94,6 +94,26 @@ public class SAML2Utils { return document; } +// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { +// MetadataCredentialResolver resolver; +// +// resolver = new MetadataCredentialResolver(ConfigurationProvider.getInstance().getMetaDataProvier()); +// +// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +// keyInfoProvider.add(new DSAKeyValueProvider()); +// keyInfoProvider.add(new RSAKeyValueProvider()); +// keyInfoProvider.add(new InlineX509DataProvider()); +// +// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +// keyInfoProvider); +// +// ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( +// resolver, keyInfoResolver); +// +// return engine; +// +// } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 95502cedb..d4e8e957d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -28,10 +28,10 @@ import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -39,8 +39,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -66,14 +64,29 @@ public class MOAConfigValidator { check = form.getPublicURLPrefix(); if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Public URL Prefix is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request)); - } + String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); + + } + + } } else { log.info("PublicURL Prefix is empty."); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } + } check = form.getTimeoutAssertion(); if (MiscUtil.isNotEmpty(check)) { @@ -401,7 +414,7 @@ public class MOAConfigValidator { - if (form.getFileUploadFileName() != null) { + if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { HashMap<String, byte[]> map = new HashMap<String, byte[]>(); for (int i=0; i<form.getFileUploadFileName().size(); i++) { String filename = form.getFileUploadFileName().get(i); @@ -426,7 +439,15 @@ public class MOAConfigValidator { } } } + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 35b69274f..6476ea1f1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -43,6 +43,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; @@ -76,9 +77,20 @@ public class OAPVP2ConfigValidation { else { try { - //OracleDB does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."); + //Some databases does not allow the selection of a lob in SQL where expression + String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); if (oa != null && diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 36c952ad0..ab404f65b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file not defined +error.initialization.pvplogin=PVP2 authentication can not be initialized. + error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. @@ -125,6 +127,7 @@ webpages.inderfederation.gateway.entityID=EntityID des PVP Portals webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. webpages.moaconfig.header=Allgemeine Konfiguration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Virtuelle IDP aktivieren webpages.moaconfig.defaultbkus.header=Default BKUs webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates webpages.moaconfig.slrequesttemplates.local=Locale BKU @@ -438,8 +441,8 @@ validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltig validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer. validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} -validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden. -validation.general.slrequest.file.empty=Die SecurtityLayer Transformation fehlt. +validation.general.slrequest.file.valid=Die angegebenen AuthBlock Transformation konnte nicht geladen werden. +validation.general.slrequest.file.empty=Die AuthBlock Transformation fehlt. validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 439b1111e..29db35a0e 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file is not defined +error.initialization.pvplogin=PVP2 authentication can not be initialized. + error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. error.general.text=During the processing the error condition occured. Please try again or contact the administrator. @@ -124,6 +126,7 @@ webpages.inderfederation.gateway.entityID=PVP portal EntityID webpages.moaconfig.save.success=MOA-ID has been successfully saved. webpages.moaconfig.header=General configuration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Enable virtual IDPs webpages.moaconfig.defaultbkus.header=Default CCE webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates webpages.moaconfig.slrequesttemplates.local=Local CCE @@ -384,7 +387,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} validation.general.publicURLprefix.empty=Public URL Prefix is blank. -validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.publicURLprefix.valid=Public URL Prefix {0} has invalid format. validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected. @@ -436,7 +439,8 @@ validation.general.szrgw.url.valid=URL for SZR Gateway has invalid format. validation.general.trustedcacerts.empty=Field TrustedCACertificates is blank. validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates contains forbidden characters. The following characters are not allowed\: {0} validation.general.slrequest.filename.valid=File name of provided SecurityLayer Transformation contains forbidden characters. The following characters are not allowed\: {0} -validation.general.slrequest.file.valid=The provided SecurityLayer Transformation could not be loaded. +validation.general.slrequest.file.valid=The provided AuthBlock-Transformation is not loadable. +validation.general.slrequest.file.empty=No AuthBlock-Transformation found. validation.general.aditionalauthblocktext=The additional text for AuthBlock contains forbidden characters. The following characters are not allowed\: {0} validation.general.bku.handy.empty=URL for Mobile-CCE is blank. diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 4cbfba19b..00a2fa851 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -664,3 +664,8 @@ div .wwgrp br { #stork_attributelist .wwctrl input[type="checkbox"]{ margin-left:20px; } + +#loadGeneralConfig_moaconfig_publicURLPrefix { + resize: none; + +} diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index fb71854c2..f17ee3623 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -272,4 +272,25 @@ function newAp() { clone.innerHTML = clone.innerHTML.replace(/name="storkOA.attributeProviderPlugins\[\d/g, 'name="storkOA.attributeProviderPlugins[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); -}
\ No newline at end of file +} + +function setPublicURLPrefixTestBox(checkbox) { + if (checkbox.checked) { + var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix"); + textarea.attr("rows", 6); + textarea.height(120); + + } else { + var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix"); + textarea.attr("rows", 1); + textarea.height(25); + + } + return true; +} + +function generalConfigLoadEvent() { + var value = $("#loadGeneralConfig_moaconfig_publicURLPrefix").val(); + $("#loadGeneralConfig_moaconfig_publicURLPrefix").val(value.replace(/,/g,",\n")); + return true; +} diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index bc8c57ec2..ac2c8de5a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -16,7 +16,7 @@ </head> - <body> + <body onload="generalConfigLoadEvent();"> <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> @@ -37,13 +37,38 @@ <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> - <s:textfield name="moaconfig.publicURLPrefix" - value="%{moaconfig.publicURLPrefix}" - labelposition="left" - key="webpages.oaconfig.general.publicURLPreFix" - cssClass="textfield_long"> - </s:textfield> + <s:if test="moaconfig.isVirtualPublicURLPrefixEnabled()"> + <s:textarea name="moaconfig.publicURLPrefix" + value="%{moaconfig.publicURLPrefix}" + labelposition="left" + key="webpages.oaconfig.general.publicURLPreFix" + cssClass="textfield_long" + rows="6" + requiredLabel="true" + style="height:120px;"> + </s:textarea> + </s:if> + <s:else> + <s:textarea name="moaconfig.publicURLPrefix" + value="%{moaconfig.publicURLPrefix}" + labelposition="left" + key="webpages.oaconfig.general.publicURLPreFix" + cssClass="textfield_long" + rows="1" + requiredLabel="true" + style="height:25px;"> + </s:textarea> + </s:else> + <s:checkbox name="moaconfig.virtualPublicURLPrefixEnabled" + value="%{moaconfig.virtualPublicURLPrefixEnabled}" + labelposition="left" + key="webpages.moaconfig.general.virtualPublicURLPrefixEnabled" + cssClass="checkbox" + onchange="setPublicURLPrefixTestBox(this);"> + </s:checkbox> + + <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3> diff --git a/id/history.txt b/id/history.txt index 6ad08d910..f242ab35e 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,5 +1,32 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 3.1.0: Änderungen seit Version MOA-ID 3.0.2
+- Änderungen
+ - Mehrere virtuelle IDP Instanzen je deployer MOA-ID Instanz möglich
+ (unterschiedliche Entity-IDs je virtueller Instanz)
+ - Überarbeitung der Weboberfläche des Konfigurationstools
+ - Update der beigelegten Templates (BKU-Auswahl, SSO Assertion Conformation,
+ Front-Channel Single LogOut)
+ - Kleinere Bug-Fixes
+ - Update von Libraries
+ > mysql:mysql-connector-java 5.1.38
+ > org.slf4j:jcl-over-slf4j 1.7.13
+ > org.slf4j:jul-to-slf4j 1.7.13
+ > org.slf4j:slf4j-api 1.7.13
+ > org.slf4j:slf4j-log4j12 1.7.13
+ > apache:cxf 3.1.4
+ > org.springframework 4.2.4.RELEASE
+ > commons:collections3 3.2.2
+ > commons:collections4 4.1
+ > org.apache.struts:struts2-core 2.3.24.1
+ > org.apache.struts:struts2-json-plugin 2.3.24.1
+ > org.hibernate:hibernate-core 4.3.11.Final
+ > org.hibernate:hibernate-entitymanager 4.3.11.Final
+ > org.hibernate:hibernate-c3p0 4.3.11.Final
+ > com.google.http-client:google-http-client-jackson2 1.21.0
+ > com.google.oauth-client:google-oauth-client-jetty 1.21.0
+
+ ------------------------------------------------------------------------------
Version MOA-ID Release 3.0.2: Änderungen seit Version MOA-ID 3.0.1
- Änderungen
- Bug-Fix für Zugriff auf Oracle Datenbanken
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index 0e9411042..1c3e0fe13 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -29,6 +29,7 @@ import java.util.List; import java.util.Map; import java.util.regex.Pattern; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -114,14 +115,32 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); + String isVirtualIDPEnabled = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Public URL Prefix is not valid"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, - "Public URL Prefix", - LanguageHelper.getErrorString("validation.general.publicURLprefix.valid"))); - } + String[] preFixList = check.split(","); + if (isVirtualIDPEnabled != null && Boolean.valueOf(isVirtualIDPEnabled)) { + for (String el : preFixList) { + if (!ValidationHelper.validateURL(el.trim())) { + log.info("Public URL Prefix is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, + "Public URL Prefix", + LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}))); + } + } + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(preFixList[0].trim()))) { + log.info("Public URL Prefix " + preFixList[0] + " is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, + "Public URL Prefix", + LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{preFixList[0]}))); + + } + + } + } else { log.info("PublicURL Prefix is empty."); errors.add(new ValidationObjectIdentifier( @@ -511,15 +530,32 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme Map<String, String> newConfigValues = new HashMap<String, String>(); - String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); - if(pubURLPrefix.endsWith("/")) { - int length = pubURLPrefix.length(); - pubURLPrefix = pubURLPrefix.substring(0, length-1); - newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, pubURLPrefix); + String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); + String normalizedPubURLPrefix = KeyValueUtils.normalizeCSVValueString(pubURLPrefix); + String[] normalizedPubURLPrefixList = normalizedPubURLPrefix.split(KeyValueUtils.CSV_DELIMITER); + String modifiedPubURLPrefixCSV = null; + + for (String el : normalizedPubURLPrefixList) { + String newPubURLPrefix = el; + if(el.endsWith("/")) { + int length = el.length(); + newPubURLPrefix = el.substring(0, length-1); + } + + if (modifiedPubURLPrefixCSV == null) + modifiedPubURLPrefixCSV = newPubURLPrefix; + else + modifiedPubURLPrefixCSV += KeyValueUtils.CSV_DELIMITER + newPubURLPrefix; + + } + + if (!modifiedPubURLPrefixCSV.equals(pubURLPrefix)) { + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, modifiedPubURLPrefixCSV); log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX) - + " to value: " + pubURLPrefix); - } + + " to value: " + modifiedPubURLPrefixCSV); + } + String ssoTarget = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); if (MiscUtil.isNotEmpty(ssoTarget)) { diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties index bb0499020..8f7ccd8ab 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties @@ -373,7 +373,7 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. -validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00FCltiges Format. +validation.general.publicURLprefix.valid=Public URL Prefix {0} hat kein g\u00FCltiges Format. validation.general.businessservice.empty=Die Application ist weder dem \u00F6ffentlichen noch dem privaten Sektor zugeordnet. validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties index 420ac27ec..9e472e3af 100644 --- a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties +++ b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties @@ -371,7 +371,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} validation.general.publicURLprefix.empty=Public URL Prefix is blank. -validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.publicURLprefix.valid=Public URL Prefix {0} has invalid format. validation.general.businessservice.empty=Online application is no public or private application. validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4bce49465..0b8251386 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; @@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet { serviceURL = serviceURL + "/"; //name.setValue(serviceURL); issuer.setValue(serviceURL); - + // subject.setNameID(name); // authReq.setSubject(subject); issuer.setFormat(NameIDType.ENTITY); @@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet { for (SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { +// //Get the service address for the binding you wish to use +// if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { +// redirectEndpoint = sss; +// } + //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { redirectEndpoint = sss; } + } authReq.setDestination(redirectEndpoint.getLocation()); + //authReq.setDestination("http://test.test.test"); + RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); @@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet { authReq.setSignature(signer); //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); +// VelocityEngine engine = new VelocityEngine(); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +// engine.setProperty("classpath.resource.loader.class", +// "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +// engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); +// engine.init(); +// +// HTTPPostEncoder encoder = new HTTPPostEncoder(engine, +// "templates/pvp_postbinding_template.html"); +// HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +// response, true); +// BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); +// SingleSignOnService service = new SingleSignOnServiceBuilder() +// .buildObject(); +// service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); +// service.setLocation(redirectEndpoint.getLocation());; +// +// context.setOutboundSAMLMessageSigningCredential(authcredential); +// context.setPeerEntityEndpoint(service); +// context.setOutboundSAMLMessage(authReq); +// context.setOutboundMessageTransport(responseAdapter); + + //generate Redirect Binding message + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( response, true); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); SingleSignOnService service = new SingleSignOnServiceBuilder() .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); context.setOutboundSAMLMessageSigningCredential(authcredential); context.setPeerEntityEndpoint(service); context.setOutboundSAMLMessage(authReq); context.setOutboundMessageTransport(responseAdapter); - + //context.setRelayState(relayState); + encoder.encode(context); } catch (Exception e) { diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index eecb691c0..1dcc66a56 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -56,9 +56,9 @@ public class AttributeListBuilder implements PVPConstants{ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); diff --git a/id/readme_3.1.0-RC1.txt b/id/readme_3.1.0-RC1.txt new file mode 100644 index 000000000..6c2fce8a8 --- /dev/null +++ b/id/readme_3.1.0-RC1.txt @@ -0,0 +1,602 @@ +=============================================================================== +MOA ID Version Release 3.1.0 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 3.1.0 wurden folgende Neuerungen und Änderungen eingeführt, +die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch +history.txt im gleichen Verzeichnis). + +- Änderungen + - Mehrere virtuelle IDP Instanzen je deployer MOA-ID Instanz möglich + (unterschiedliche Entity-IDs je virtueller Instanz) + - Überarbeitung der Weboberfläche des Konfigurationstools + - Kleinere Bug-Fixes + - Update von Libraries + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.1.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 3.1.x. + +............................................................................... +B.1 Durchführung eines Updates von Version 3.0.x auf Version 3.1.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update der TrustStores für WebService Zugriffe. + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs + in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs. + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded + in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der + MOA-ID-Configuration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + a.) dbcp.validationQuery=..... (SQL Query zum Validieren der + Datenbankverbindung + z.B: "SELECT 1" für mySQL + "select 1 from dual" für OracleDB) + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + a.) configuration.dbcp.validationQuery=..... (SQL Query zum + Validieren der Datenbankverbindung + z.B: "SELECT 1" für mySQL + "select 1 from dual" für OracleDB) + +9. Update der Default html-Templates für die Bürgerkartenauswahl. + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 2.2.1 auf Version 3.1.0 +............................................................................... + +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +9. Update der Default html-Templates für die Bürgerkartenauswahl. + + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +10. Update der STORK Konfiguration + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork + in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. + b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> + 2.4 Konfiguration des SamlEngines an. + +11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei + CATALINA_HOME\conf\moa-id\moa-id.properties + +12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + +13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration + CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties + +14. Update der Tomcat Start-Skripts: + - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen + nur als URI (file:/...) übergeben werden. + +15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Kopieren der folgenden Dateien: + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei bevor Sie diese durch die neue Version ersetzen. + a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml + b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml + +9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks + (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. + Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell + verwendeten KeyStore ab. + +10. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Kopieren der folgenden Dateien + a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. + +9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks + (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. + Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell + verwendeten KeyStore ab. + +10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + +4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der + MOA-ID-Configuration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + a.) general.moaconfig.key=..... (Passwort zum Ver- und + Entschlüsseln von Konfigurationsparametern in der Datenbank) + +9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + a.) configuration.moaconfig.key=..... (Passwort zum Ver- und + Entschlüsseln von Konfigurationsparametern in der Datenbank) + +10. Kopieren der folgenden Dateien + a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> + CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. + +11. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update der STORK Konfiguration + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork + in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. + b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> + 2.4 Konfiguration des SamlEngines an. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + a.) general.ssl.certstore=certs/certstore + b.) general.ssl.truststore=certs/truststore + +8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs + nach CATALINA_HOME\conf\moa-id-configuration\ + +9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei + CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar. + a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion + protocols.pvp2.idp.ks.assertion.encryption.keypassword=password + +10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/ + nach CATALINA_HOME\conf\moa-id\ + a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\ + b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> + CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html + +11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen + zwei Varianten zur Verfügung. + a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth + CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile + moasession.hibernate.hbm2ddl.auto=update + zu + moasession.hibernate.hbm2ddl.auto=create + Danach werden die Tabellen beim nächsten Startvorgang neu generiert. + + b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson + Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert. + +12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1 +............................................................................... + +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + Für MOA ID Proxy: + Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +8. Update der Default html-Templates für die Bürgerkartenauswahl. + + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +9. Update der STORK Konfiguration + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork + in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. + b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> + 2.4 Konfiguration des SamlEngines an. + +10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei + CATALINA_HOME\conf\moa-id\moa-id.properties + + a.) configuration.validation.certificate.QC.ignore=false + b.) protocols.pvp2.assertion.encryption.active=false + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.6 Durchführung eines Updates von Version <= 1.5.1 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 3a84ca37d..98ec73a25 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -204,6 +204,12 @@ <artifactId>xalan</artifactId> <!-- should be provided by the container or jre --> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>xalan</groupId> + <artifactId>serializer</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>xerces</groupId> diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index c3cf396b3..a67549ef3 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -93,10 +93,16 @@ <from>^/stork2/RetrieveMandate$</from> <to type="forward">/dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string}</to> </rule> + + <!-- eIDAS protocol --> <rule match-type="regex"> <from>^/eidas/ColleagueRequest$</from> <to type="forward">/dispatcher?mod=eidas&action=AuthenticationRequest&%{query-string}</to> </rule> + <rule match-type="regex"> + <from>^/eidas/metadata$</from> + <to type="forward">/dispatcher?mod=eidas&action=MetadataRequest&%{query-string}</to> + </rule> <rule match-type="regex"> diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index d898f8b95..0c051571b 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -2,7 +2,7 @@ <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf8" > - <title>MOA-ID 3.0.x</title> + <title>MOA-ID 3.1.x</title> <link rel="stylesheet" href="./common/main.css" type="text/css"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'> diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html index a29b1d7bb..2b0115d4a 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -656,7 +662,6 @@ if (isMetro()) document.getElementById("metroDetected").style.display="block"; document.getElementById("localBKU").style.display="block"; - document.getElementById("bkuButtonOnlineId").disabled = "true"; /* if (checkMandateSSO()) return; */ @@ -673,7 +678,6 @@ generateIFrame(iFrameURL); } function bkuHandyClicked() { - document.getElementById("bkuButtonHandyId").disabled = "true"; document.getElementById("localBKU").style.display="none"; /* if (checkMandateSSO()) return; */ @@ -836,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -854,15 +858,13 @@ <img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" - value="Karte" - id="bkuButtonOnlineId"/> + value="Karte" /> </div> <div id="bkuhandy"> <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" onClick="bkuHandyClicked();" tabindex="3" role="button" - value="HANDY" - id="bkuButtonHandyId"/> + value="HANDY" /> </div> </div> <div id="localBKU"> @@ -871,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -904,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -913,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html index 1a3e683de..07d018a94 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index a29b1d7bb..2b0115d4a 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -656,7 +662,6 @@ if (isMetro()) document.getElementById("metroDetected").style.display="block"; document.getElementById("localBKU").style.display="block"; - document.getElementById("bkuButtonOnlineId").disabled = "true"; /* if (checkMandateSSO()) return; */ @@ -673,7 +678,6 @@ generateIFrame(iFrameURL); } function bkuHandyClicked() { - document.getElementById("bkuButtonHandyId").disabled = "true"; document.getElementById("localBKU").style.display="none"; /* if (checkMandateSSO()) return; */ @@ -836,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -854,15 +858,13 @@ <img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" - value="Karte" - id="bkuButtonOnlineId"/> + value="Karte" /> </div> <div id="bkuhandy"> <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" onClick="bkuHandyClicked();" tabindex="3" role="button" - value="HANDY" - id="bkuButtonHandyId"/> + value="HANDY" /> </div> </div> <div id="localBKU"> @@ -871,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -904,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -913,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html index 1a3e683de..07d018a94 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html index 9a621998c..a9d73e0d3 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html @@ -444,16 +444,16 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 4eb5ea2ba..b373fb83d 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -1002,11 +1002,20 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <th>Beschreibung</th> </tr> <tr> - <td><span id="wwlbl_loadGeneralConfig_moaconfig_ssoPublicUrl2">Public URL Prefix</span></td> + <td>Public URL Prefix</td> <td>https://demo.egiz.gv.at/moa-id-auth/</td> - <td>URL-Prefix der MOA-ID Instanz. Diese URL wird für die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</td> + <td><p>URL-Prefix der MOA-ID Instanz. Diese URL wird für die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</p> + <p><strong>Hinweis:</strong> Wenn virtuelle IDPs aktiviert sind muss hier für jede virtuelle MOA-ID Instanz, der Public URL Prefix als Comma Separatet Value (CSV) eingetragen werden. <br> + (z.B.: https://demo.egiz.gv.at/moa-id-auth/,https://apps.egiz.gv.at/moa-id-auth/)</p></td> + </tr> + <tr> + <td>Virtuelle IDPs aktiviere</td> + <td> </td> + <td><p>Mit dieser Option können für diese MOA-ID Instanz mehrere virtuelle MOA-ID Instanzen, welche unter schiedenen Domains erreichbar sind aktiviert werden. Der Public URL-Prefix jeder virtuellen MOA-ID Instanz muss als Comma Separatet Value (CSV) im Konfigurationsfeld 'Public URL Prefix' angegeben werden.</p> + <p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) zwischen unterschiedlichen virtuellen IDPs ist NICHT möglich, da die Auslieferung des SSO http-Cookies durch die "Same Origin Policy" des Browers unterbunden wird.</p></td> </tr> </table> +<p> </p> <h4><a name="konfigurationsparameter_allgemein_bku" id="konfigurationsparameter_allgemein_bku"></a>3.1.2 Default BKUs</h4> <p>Hiermit werden die URLs zu den Default Bürgerkartenumgebungen (BKUs) definiert die von MOA-ID-Auth für einen Anmeldevorgang verwendet werden, wenn die Bürgerkartenauswahl nicht bereits auf Seiten der Online-Applikation erfolgt ist (siehe <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a>) oder in der Online-Applikationskonfiguration keine BKU URLs konfiguriert wurden (siehe <a href="#konfigurationsparameter_oa_bku">Kapitel 3.2.2</a>).</p> <table class="configtable"> @@ -1189,7 +1198,8 @@ Checking</td> </li> <li><strong>Privatwirtschaftlicher Bereich:</strong><strong></strong> Die MOA-ID-Auth Instanz ist einem privatwirtschaftlichen Bereich für SSO zugeordnet, steht SSO nur eingeschränkt zur Verfügung. Da laut E-Governmentgesetz die Errechnung eines wbPK aus der Stammzahl nicht beim Auftraggeber eines privaten Bereichs durchgeführt werden darf (vgl. E-Government Gesetz §12(1).4), und deshalb an die Bürgerkartenumgebung ausgelagert werden muss. In diesem Fall sind Anmeldungen mittels SSO nur für jenen privatwirtschaftlichen Bereich möglich dem auch der SSO Bereich zugeordnet wurde. </li> -</ol> + </ol> +<p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) ist zwischen virtellen IDPs (siehe <a href="#konfigurationsparameter_allgemein_publicurlprefix">Kapitel 3.1.1</a>) ist nicht möglich. Dem zur Folge kann ein Benutzer / eine Benutzerin mehrere aktive SSO Sessions bei unterschiedlichen virtuellen IDPs auf der selben physischen MOA-ID Instanz besitzen welche NICHT mittels SLO gemeinsam geschlossen werden.</p> <table class="configtable"> <tr> <th>Name</th> diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html index 3784075a3..0eab8f187 100644 --- a/id/server/doc/handbook/index.html +++ b/id/server/doc/handbook/index.html @@ -29,7 +29,7 @@ </div> <div class="container"> - <h2>Übersicht zur Dokumentation der Version 3.0.x </h2> + <h2>Übersicht zur Dokumentation der Version 3.1.x </h2> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html index 123a23837..2b0115d4a 100644 --- a/id/server/doc/htmlTemplates/BKU-selection.html +++ b/id/server/doc/htmlTemplates/BKU-selection.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -740,7 +746,7 @@ } } function onChangeChecks() { - if (top.innerWidth < 650) { + if (self.innerWidth < 650) { document.getElementById("moaidform").setAttribute("target","_parent"); } else { document.getElementById("moaidform").removeAttribute("target"); @@ -834,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -867,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -900,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -909,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html index 1a3e683de..07d018a94 100644 --- a/id/server/doc/htmlTemplates/sendAssertion.html +++ b/id/server/doc/htmlTemplates/sendAssertion.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 3aa5d9869..532b74209 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -96,6 +96,7 @@ <version>1.5.1</version>
</dependency> -->
+
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
@@ -167,6 +168,11 @@ </exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </dependency>
+
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
@@ -400,78 +406,6 @@ </dependency>
-->
-
-
- <!-- JSON JWT implementation -->
- <dependency>
- <groupId>com.googlecode.jsontoken</groupId>
- <artifactId>jsontoken</artifactId>
- <version>1.1</version>
- <exclusions>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <artifactId>google-collections</artifactId>
- <groupId>com.google.collections</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
-
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.10</version>
- </dependency>
-
- <!-- Google OAuth Client -->
- <dependency>
- <groupId>com.google.http-client</groupId>
- <artifactId>google-http-client-jackson2</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>com.google.oauth-client</groupId>
- <artifactId>google-oauth-client-jetty</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>DocumentService</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <classifier>classes</classifier>
- <exclusions>
- <exclusion>
- <artifactId>axis</artifactId>
- <groupId>org.apache.axis</groupId>
- </exclusion>
- <exclusion>
- <artifactId>bcprov-jdk16</artifactId>
- <groupId>org.bouncycastle</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jaxws-tools</artifactId>
- <groupId>com.sun.xml.ws</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -506,7 +440,7 @@ <groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.178</version>
- <scope>runtime</scope>
+ <scope>test</scope>
</dependency>
<!-- tools -->
@@ -538,6 +472,12 @@ </dependency> -->
+<!-- <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.5.1</version>
+ </dependency> -->
+
<!-- spring -->
<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 8ee32c54e..7ac026888 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.advancedlogging; import java.security.MessageDigest; +import java.util.Arrays; import java.util.Date; import java.util.List; -import com.google.common.primitives.Ints; - import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -47,7 +46,7 @@ public class MOAReversionLogger { private static MOAReversionLogger instance = null; - private static final List<Integer> defaultEventCodes = Ints.asList( + private static final List<Integer> defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, MOAIDEventConstants.SESSION_ERROR, @@ -69,8 +68,9 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER - ); - + ); + + public static synchronized MOAReversionLogger getInstance() { if (instance == null) { instance = new MOAReversionLogger(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index b3055eb34..038a35d42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -12,10 +12,8 @@ import java.security.GeneralSecurityException; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; -import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; @@ -136,50 +134,27 @@ public class MOAIDAuthInitializer { "http://www.w3.org/2001/04/xmldsig-more#"); Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - // Loads the configuration + // Initialize configuration provider + AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); + + //test, if MOA-ID is already configured + authConf.getPublicURLPrefix(); + + // Initialize MOA-SP + //MOA-SP is only use by API calls since MOA-ID 3.0.0 try { - AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); - - ConnectionParameter moaSPConnParam = authConf - .getMoaSpConnectionParameter(); - - // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK - if (moaSPConnParam == null) { - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider - .getInstance(); - new IaikConfigurator().configure(config); - } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex - .toString() }, ex); - } - } - - // Initializes IAIKX509TrustManager logging - /* - String log4jConfigURL = System.getProperty("log4j.configuration"); - Logger.info("Log4J Configuration: " + log4jConfigURL); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - */ - - // Initializes the Axis secure socket factory for use in calling the - // MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, - moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); - } - - - } catch (ConfigurationException e) { - Logger.error("MOA-ID-Auth start-up FAILED. Error during application configuration.", e); - System.exit(-1); - - } + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + + } + // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index b79b99a65..fe29dd2b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -139,10 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { AuthenticationData authdata = null; try { - Object saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance(); + //check if SAML1 authentication module is in Classpath + Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); - if (protocolRequest.getClass().isInstance(saml1Requst)) { - //request is SAML1 + if (saml1RequstTemplate != null && + saml1RequstTemplate.isInstance(protocolRequest)) { + //request is SAML1 --> invoke SAML1 protocol specific methods if (session.getExtendedSAMLAttributesOA() == null) { saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>()); @@ -314,7 +316,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //validate PVP 2.1 response try { SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); SAMLVerificationEngine.validateAssertion(intfResp, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 899b0fd15..d4350f97b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -95,6 +95,9 @@ public class DataURLBuilder { // dataURL = individualDataURLPrefix + authServletName; // } else + if (!authBaseURL.endsWith("/")) + authBaseURL += "/"; + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 02aaac8cb..d14910319 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -147,6 +147,9 @@ public class SendAssertionFormBuilder { value = value.replace(ACTION, action); value = value.replace(ID, id); value = value.replace(OANAME, oaParam.getFriendlyName()); + + if (contextpath.endsWith("/")) + contextpath = contextpath.substring(0, contextpath.length() - 1); value = value.replace(CONTEXTPATH, contextpath); value = FormBuildUtils.customiceLayoutBKUSelection(value, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index 8429baf23..4a6ecd56a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -152,8 +152,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); - issuer.setValue(serviceURL); + issuer.setValue(pendingReq.getAuthURLWithOutSlash()); issuer.setFormat(NameIDType.ENTITY); authReq.setIssuer(issuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 004961116..e659c9447 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -56,7 +56,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String ccc, String module, String action, - HttpServletRequest req) throws WrongParametersException, MOAIDException { + HttpServletRequest req, + IRequest protocolReq) throws WrongParametersException, MOAIDException { String targetFriendlyName = null; @@ -223,20 +224,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); moasession.setOAURLRequested(oaURL); - + //check AuthURL - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - + String authURL = protocolReq.getAuthURL(); if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed()) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); //set Auth URL from configuration - moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/"); + moasession.setAuthURL(authURL); //check and set SourceID if (oaParam.getSAML1Parameter() != null) { @@ -318,7 +314,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 2a63968dd..15d596049 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Enumeration; -import java.util.List; -import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -33,28 +31,18 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; - import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class GenerateIFrameTemplateServlet extends AuthServlet { @@ -139,6 +127,25 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (ProcessExecutionException e) { + Throwable cause = e.getCause(); + if (cause != null && cause instanceof TaskExecutionException) { + Throwable taskCause = cause.getCause(); + if (taskCause != null && taskCause instanceof WrongParametersException) { + WrongParametersException internalEx = (WrongParametersException) taskCause; + handleWrongParameters(internalEx, req, resp); + return; + + } else if (taskCause != null && taskCause instanceof MOAIDException) { + MOAIDException moaTaskCause = (MOAIDException) taskCause; + handleError(null, moaTaskCause, req, resp, pendingRequestID); + return; + + } + } + + Logger.error("BKUSelectionServlet has an interal Error.", e); } catch (Exception e) { Logger.error("BKUSelectionServlet has an interal Error.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 0a6d30be7..fe5cd1ac0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -62,6 +63,23 @@ public class IDPSingleLogOutServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("receive IDP SingleLogOut Request"); + + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + try { + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed"); + return; + + } + + } catch (MOAIDException e) { + Logger.error("Internal Server Error.", e); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error"); + return; + + } + SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); @@ -109,7 +127,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { AuthenticationSession authSession = AuthenticationSessionStoreage .getSession(moaSessionID); if(authSession != null) { - authmanager.performSingleLogOut(req, resp, authSession, null); + authmanager.performSingleLogOut(req, resp, authSession, authURL); return; } @@ -142,7 +160,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { } else { //print SLO information directly - redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = HTTPUtils.extractAuthURLFromRequest(req) + "/idpSingleLogout"; String artifact = Random.nextRandom(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index c1e084a59..53187088e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -60,6 +60,7 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -85,14 +86,14 @@ public class LogOutServlet extends AuthServlet { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); } else { //return an error if RedirectURL is not a active Online-Applikation OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); if (oa == null) { Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 7dd8645c6..a914659b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.util.FormBuildUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -64,8 +65,10 @@ public class RedirectServlet extends AuthServlet{ OAAuthParameter oa = null; String redirectTarget = DEFAULT_REDIRECTTARGET; try { - oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); - if (oa == null && !url.startsWith(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix())) { + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + + if (oa == null && !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index 1d8ea4cd4..1f9259696 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -90,12 +90,15 @@ public interface AuthConfiguration extends ConfigurationProvider{ public boolean isAdvancedLoggingActive(); /** - * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. + * Returns the PublicURLPrefix. * - * @return the PublicURLPrefix without trailing slash or {@code null} + * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / + * @throws ConfigurationException if no PublicURLPrefix is found. */ - public String getPublicURLPrefix(); + public List<String> getPublicURLPrefix() throws ConfigurationException; + public boolean isVirtualIDPsEnabled(); + public boolean isPVP2AssertionEncryptionActive(); public boolean isCertifiacteQCActive(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java index 38135b028..9812f346d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -65,7 +65,7 @@ public class AuthConfigurationProviderFactory { instance = new PropertyBasedAuthConfigurationProvider(fileURI); } catch (URISyntaxException e){ - Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix."); + Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e); throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index dce7de526..18926046c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -6,6 +6,7 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.net.MalformedURLException; import java.net.URI; +import java.net.URL; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -21,8 +22,15 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -48,6 +56,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide private final Properties properties = new Properties(); private ApplicationContext context = null; + private boolean requireJDBCBackupImplementation = false; + public PropertyBasedAuthConfigurationProvider() { } @@ -84,6 +94,20 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); acbFactory.autowireBean(this); + //Some databases do not allow the selection of a lob in SQL where expression + String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + requireJDBCBackupImplementation = true; + Logger.info("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + } + } + + } catch (FileNotFoundException e) { throw new ConfigurationException("config.03", null, e); @@ -796,20 +820,47 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return Boolean.valueOf(prop); } - /** - * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. - * - * @return the PublicURLPrefix or {@code null} - */ - public String getPublicURLPrefix() { - try { - return configuration.getStringValue( - MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + public List<String> getPublicURLPrefix() throws ConfigurationException{ + try { + String publicURLPrefixList = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + List<String> returnValues = new ArrayList<String>(); + if (publicURLPrefixList != null) { + publicURLPrefixList = KeyValueUtils.normalizeCSVValueString(publicURLPrefixList); + List<String> publicURLPrefixArray = Arrays.asList(publicURLPrefixList.split(",")); + Logger.trace("Found " + publicURLPrefixArray.size() + " PublicURLPrefix in configuration."); + + + for (String el : publicURLPrefixArray) { + try { + new URL(el); + if (el.endsWith("/")) + returnValues.add(el.substring(0, el.length()-1)); + else + returnValues.add(el); + + } catch (MalformedURLException e) { + Logger.warn("IDP PublicURLPrefix URL " + el + " is not a valid URL", e); + } + } + } + + if (returnValues.size() > 0) + return returnValues; + + else { + Logger.warn("MOA-ID PublicURLPrefix is not found in configuration."); + throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}); + + } + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); - return null; + throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}, e); + } + } /** @@ -988,9 +1039,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide Logger.trace("Get active OnlineApplication with ID " + id + " from database."); Map<String, String> oaConfig = null; try { - //OracleDB does not allow the selection of a lob in SQL where expression + + //TODO: + //Some databases do not allow the selection of a lob in SQL where expression String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); - if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.")) + if (requireJDBCBackupImplementation) oaConfig = configuration.getOnlineApplicationBackupVersion(id); else @@ -1125,4 +1178,24 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide else return getMoaSpIdentityLinkTrustProfileID(); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled() + */ + @Override + public boolean isVirtualIDPsEnabled() { + try { + String value = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED); + if (MiscUtil.isNotEmpty(value)) { + return Boolean.valueOf(value); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("Error during 'isVirutalIDPsEnabled' load operationen." , e); + + } + + return false; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index d1e04e107..a4bba8b19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -75,6 +75,7 @@ public class SLOInformationContainer implements Serializable { if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) activeBackChannelOAs.put(oa.getOaurlprefix(), new SLOInformationImpl( + oa.getAuthURL(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -84,6 +85,7 @@ public class SLOInformationContainer implements Serializable { else activeFrontChannalOAs.put(oa.getOaurlprefix(), new SLOInformationImpl( + oa.getAuthURL(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -123,6 +125,7 @@ public class SLOInformationContainer implements Serializable { activeFrontChannalOAs.put(el.getIdpurlprefix(), new SLOInformationImpl( + el.getAuthURL(), el.getSessionIndex(), el.getUserNameID(), NameID.TRANSIENT, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java index 55b213702..55a56056d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java @@ -39,17 +39,23 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable private String nameIDFormat = null; private String binding = null; private String serviceURL = null; + private String authURL = null; - public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) { - new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null); + public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType) { + new SLOInformationImpl(authURL, sessionID, nameID, nameIDFormat, protocolType, null); } - public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { + public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { this.sessionIndex = sessionID; this.nameID = nameID; this.nameIDFormat = nameIDFormat; this.protocolType = protocolType; + if (authURL.endsWith("/")) + this.authURL = authURL.substring(0, authURL.length()-1); + else + this.authURL = authURL; + if (sloService != null) { this.binding = sloService.getBinding(); this.serviceURL = sloService.getLocation(); @@ -148,6 +154,13 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable public String getServiceURL() { return serviceURL; } + + /** + * @return the authURL from requested IDP without ending / + */ + public String getAuthURL() { + return authURL; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 771c9a35e..ce44db215 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; - import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -45,7 +44,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; - +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -86,13 +85,18 @@ public class DispatcherServlet extends AuthServlet{ MOAIDAuthInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage( "init.00", null)); + + Logger.info("Dispatcher Servlet initialization finished."); + } catch (Exception ex) { Logger.fatal( MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); + + //throw new ServletException(ex); + } - Logger.info("Dispatcher Servlet initialization finished."); + } protected void processRequest(HttpServletRequest req, @@ -364,7 +368,10 @@ public class DispatcherServlet extends AuthServlet{ } catch (AuthnRequestValidatorException e) { //log Error Message StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(e, e.getErrorRequest()); + logger.logErrorOperation(e, e.getErrorRequest()); + + //TODO: maybe add some error message handling??? + return; }catch (InvalidProtocolRequestException e) { @@ -377,6 +384,13 @@ public class DispatcherServlet extends AuthServlet{ "(Errorcode=" + code + " | Description=" + descr + ")"); return; + } catch (ConfigurationException e) { + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + + "(Errorcode=9199" + +" | Description="+ e.getMessage() + ")"); + return; + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); @@ -544,7 +558,7 @@ public class DispatcherServlet extends AuthServlet{ try { //Store OA specific SSO session information AuthenticationSessionStoreage.addSSOInformation(moasessionID, - newSSOSessionId, assertionID, protocolRequest.getOAURL()); + newSSOSessionId, assertionID, protocolRequest); } catch (AuthenticationException e) { Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 39cb5b9c8..c38bbc68f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -52,7 +52,6 @@ import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; @@ -72,9 +71,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -82,12 +82,11 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; - import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; @@ -98,6 +97,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -167,7 +168,20 @@ public class AuthenticationManager extends MOAIDAuthConstants { } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + performSingleLogOut(httpReq, httpResp, session, pvpReq, null); + + } + + public void performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + performSingleLogOut(httpReq, httpResp, session, null, authURL); + + } + + + private void performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; @@ -176,6 +190,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); pvpSLOIssuer = logOutReq.getIssuer().getValue(); inboundRelayState = samlReq.getRelayState(); + } SSOManager ssomanager = SSOManager.getInstance(); @@ -195,7 +210,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); - sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + sloContainer.putFailedOA(pvpReq.getAuthURL()); } @@ -219,8 +234,13 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " FAILED. NO LogOut response received."); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + } else { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifySLOResponse(sloResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + } - + SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp); } catch (SOAPException e) { @@ -228,7 +248,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " FAILED.", e); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); - } catch (SecurityException e) { + } catch (SecurityException | InvalidProtocolRequestException e) { Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + " FAILED.", e); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); @@ -258,7 +278,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { AssertionStorage.getInstance().put(relayState, sloContainer); - String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + if (MiscUtil.isEmpty(authURL)) + authURL = pvpReq.getAuthURL(); + + String timeOutURL = authURL + "/idpSingleLogout" + "?restart=" + relayState; @@ -381,7 +404,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + target.getAuthURL()); MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); @@ -450,7 +473,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); + String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0); issuer.setValue(serviceURL); issuer.setFormat(NameIDType.ENTITY); @@ -470,28 +493,27 @@ public class AuthenticationManager extends MOAIDAuthConstants { SAML2Utils.createSAMLObject(AuthnContextClassRef.class); //check if STORK protocol module is in ClassPath - Object storkRequst = null; + Class<?> storkRequstTemplate = null; Integer storkSecClass = null; try { - storkRequst = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest").newInstance(); - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest"); + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null); storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null); } - } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { + } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { } - - - if (sp != null && sp.isSTORKPVPGateway()){ + + if (sp != null && sp.isSTORKPVPGateway()) { //use PVP SecClass instead of STORK QAA level String secClass = null; - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { try { secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( @@ -509,8 +531,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3"); } else { - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { //use requested QAA level from STORK request try { authnClassRef.setAuthnContextClassRef( @@ -525,7 +547,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) + if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) + //TODO: switch to eIDAS QAA-levels authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); } @@ -692,7 +715,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { //Build authentication form - String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + String publicURLPreFix = target.getAuthURL(); + if (publicURLPreFix.endsWith("/")) + publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); @@ -714,6 +739,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { out.flush(); } } catch (ProcessExecutionException e) { + Throwable cause = e.getCause(); + if (cause != null && cause instanceof TaskExecutionException) { + Throwable taskCause = cause.getCause(); + if (taskCause != null && taskCause instanceof MOAIDException) { + MOAIDException moaTaskCause = (MOAIDException) taskCause; + Logger.warn(taskCause); + throw moaTaskCause; + + } + } + throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 6f43b3ee7..4ae271bbc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -49,5 +49,13 @@ public interface IRequest { public List<Attribute> getRequestedAttributes(); public IOAAuthParameters getOnlineApplicationConfiguration(); + /** + * get the IDP URL PreFix, which was used for authentication request + * + * @return IDP URL PreFix <String>. The URL prefix always ends without / + */ + public String getAuthURL(); + public String getAuthURLWithOutSlash(); + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 26fb7bd29..cdaade1bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -23,15 +23,24 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; +import java.net.MalformedURLException; +import java.net.URL; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; public abstract class RequestImpl implements IRequest, Serializable{ - + private static final long serialVersionUID = 1L; private String oaURL; @@ -44,12 +53,79 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String requestID; private String sessionIdentifier; private IOAAuthParameters OAConfiguration = null; + private String authURL = null; //MOA-ID interfederation private String requestedIDP = null; private MOAResponse response = null; /** + * @throws ConfigurationException + * + */ + public RequestImpl(HttpServletRequest req) throws ConfigurationException { + String authURLString = HTTPUtils.extractAuthURLFromRequest(req); + URL authURL; + try { + authURL = new URL(authURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); + List<String> configuredPublicURLPrefix = config.getPublicURLPrefix(); + + if (!config.isVirtualIDPsEnabled()) { + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + this.authURL = configuredPublicURLPrefix.get(0); + + } else { + Logger.debug("Extract AuthenticationServiceURL: " + authURLString); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = authURL.getPort(); + if (authURLPort == -1) + authURLPort = authURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(authURL.getHost()) && + configPort == authURLPort && + configuredURL.getPath().equals(authURL.getPath())) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + authURLString); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{authURLString}); + + } else { + this.authURL = resultURL.toExternalForm(); + + } + } + } + + /** * This method map the protocol specific requested attributes to PVP 2.1 attributes. * * @return List of PVP 2.1 attributes with maps all protocol specific attributes @@ -169,4 +245,27 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.OAConfiguration = oaConfig; } + + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + public String getAuthURLWithOutSlash() { + if (authURL.endsWith("/")) + return authURL.substring(0, authURL.length()-1); + else + return authURL; + + } + +// /** +// * @param authURL the authURL to set +// */ +// public void setAuthURL(String authURL) { +// this.authURL = authURL; +// } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 9f8b6610f..9327cabd7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -102,10 +102,10 @@ public class AttributQueryAction implements IAction { List<String> attrList = addDefaultAttributes(attrQuery, authData); //build PVP 2.1 assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex()); + Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex()); //build PVP 2.1 response - Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion); + Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion); try { SoapBinding decoder = new SoapBinding(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 1b187d82e..50f91df44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -110,7 +110,7 @@ public class MetadataAction implements IAction { // .setEntityID(PVPConfiguration.getInstance().getIDPSSOMetadataService()); idpEntityDescriptor - .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); + .setEntityID(req.getAuthURLWithOutSlash()); idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); @@ -139,10 +139,10 @@ public class MetadataAction implements IAction { idpEntitiesDescriptor.setSignature(signature); //set IDP metadata - idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator)); + idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(req, keyInfoGenerator)); //set SP metadata for interfederation - idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator)); + idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(req, keyInfoGenerator)); DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory @@ -190,7 +190,7 @@ public class MetadataAction implements IAction { return (PVP2XProtocol.METADATA); } - private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + private RoleDescriptor generateSPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { Logger.debug("Set SP Metadata key information"); @@ -248,7 +248,7 @@ public class MetadataAction implements IAction { postassertionConsumerService.setIndex(0); postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); postassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSOPostService()); + .getInstance().getSPSSOPostService(req.getAuthURL())); postassertionConsumerService.setIsDefault(true); spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); @@ -257,7 +257,7 @@ public class MetadataAction implements IAction { redirectassertionConsumerService.setIndex(1); redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); redirectassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService()); + .getInstance().getSPSSORedirectService(req.getAuthURL())); spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); @@ -273,7 +273,7 @@ public class MetadataAction implements IAction { SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); redirectSLOService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService()); + .getInstance().getSPSSORedirectService(req.getAuthURL())); redirectSLOService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); @@ -293,7 +293,7 @@ public class MetadataAction implements IAction { return spSSODescriptor; } - private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + private IDPSSODescriptor generateIDPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { // //set SignatureMethode @@ -325,12 +325,12 @@ public class MetadataAction implements IAction { idpSSODescriptor.setWantAuthnRequestsSigned(true); - if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + if (PVPConfiguration.getInstance().getIDPSSOPostService(req.getAuthURL()) != null) { //add SSO descriptor SingleSignOnService postSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); postSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSOPostService()); + .getInstance().getIDPSSOPostService(req.getAuthURL())); postSingleSignOnService .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); idpSSODescriptor.getSingleSignOnServices().add( @@ -347,12 +347,12 @@ public class MetadataAction implements IAction { } - if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + if (PVPConfiguration.getInstance().getIDPSSORedirectService(req.getAuthURL()) != null) { //add SSO descriptor SingleSignOnService redirectSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); redirectSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); + .getInstance().getIDPSSORedirectService(req.getAuthURL())); redirectSingleSignOnService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); idpSSODescriptor.getSingleSignOnServices().add( @@ -362,7 +362,7 @@ public class MetadataAction implements IAction { SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); redirectSLOService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); + .getInstance().getIDPSSORedirectService(req.getAuthURL())); redirectSLOService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 0c7502003..ee5685e5f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.io.IOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -55,8 +56,6 @@ import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.signature.SignableXMLObject; -import java.util.Arrays; - import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; @@ -76,12 +75,9 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; @@ -92,12 +88,16 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSuppor import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; @@ -210,7 +210,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if(METADATA.equals(action)) { - return new PVPTargetConfiguration(); + return new PVPTargetConfiguration(request); } @@ -231,7 +231,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { SAMLVerificationEngine engine = new SAMLVerificationEngine(); engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); msg.setVerified(true); - + } if (msg instanceof MOARequest && @@ -387,7 +387,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { samlResponse.setIssueInstant(new DateTime()); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(pvpRequest.getAuthURLWithOutSlash()); nissuer.setFormat(NameID.ENTITY); samlResponse.setIssuer(nissuer); @@ -460,7 +460,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { HttpServletResponse response, InboundMessage inMsg, String sessionId, String transactionId) throws MOAIDException { - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); MOARequest msg; if (inMsg instanceof MOARequest && @@ -496,13 +496,24 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); - if (!resp.getDestination().startsWith( - PVPConfiguration.getInstance().getIDPPublicPath())) { + List<String> allowedPublicURLPrefix = + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + boolean isAllowedDestination = false; + + for (String prefix : allowedPublicURLPrefix) { + if (!resp.getDestination().startsWith( + prefix)) { + isAllowedDestination = true; + break; + } + } + + if (!isAllowedDestination) { Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null); } - + //TODO: check if relayState exists inMsg.getRelayState(); @@ -533,7 +544,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { //validate destination String destinaten = attrQuery.getDestination(); - if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) { + if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) { Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL"); throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null); @@ -558,7 +569,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); config.setRequest(moaRequest); config.setOAURL(moaRequest.getEntityID()); config.setOnlineApplicationConfiguration(oa); @@ -586,7 +597,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if(!(samlReq instanceof AuthnRequest)) { throw new MOAIDException("Unsupported request", new Object[] {}); } - + EntityDescriptor metadata = moaRequest.getEntityMetadata(); if(metadata == null) { throw new NoMetadataInformationException(); @@ -607,14 +618,30 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } + //parse AssertionConsumerService AssertionConsumerService consumerService = null; if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) { - //use AssertionConsumerServiceURL from request - consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - consumerService.setBinding(authnRequest.getProtocolBinding()); - consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + //use AssertionConsumerServiceURL from request + + //check requested AssertionConsumingService URL against metadata + List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices(); + for (AssertionConsumerService service : metadataAssertionServiceList) { + if (authnRequest.getProtocolBinding().equals(service.getBinding()) + && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) { + consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(authnRequest.getProtocolBinding()); + consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Requested AssertionConsumerServiceURL is valid."); + } + } + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL()); + + } + } else { //use AssertionConsumerServiceIndex and select consumerService from metadata @@ -633,9 +660,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if (consumerService == null) { throw new InvalidAssertionConsumerServiceException(aIdx); - } + } } + //select AttributeConsumingService from request AttributeConsumingService attributeConsumer = null; Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); @@ -669,7 +697,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); config.setOAURL(oaURL); config.setOnlineApplicationConfiguration(oa); config.setBinding(consumerService.getBinding()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 74b20356e..0b402a0fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -26,6 +26,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.impl.AuthnRequestImpl; @@ -46,6 +48,16 @@ import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public PVPTargetConfiguration(HttpServletRequest req) + throws ConfigurationException { + super(req); + + } + private static final long serialVersionUID = 4889919265919638188L; InboundMessage request; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index b567798fa..582f5939d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -23,42 +23,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.io.Serializable; -import java.io.StringWriter; import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; import java.util.List; -import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.SerializationUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Status; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -67,35 +45,22 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MessageProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -134,7 +99,7 @@ public class SingleLogOutAction implements IAction { SSOManager ssomanager = SSOManager.getInstance(); String ssoID = ssomanager.getSSOSessionID(httpReq); if (MiscUtil.isEmpty(ssoID)) { - Logger.warn("Can not find active Session. Single LogOut not possible!"); + Logger.info("Can not find active Session. Single LogOut not possible!"); SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); @@ -148,7 +113,7 @@ public class SingleLogOutAction implements IAction { session = AuthenticationSessionStoreage.getSession(moasession); } catch (MOADatabaseException e) { - Logger.warn("Can not find active Session. Single LogOut not possible!"); + Logger.info("Can not find active Session. Single LogOut not possible!"); SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); @@ -259,7 +224,7 @@ public class SingleLogOutAction implements IAction { } else { //print SLO information directly - redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = req.getAuthURL() + "/idpSingleLogout"; String artifact = Random.nextRandom(); @@ -275,7 +240,7 @@ public class SingleLogOutAction implements IAction { } //redirect to Redirect Servlet - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = httpResp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 65400444d..b8f7e6d80 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -33,28 +33,26 @@ import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -62,6 +60,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -159,11 +160,11 @@ public class PostBinding implements IDecoder, IEncoder { //set metadata descriptor type if (isSPEndPoint) { messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); } else { messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); } } catch (ConfigurationException e) { @@ -171,7 +172,16 @@ public class PostBinding implements IDecoder, IEncoder { } messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - + + //set security policy context + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add( + new MOAPVPSignedRequestPolicyRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine(), + messageContext.getPeerEntityRole())); + SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(secResolver); + decode.decode(messageContext); InboundMessage msg = null; @@ -197,8 +207,9 @@ public class PostBinding implements IDecoder, IEncoder { if (MiscUtil.isEmpty(msg.getEntityID())) Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); } - - msg.setVerified(false); + + + msg.setVerified(true); msg.setRelayState(messageContext.getRelayState()); return msg; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 9a505a7b0..f48d216dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -62,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -149,11 +150,11 @@ public class RedirectBinding implements IDecoder, IEncoder { //set metadata descriptor type if (isSPEndPoint) { messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); } else { messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); } } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index fee508d33..c1e94ff36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -37,7 +37,6 @@ import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.soap.client.BasicSOAPMessageContext; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -51,7 +50,6 @@ import org.opensaml.xml.signature.SignableXMLObject; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -72,9 +70,23 @@ public class SoapBinding implements IDecoder, IEncoder { messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); - //messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - + + //TODO: update in a futher version: + // requires a special SignedSOAPRequestPolicyRole because + // messageContext.getInboundMessage() is not directly signed + + //set security context +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new MOAPVPSignedRequestPolicyRule( +// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), +// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); + + //decode message soapDecoder.decode(messageContext); Envelope inboundMessage = (Envelope) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 91888df5c..ebbafd4e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -127,7 +127,7 @@ public class AttributQueryBuilder { query.setIssueInstant(now); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath().get(0)); nissuer.setFormat(NameID.ENTITY); query.setIssuer(nissuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index 4959df16c..24c2626e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -66,13 +66,15 @@ import at.gv.egovernment.moa.logging.Logger; */ public class AuthResponseBuilder { - public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { + public static Response buildResponse(String authURL, RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + if (authURL.endsWith("/")) + authURL = authURL.substring(0, authURL.length()-1); + nissuer.setValue(authURL); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(req.getID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 50f42d928..dbbc21ec9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -27,8 +27,11 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; import org.joda.time.DateTime; +import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; @@ -43,15 +46,18 @@ import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusMessage; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SSODescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -63,7 +69,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -215,8 +220,8 @@ public class SingleLogOutBuilder { } DateTime now = new DateTime(); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(sloInfo.getAuthURL()); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); @@ -228,7 +233,35 @@ public class SingleLogOutBuilder { nameID.setFormat(sloInfo.getUserNameIDFormat()); nameID.setValue(sloInfo.getUserNameIdentifier()); sloReq.setNameID(nameID ); - + + //sign message + try { + X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(idpSigningCredential); + sloReq.setSignature(signer); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(sloReq); + out.marshall(sloReq, document); + + Signer.signObject(signer); + + } catch (Exception e) { + Logger.error("Single LogOut request signing FAILED!", e); + throw new MOAIDException("pvp2.19", null); + + } + return sloReq; } @@ -277,7 +310,7 @@ public class SingleLogOutBuilder { private static LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setValue(spRequest.getAuthURLWithOutSlash()); issuer.setFormat(NameID.ENTITY); sloResp.setIssuer(issuer); sloResp.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index d80ddba25..065118e2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -90,7 +90,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(AttributeQuery attrQuery, + public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery, List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { @@ -136,12 +136,12 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = null; - return buildGenericAssertion(attrQuery.getIssuer().getValue(), date, + return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, new DateTime(authData.getSsoSessionValidTo().getTime())); } - public static Assertion buildAssertion(AuthnRequest authnRequest, + public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest, IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { @@ -416,10 +416,25 @@ public class PVP2AssertionBuilder implements PVPConstants { sloInformation.setNameIDFormat(subjectNameID.getFormat()); sloInformation.setSessionIndex(sessionIndex); - return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); } - public static Assertion buildGenericAssertion(String entityID, DateTime date, + /** + * + * @param authURL IDP PublicURL PreFix + * @param entityID Service Provider EntityID + * @param date + * @param authnContextClassRef + * @param attrList + * @param subjectNameID + * @param subjectConfirmationData + * @param sessionIndex + * @param isValidTo + * @return + * @throws ConfigurationException + */ + + private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date, AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, String sessionIndex, DateTime isValidTo) throws ConfigurationException { @@ -471,7 +486,9 @@ public class PVP2AssertionBuilder implements PVPConstants { Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + if (authURL.endsWith("/")) + authURL = authURL.substring(0, authURL.length()-1); + issuer.setValue(authURL); issuer.setFormat(NameID.ENTITY); assertion.setIssuer(issuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index dc3b787e4..47d7a29b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -121,43 +121,46 @@ public class PVPConfiguration { } } - public String getIDPPublicPath() throws ConfigurationException { - String publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - if(publicPath != null) { - if(publicPath.endsWith("/")) { - int length = publicPath.length(); - publicPath = publicPath.substring(0, length-1); - } + public List<String> getIDPPublicPath() throws ConfigurationException { + List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + List<String> returnvalue = new ArrayList<String>(); + for (String el : publicPath) { + if(el.endsWith("/")) { + int length = el.length(); + returnvalue.add(el.substring(0, length-1)); + + } else + returnvalue.add(el); } - return publicPath; + return returnvalue; } - public String getSPSSOPostService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_SP_POST; + public String getSPSSOPostService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_SP_POST; } - public String getSPSSORedirectService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_SP_REDIRECT; + public String getSPSSORedirectService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_SP_REDIRECT; } - public String getIDPSSOPostService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_POST; + public String getIDPSSOPostService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_POST; } - public String getIDPSSORedirectService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_REDIRECT; + public String getIDPSSORedirectService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_REDIRECT; } - public String getIDPSSOSOAPService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_SOAP; + public String getIDPSSOSOAPService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_SOAP; } - public String getIDPAttributeQueryService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_ATTRIBUTEQUERY; + public String getIDPAttributeQueryService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_ATTRIBUTEQUERY; } - public String getIDPSSOMetadataService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_METADATA; + public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_METADATA; } public String getIDPKeyStoreFilename() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java index 94a4e8226..392569366 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java @@ -34,6 +34,15 @@ public class InvalidAssertionConsumerServiceException extends PVP2Exception { /** * */ + public InvalidAssertionConsumerServiceException(String wrongURL) { + super("pvp2.23", new Object[]{wrongURL}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + + } + + /** + * + */ private static final long serialVersionUID = 7861790149343943091L; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index a31258784..059e68865 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -82,10 +82,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { SLOInformationImpl sloInformation = new SLOInformationImpl(); //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData, peerEntity, date, consumerService, sloInformation); - Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion); + Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion); IEncoder binding = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 4d12c38da..75ef7e5a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -57,6 +57,15 @@ public class MOASAMLSOAPClient { BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); soapContext.setOutboundMessage(soapRequest); + + //set security policy context +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new MOAPVPSignedRequestPolicyRule( +// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), +// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); +// soapContext.setSecurityPolicyResolver(secResolver); HttpClientBuilder clientBuilder = new HttpClientBuilder(); if (destination.startsWith("https")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java new file mode 100644 index 000000000..f62410656 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java @@ -0,0 +1,187 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import javax.xml.namespace.QName; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.message.MessageContext; +import org.opensaml.ws.security.SecurityPolicyException; +import org.opensaml.ws.security.SecurityPolicyRule; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule { + + private SignatureTrustEngine trustEngine = null; + private QName peerEntityRole = null; + /** + * @param peerEntityRole + * + */ + public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) { + this.trustEngine = trustEngine; + this.peerEntityRole = peerEntityRole; + + } + + + /** + * Reload the PVP metadata for a given entity + * + * @param entityID for which the metadata should be refreshed. + * @return true if the refresh was successful, otherwise false + */ + protected abstract boolean refreshMetadataProvider(String entityID); + + + protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData); + + /* (non-Javadoc) + * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + */ + @Override + public void evaluate(MessageContext context) throws SecurityPolicyException { + try { + verifySignature(context); + + } catch (SecurityPolicyException e) { + if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer()); + if (!refreshMetadataProvider(context.getInboundMessageIssuer())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + verifySignature(context); + + } + Logger.trace("Second PVP2X message validation finished"); + + } + + + } + + private void verifySignature(MessageContext context) throws SecurityPolicyException { + SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage()); + if (samlObj != null && samlObj.getSignature() != null) { + + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + performSchemaValidation(samlObj.getDOM()); + + } catch (ValidationException e) { + Logger.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } catch (SchemaValidationException e) { + Logger.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } + + + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) ); + criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new SecurityPolicyException("Signature validation FAILED."); + + } + Logger.debug("PVP AuthnRequest signature valid."); + + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage()); + throw new SecurityPolicyException("Signature validation FAILED."); + + } + + } else { + throw new SecurityPolicyException("Request is not signed."); + + } + + } + + private void performSchemaValidation(Element source) throws SchemaValidationException { + + String err = null; + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + val.validate(new DOMSource(source)); + Logger.debug("Schema validation check done OK"); + return; + + } catch (SAXException e) { + err = e.getMessage(); + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Schema validation FAILED with exception:", e); + else + Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } catch (Exception e) { + err = e.getMessage(); + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Schema validation FAILED with exception:", e); + else + Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } + + throw new SchemaValidationException("pvp2.22", new Object[]{err}); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java new file mode 100644 index 000000000..932f3b818 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java @@ -0,0 +1,70 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; + +/** + * @author tlenz + * + */ +public class MOAPVPSignedRequestPolicyRule extends + AbstractRequestSignedSecurityPolicyRule { + + /** + * @param trustEngine + * @param peerEntityRole + */ + public MOAPVPSignedRequestPolicyRule(SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + return MOAMetadataProvider.getInstance().refreshMetadataProvider(entityID); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof SignableSAMLObject) + return (SignableSAMLObject) inboundData; + + else + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 70b778c49..812e27a36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; import java.util.ArrayList; import java.util.List; +import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; @@ -61,7 +62,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -74,7 +75,6 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class SAMLVerificationEngine { - public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { try { @@ -83,7 +83,7 @@ public class SAMLVerificationEngine { verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); } catch (InvalidProtocolRequestException e) { if (MiscUtil.isEmpty(msg.getEntityID())) { @@ -102,15 +102,24 @@ public class SAMLVerificationEngine { verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); } Logger.trace("Second PVP2X message validation finished"); } } + public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{ + verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } - public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException{ + public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { + verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } + + private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -127,7 +136,7 @@ public class SAMLVerificationEngine { CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) ); criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); try { @@ -175,10 +184,20 @@ public class SAMLVerificationEngine { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); - if (validateDestination && !samlResp.getDestination().startsWith( - PVPConfiguration.getInstance().getIDPPublicPath())) { + List<String> allowedPublicURLPrefix = + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + boolean isValidDestination = false; + for (String allowedPreFix : allowedPublicURLPrefix) { + if (validateDestination && samlResp.getDestination().startsWith( + allowedPreFix)) { + isValidDestination = true; + break; + + } + } + if (!isValidDestination) { Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); - throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index d1582b883..9dee39fe8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -377,7 +377,7 @@ public class AuthenticationSessionStoreage { } public static void addSSOInformation(String moaSessionID, String SSOSessionID, - SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException { + SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { AuthenticatedSessionStore dbsession; Transaction tx = null; @@ -412,7 +412,7 @@ public class AuthenticationSessionStoreage { //check if OA already has an active OA session if (dbsession.getActiveOAsessions() != null) { for (OASessionStore el : dbsession.getActiveOAsessions()) { - if (el.getOaurlprefix().equals(OAUrl)) + if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) activeOA = el; } } @@ -421,7 +421,7 @@ public class AuthenticationSessionStoreage { activeOA = new OASessionStore(); //set active OA applications - activeOA.setOaurlprefix(OAUrl); + activeOA.setOaurlprefix(protocolRequest.getOAURL()); activeOA.setMoasession(dbsession); activeOA.setCreated(new Date()); @@ -432,6 +432,7 @@ public class AuthenticationSessionStoreage { activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); activeOA.setProtocolType(SLOInfo.getProtocolType()); activeOA.setAttributeQueryUsed(false); + activeOA.setAuthURL(protocolRequest.getAuthURL()); } @@ -463,10 +464,10 @@ public class AuthenticationSessionStoreage { tx.commit(); if (SLOInfo != null) - Logger.info("Add SSO-Session login information for OA: " + OAUrl + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() + " and AssertionID: " + SLOInfo.getSessionIndex()); else - Logger.info("Add SSO-Session login information for OA: " + OAUrl); + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); } @@ -887,6 +888,7 @@ public class AuthenticationSessionStoreage { idp = new InterfederationSessionStore(); idp.setCreated(now); idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); + idp.setAuthURL(req.getAuthURL()); try { OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance(). diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 1f08d9019..2aceb833c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -156,5 +156,21 @@ public class HTTPUtils { return buffer.toString(); } + + /** + * Extract the IDP PublicURLPrefix from authrequest + * + * @param req HttpServletRequest + * @return PublicURLPrefix <String> which ends always without / + */ + public static String extractAuthURLFromRequest(HttpServletRequest req) { + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath()); + return authURL; + + } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index ac5a5be60..cabf1557e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -79,6 +79,7 @@ config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterl config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
config.23=Fehler beim initialisieren von OpenSAML
config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
+config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -265,6 +266,7 @@ pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abg pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
+pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index fa332f0c7..342d54f7f 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -58,6 +58,7 @@ config.21=9006 config.22=9008 config.23=9199 config.24=9199 +config.25=9199 parser.00=1101 parser.01=1101 diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 123a23837..2b0115d4a 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -740,7 +746,7 @@ } } function onChangeChecks() { - if (top.innerWidth < 650) { + if (self.innerWidth < 650) { document.getElementById("moaidform").setAttribute("target","_parent"); } else { document.getElementById("moaidform").removeAttribute("target"); @@ -834,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -867,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -900,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -909,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html index 033a574b9..07d018a94 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -1,554 +1,617 @@ -<!DOCTYPE html> +<!DOCTYPE html> <html> <head> -<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> -<!-- MOA-ID 2.x BKUSelection Layout CSS --> -<style type="text/css"> -@media screen and (min-width: 650px) { - body { - margin: 0; - padding: 0; - color: #000; - background-color: #fff; - text-align: center; - background-color: #6B7B8B; - } - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - border-radius: 5px; - } - #bkuselectionarea button { - font-size: 0.85em; - border-radius: 7px; - margin-bottom: 25px; - } - #mandateLogin { - font-size: 0.85em; - } - #bku_header h2 { - font-size: 0.8em; - } - #page { - display: block; - border: 2px solid rgb(0, 0, 0); - width: 650px; - height: 440px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255, 255, 255); - } - #page1 { - text-align: center; - } - #main { - /* clear:both; */ - position: relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #leftcontent { - width: 300px; - margin-top: 30px; - padding-bottom: 15px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0, 0, 0); - } - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - #selectArea h3 { - margin-bottom: 25px; - } - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - #bkulogin { - overflow: hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - h2#tabheader { - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - .setAssertionButton_full { - margin-top: 15px; - width: 100px; - height: 30px; - font-size: 1.3em; - min-height: 1.3em; - /* border-radius: 10px;*/ - } - #leftbutton { - width: 30%; - float: left; - margin-left: 40px; - } - #rightbutton { - width: 30%; - float: right; - margin-right: 45px; - text-align: right; - } - button { - height: 25px; - width: 90px; - margin-bottom: 10px; - } - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } -} - -@media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - #localBKU input { - font-size: 0.7em; - min-width: 70px; - min-height: 1.2em; - border-radius: 5px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 0.8em; - min-width: 65px; - min-height: 1.3em; - /* border-radius: 5px; */ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.65em; - } - #bku_header h2,#selectArea h3 { - font-size: 0.8em; - margin-top: -0.4em; - } -} - -@media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.85em; - min-width: 80px; - min-height: 0.95em; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 0.85em; - min-width: 70px; - min-height: 0.95em; - /* border-radius: 6px; */ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.75em; - } - #bku_header h2,#selectArea h3 { - font-size: 0.9em; - margin-top: -0.45em; - } -} - -@media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.0em; - min-height: 1.05em; - /* border-radius: 7px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.0em; - margin-top: -0.50em; - } -} - -@media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.1em; - min-height: 1.2em; - /* border-radius: 8px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.1em; - margin-top: -0.55em; - } -} - -@media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.3em; - min-height: 1.3em; - /* border-radius: 10px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1.2em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.3em; - margin-top: -0.65em; - } -} - -@media screen and (max-width: 649px) { - body { - margin: 0; - padding: 0; - color: #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - #page { - visibility: hidden; - margin-top: 0%; - } - #page1 { - visibility: hidden; - } - #main { - visibility: hidden; - } - #validation { - visibility: hidden; - display: none; - } - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border: none; - min-width: 190px; - /* min-height: 190px; */ - vertical-align: middle; - } - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - h2#tabheader { - padding-left: 2%; - padding-right: 2%; - padding-top: 1%; - position: relative; - top: 50%; - } - #bkulogin { - min-width: 190px; - min-height: 150px; - } - .setAssertionButton_full { - margin-top: 15px; - width: 70%; - height: 11%; - min-width: 60px; - min-height: 25px; - } - #selectArea h3 { - margin-top: 2%; - } - button { - height: 11%; - width: 70%; - } -} - -* { - margin: 0; - padding: 0; - /* border: 0; */ - font-family: #FONTTYPE #; -} - -#selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; -} - -.setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; -} - -#leftbutton { - width: 35%; - float: left; - margin-left: 15px; -} - -#rightbutton { - width: 35%; - float: right; - margin-right: 25px; - text-align: right; -} - -#stork { - margin-bottom: 10px; - margin-top: 5px; -} - -#mandateLogin { - padding-bottom: 2%; - padding-top: 2%; - height: 10%; - position: relative; - text-align: center; -} - -.verticalcenter { - vertical-align: middle; -} - -#mandateLogin>div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; -} - -#bkuselectionarea { - position: relative; - display: block; -} - -#localBKU { - padding-left: 5%; - padding-right: 2%; - padding-bottom: 2%; - position: relative; - clear: both; -} - -#bkukarte { - float: left; - text-align: center; - width: 40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; -} - -#bkuhandy { - float: right; - text-align: center; - width: 40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; -} - -.bkuimage { - width: 90%; - height: auto; -} - -#mandate { - text-align: center; - padding: 5px 5px 5px 5px; -} - -button,.sendButton { - /* background: #BUTTON_BACKGROUNDCOLOR#; + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + border-radius: 5px; + } + + #bkuselectionarea button { + font-size: 0.85em; + border-radius: 7px; + margin-bottom: 25px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 440px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + padding-bottom: 15px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #selectArea h3 { + margin-bottom: 25px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 100px; + height: 30px; + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px;*/ + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 90px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + min-height: 1.2em; + border-radius: 5px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.8em; + min-width: 65px; + min-height: 1.3em; + /* border-radius: 5px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.8em; + margin-top: -0.4em; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.85em; + min-width: 80px; + min-height: 0.95em; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.85em; + min-width: 70px; + min-height: 0.95em; + /* border-radius: 6px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.9em; + margin-top: -0.45em; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.0em; + min-height: 1.05em; + /* border-radius: 7px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.0em; + margin-top: -0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.1em; + min-height: 1.2em; + /* border-radius: 8px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.1em; + margin-top: -0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.3em; + margin-top: -0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + min-width: 190px; +/* min-height: 190px; */ + vertical-align: middle; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + padding-top: 1%; + position: relative; + top: 50%; + } + + #bkulogin { + min-width: 190px; + min-height: 150px; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 70%; + height: 11%; + min-width: 60px; + min-height: 25px; + } + + #selectArea h3 { + margin-top: 2%; + } + + button { + height: 11%; + width: 70%; + } + } + + * { + margin: 0; + padding: 0; +/* border: 0; */ + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + margin-bottom: 10px; + margin-top: 5px; + } + + #mandateLogin { + padding-bottom: 2%; + padding-top: 2%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin > div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 2%; + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + + button, .sendButton { +/* background: #BUTTON_BACKGROUNDCOLOR#; color: #BUTTON_COLOR#; */ - cursor: pointer; - - /* border:1px solid #000; + cursor: pointer; + +/* border:1px solid #000; box-shadow: 3px 3px 3px #222222; */ -} - -button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sendButton:active,#mandateCheckBox:hover,#mandateCheckBox:focus,#mandateCheckBox:active - { - /* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; - color: #BUTTON_COLOR#; */ - cursor: pointer; - - /* border:1px solid #000; + } + + button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { +/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; box-shadow: -1px -1px 3px #222222; */ -} - -#installJava,#BrowserNOK { - clear: both; - font-size: 0.8em; - padding: 4px; -} - -.selectText { - -} - -.selectTextHeader { - -} - -#leftcontent a { - text-decoration: none; - color: #000; - /* display:block;*/ - padding: 4px; -} - -#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active { - text-decoration: underline; - color: #000; -} - -.infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; -} - -.hell { - background-color: #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; -} - -.dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; -} - -.main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; -} -</style> - - -<title>Anmeldung an Online-Applikation</title> + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> + + + <title>Anmeldung an Online-Applikation</title> </head> <body> - <div id="page"> - - <div id="page1" class="case selected-case" role="main"> - - <!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> - - <div id="main"> - <div id="leftcontent" class="hell"> - <div id="bku_header" class="dunkel"> - <h2 id="tabheader" class="dunkel" role="heading"> - Anmeldeinformationen:</h2> - </div> - - <div id="selectArea" class="hell" role="application"> - <h3>Anmeldung an: #OAName#</h3> - - <!-- <div class="hell"> --> - <div id="leftbutton"> - <form method="post" id="moaidform_yes" action="#URL#"> - <input type="hidden" name="value" value="true"> <input - type="hidden" name="mod" value="#MODUL#"> <input - type="hidden" name="action" value="#ACTION#"> <input - type="hidden" name="identifier" value="#ID#"> <input - type="submit" value="Ja" - class="setAssertionButton_full sendButton" role="button"> - </form> - </div> - <div id="rightbutton"> - <form method="post" id="moaidform_no" action="#URL#"> - <input type="hidden" name="value" value="false"> <input - type="hidden" name="mod" value="#MODUL#"> <input - type="hidden" name="action" value="#ACTION#"> <input - type="hidden" name="identifier" value="#ID#"> <input - type="submit" value="Nein" - class="setAssertionButton_full sendButton" role="button"> - </form> - </div> - + <div id="page"> + + <div id="page1" class="case selected-case" role="main"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main"> + <div id="leftcontent" class="hell"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading"> + Anmeldeinformationen: + </h2> + </div> + + <div id="selectArea" class="hell" role="application"> + <h3>Anmeldung an: #OAName#</h3> + +<!-- <div class="hell"> --> + <div id="leftbutton"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + <div id="rightbutton"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + + </div> </div> </div> - </div> - </div> - <div id="validation"> - <a href="http://validator.w3.org/check?uri="> <img - style="border: 0; width: 88px; height: 31px" - src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> - </a> <a href="http://jigsaw.w3.org/css-validator/"> <img - style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" - alt="CSS ist valide!" /> - </a> </div> + <!--div id="validation"> + <a href="http://validator.w3.org/check?uri="> + <img style="border:0;width:88px;height:31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" + alt="HTML5 ist valide!" /> + </a> + <a href="http://jigsaw.w3.org/css-validator/"> + <img style="border:0;width:88px;height:31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html index 8976b2bd6..a9d73e0d3 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html @@ -380,7 +380,21 @@ function sloTimeOut() { window.location.href="$timeoutURL"; - } + } + function RestartAfterDelay() { + var eDate = null; + var MilliSekZeit = 0; + var SysDatumJetzt = new Date(); + var SysDatumJetztMilli = SysDatumJetzt.getTime(); + + do { + eDate = new Date(); + MilliSekZeit = eDate.getTime(); + + } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout); + + sloTimeOut(); + } </script> #end @@ -430,22 +444,21 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> #foreach( $el in $redirectURLs ) <iframe src=$el class="reqframe"></iframe> #end - </body> </html>
\ No newline at end of file diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index a81744edf..d242147f1 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -114,7 +114,19 @@ <version>2.2.11</version> </dependency> - <dependency> + <dependency> + <groupId>org.jvnet.jaxb2_commons</groupId> + <artifactId>jaxb2-commons-lang</artifactId> + <version>2.4</version> + </dependency> + + <dependency> + <groupId>org.jvnet.jaxb2_commons</groupId> + <artifactId>jaxb2-basics-runtime</artifactId> + <version>0.11.0</version> + </dependency> + +<!-- <dependency> <groupId>org.hibernate.javax.persistence</groupId> <artifactId>hibernate-jpa-2.1-api</artifactId> <version>1.0.0.Final</version> @@ -144,7 +156,8 @@ <groupId>org.springframework</groupId> </exclusion> </exclusions> - </dependency> + </dependency> --> + <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> @@ -165,7 +178,7 @@ <artifactId>spring-orm</artifactId> </dependency> - <dependency> + <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> </dependency> @@ -190,12 +203,14 @@ <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>2.2.2</version> + <scope>test</scope> </dependency> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <version>1.4.178</version> + <scope>test</scope> </dependency> <dependency> @@ -204,6 +219,10 @@ <version>1.4</version> </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> </dependencies> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index a04b8f454..a28fe6a7b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -61,6 +61,7 @@ public class MOAIDConstants { public static final List<String> ALLOWED_KEYBOXIDENTIFIER; public static final List<String> ALLOWED_REDIRECTTARGETNAMES; public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS; + public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; static { @@ -105,4 +106,11 @@ public class MOAIDConstants { } + static { + List<String> jdbcDriverWorkaround = new ArrayList<String>(); + jdbcDriverWorkaround.add("oracle.jdbc."); + jdbcDriverWorkaround.add("com.microsoft.sqlserver."); + JDBC_DRIVER_NEEDS_WORKAROUND = Collections.unmodifiableList(jdbcDriverWorkaround); + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index c53aeff3f..63d8f463c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -1188,6 +1188,9 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, authgen.getPublicURLPreFix()); + result.put(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED, + String.valueOf(authgen.isVirtualPublicURLPrefixEnabled())); + TimeOuts timeouts = authgen.getTimeOuts(); if (timeouts != null) { @@ -1480,6 +1483,16 @@ public class ConfigurationMigrationUtils { dbauthgeneral.setPublicURLPreFix(moaconfig.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX)); + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED))) { + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + Boolean.valueOf( + moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED))); + + } else { + dbauthgeneral.setVirtualPublicURLPrefixEnabled(false); + + } + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL))) dbauthgeneral.setCertStoreDirectory(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL)); @@ -1788,11 +1801,17 @@ public class ConfigurationMigrationUtils { } // try { - List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); - TransformsInfoType elem = new TransformsInfoType(); - elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes()); - elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME)); - trans.add(elem); + List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64))) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes()); + elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME)); + trans.add(elem); + + } else { + Logger.info("No AuthBlock-Transformation found."); + + } seclayertrans.setTransformsInfo(trans); // } catch (IOException e) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java index 4130b2c5d..e24cb8606 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java @@ -27,8 +27,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import com.fasterxml.jackson.core.JsonProcessingException; - public class ConfigurationUtil { final boolean isOverwriteData; @@ -83,7 +81,7 @@ public class ConfigurationUtil { * is thrown if problem occurred while serializing one of the * database values */ - public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) throws JsonProcessingException { + public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) { Properties result = new Properties(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index c338c65ba..7d9fc452a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -186,6 +186,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; + public static final String GENERAL_ISVIRTUALIDPSENABLED = PREFIX_MOAID_GENERAL + ".isVirtualIDPsEnabled"; private static final String GENERAL_DEFAULTS = PREFIX_MOAID_GENERAL + ".defaults"; private static final String GENERAL_DEFAULTS_BKU = GENERAL_DEFAULTS + "." + BKU; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java deleted file mode 100644 index 6138d571b..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java +++ /dev/null @@ -1,73 +0,0 @@ -package at.gv.egovernment.moa.id.commons.config.persistence; - -import java.io.IOException; - -import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; -import com.fasterxml.jackson.annotation.PropertyAccessor; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JavaType; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.SerializationFeature; -import com.fasterxml.jackson.databind.type.TypeFactory; - -/** - * Helper class to handle the JSON (de-)serialization. - * - */ -public class JsonMapper { - - private ObjectMapper mapper = new ObjectMapper(); - - /** - * The default constructor where the default pretty printer is disabled. - */ - public JsonMapper() { - this(false); - } - - /** - * The constructor. - * @param prettyPrint enables or disables the default pretty printer - */ - public JsonMapper(boolean prettyPrint) { - mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); - mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); - mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); - if (prettyPrint) { - mapper.enable(SerializationFeature.INDENT_OUTPUT); - } - } - - /** - * Serialize an object to a JSON string. - * @param value the object to serialize - * @return a JSON string - * @throws JsonProcessingException thrown when an error occurs during serialization - */ - public String serialize(Object value) throws JsonProcessingException { - return mapper.writeValueAsString(value); - } - - /** - * Deserialize a JSON string. - * - * @param value the JSON string to deserialize - * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned. - * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object} - * @throws JsonParseException if the JSON string contains invalid content. - * @throws JsonMappingException if the input JSON structure does not match structure expected for result type - * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input) - */ - public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{ - - ObjectMapper mapper = new ObjectMapper(); - if (clazz != null) { - JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); - return mapper.readValue(value, javaType); - } else { - return mapper.readValue(value, Object.class); - } - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java deleted file mode 100644 index 3836d5a1e..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ /dev/null @@ -1,403 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// *******************************************************************************/ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.ArrayList; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -// -//import javax.persistence.EntityManager; -// -//import org.apache.commons.lang3.StringEscapeUtils; -// -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -////import org.apache.commons.lang.StringEscapeUtils; -// -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * -// * @author tlenz -// * -// * @deprecated -// */ -// -//@SuppressWarnings("rawtypes") -//public class ConfigurationDBRead { -// -// private static Map<String, String> QUERIES = new HashMap<String, String>(); -// -// static { -// QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'"); -// QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))"); -// QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); -// QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); -// QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); -// QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'"); -// QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); -// QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); -// QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken"); -// QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '1'"); -// QUERIES.put("getAllOpenUsersRequests", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is not null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '0'"); -// QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk"); -// QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); -// QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); -// QUERIES.put("getUsersWithOADBID", "select userdatabase from UserDatabase userdatabase inner join userdatabase.onlineApplication oa where oa.hjid = :id"); -// QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); -// } -// -//// public static OnlineApplication getActiveOnlineApplication(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", StringEscapeUtils.escapeHtml4(id)); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.debug("No entries found."); -//// return null; -//// } -//// -//// if (result.size() > 1) { -//// Logger.warn("OAIdentifier match to more then one DB-entry!"); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// public static OnlineApplication getOnlineApplication(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// if (result.size() > 1) { -//// Logger.warn("OAIdentifier match to more then one DB-entry!"); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// public static OnlineApplication getOnlineApplication(long dbid) { -//// MiscUtil.assertNotNull(dbid, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", dbid); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// @JsonProperty("getMOAIDConfiguration") -//// public static MOAIDConfiguration getMOAIDConfiguration() { -//// Logger.trace("Load MOAID Configuration from database."); -//// -//// List<MOAIDConfiguration> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found. Create fresh instance."); -//// return null; -//// } -//// -//// return (MOAIDConfiguration) result.get(0); -//// } -//// -//// @JsonProperty("getAllOnlineApplications") -//// public static List<OnlineApplication> getAllOnlineApplications() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<OnlineApplication> result = null; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<OnlineApplication> getAllNewOnlineApplications() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// @JsonProperty("getAllUsers") -//// public static List<UserDatabase> getAllUsers() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<OnlineApplication> getAllActiveOnlineApplications() { -//// Logger.trace("Get All active OnlineApplications from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// result = new ArrayList<OnlineApplication>(); -//// -//// } -//// return result; -//// } -//// -//// @SuppressWarnings("rawtypes") -//// public static List<OnlineApplication> searchOnlineApplications(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID")); -//// query.setParameter("id", "%" + id + "%"); -//// -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// return result; -//// } -//// -//// public static UserDatabase getUserWithID(long id) { -//// MiscUtil.assertNotNull(id, "UserID"); -//// Logger.trace("Getting Userinformation with ID " + id + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID")); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUsersWithOADBID(long id) { -//// MiscUtil.assertNotNull(id, "OADBID"); -//// Logger.trace("Getting Userinformation with OADBID " + id + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUsersWithOADBID")); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUserWithUserName(String username) { -//// MiscUtil.assertNotNull(username, "UserName"); -//// Logger.trace("Getting Userinformation with ID " + username + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername")); -//// query.setParameter("username", username); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) { -//// MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk"); -//// Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK")); -//// query.setParameter("bpk", bpkwbpk); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getNewUserWithTokken(String tokken) { -//// MiscUtil.assertNotNull(tokken, "bpk/wbpk"); -//// Logger.trace("Getting Userinformation with Tokken " + tokken + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken")); -//// query.setParameter("tokken", tokken); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static List<UserDatabase> getAllNewUsers() { -//// Logger.trace("Get all new Users from Database"); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<UserDatabase> getAllOpenUsersRequests() { -//// Logger.trace("Get all new Users from Database"); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOpenUsersRequests")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java deleted file mode 100644 index 7f996cca7..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ /dev/null @@ -1,233 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// *******************************************************************************/ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.Properties; -// -//import javax.persistence.EntityManager; -//import javax.persistence.EntityManagerFactory; -//import javax.persistence.EntityTransaction; -//import javax.persistence.Persistence; -// -//import org.hibernate.HibernateException; -// -//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -//import at.gv.egovernment.moa.logging.Logger; -// -//public final class ConfigurationDBUtils { -// -// private static EntityManagerFactory entitymanagerfactory; -// -// @SuppressWarnings("rawtypes") -// private static final ThreadLocal THREAD_LOCAL_CONFIG = new ThreadLocal(); -// private static boolean automaticSessionHandling = false; -// -// protected ConfigurationDBUtils() { } -// -// public static void initHibernate(Properties props) throws MOADatabaseException { -// -//// try { -//// -//// Logger.debug("Creating initial session factory..."); -//// -//// entitymanagerfactory = -//// Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", -//// props); -//// -//// Logger.debug("Initial ConfigDB session factory successfully created."); -//// -//// -//// } catch (Throwable ex) { -//// Logger.error("Initial session factory creation failed: " + ex.getMessage()); -//// throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex); -//// } -// } -// -// -//// /** -//// * Checks if a session factory is currently available. If necessary a new -//// * session factory is created. -//// * -//// * @return current (or new) session factory -//// * @throws HibernateException -//// * thrown if a hibernate error occurs -//// */ -//// public static EntityManager getCurrentSession() { -//// if (automaticSessionHandling) { -//// -//// return entitymanagerfactory.createEntityManager(); -//// } -//// -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// -//// if (session != null && session.isOpen()) { -//// -//// //maybe a hack, but sometimes we do not know if the session is closed (session already closed but isOpen()=true) -//// try { -//// javax.persistence.Query query = session.createQuery("select userdatabase from UserDatabase userdatabase"); -//// query.getResultList(); -//// -//// } catch (Throwable e) { -//// Logger.warn("JPA Session Handling Warning!!!! - This error should not occur."); -//// session = getNewSession(); -//// } -//// -//// } else -//// session = getNewSession(); -//// -//// return session; -//// } -//// -//// @SuppressWarnings("unchecked") -//// public static EntityManager getNewSession() { -//// if (automaticSessionHandling) { -//// Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); -//// return entitymanagerfactory.createEntityManager(); -//// } -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// if (session != null ) { -//// Logger.warn("Previous session has not been closed; closing ConfigDB session now."); -//// closeSession(); -//// } -//// Logger.debug("Opening new ConfigDB hibernate session..."); -//// try { -//// session = entitymanagerfactory.createEntityManager(); -//// THREAD_LOCAL_CONFIG.set(session); -//// } catch (HibernateException hex) { -//// Logger.error(hex.getMessage()); -//// } -//// return session; -//// } -// -// /** -// * Closes the current session. -// * -// * @throws HibernateException -// * thrown if session is already closed or a hibernate error -// * occurs. -// * -// * @deprecated -// */ -//@SuppressWarnings("unchecked") -//public static void closeSession() { -// -//} -// -//// /** -//// * Closes the current session. -//// * -//// * @throws HibernateException -//// * thrown if session is already closed or a hibernate error -//// * occurs. -//// */ -//// @SuppressWarnings("unchecked") -//// public static void closeSession() { -//// if (automaticSessionHandling) { -//// Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); -//// return; -//// } -//// Logger.debug("Closing current ConfigDB hibernate session..."); -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// THREAD_LOCAL_CONFIG.set(null); -//// if (session != null) { -//// try { -//// session.close(); -//// -//// } catch (HibernateException hex) { -//// Logger.error(hex.getMessage()); -//// } -//// } -//// } -//// -//// public static boolean save(Object dbo) throws MOADatabaseException { -//// EntityTransaction tx = null; -//// -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// session.merge(dbo); -//// tx.commit(); -//// -//// session.clear(); -//// } -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); -//// tx.rollback(); -//// throw new MOADatabaseException(e); -//// } -//// } -//// -//// -//// public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { -//// EntityTransaction tx = null; -//// -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// -//// session.merge(dbo); -//// session.flush(); -//// -//// tx.commit(); -//// -//// //session.clear(); -//// } -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); -//// tx.rollback(); -//// throw new MOADatabaseException(e); -//// } -//// } -//// -//// public static boolean delete(Object dbo) { -//// EntityTransaction tx = null; -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// session.remove(session.contains(dbo) ? dbo : session.merge(dbo)); -//// tx.commit(); -//// } -//// -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database delete. Rollback.", e); -//// tx.rollback(); -//// return false; -//// } -//// } -// -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java index 49e0634cb..ecb13ef34 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java @@ -32,7 +32,6 @@ import org.hibernate.Transaction; import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; -import org.hibernate.service.ServiceRegistryBuilder; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java index c049eebc4..28c705c71 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java @@ -12,8 +12,6 @@ import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; - -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java deleted file mode 100644 index ccc7f33f1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java +++ /dev/null @@ -1,52 +0,0 @@ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.Date; -//import java.util.List; -// -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.stereotype.Component; -// -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.GenericConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; -//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -// -///** -// * This class is used for writing to the key-value database. -// */ -//@Component -//public class NewConfigurationDBWrite { -// -// private static MOAIDConfiguration conf; -// -// @Autowired(required = true) -// public void setConfiguration(MOAIDConfiguration conf) { -// // https://jira.spring.io/browse/SPR-3845 -// NewConfigurationDBWrite.conf = conf; -// } -// -// -// -// /** -// * @param user -// */ -// public void saveOrUpdate(UserDatabase user) throws MOADatabaseException{ -// // TODO Auto-generated method stub -// -// } -// -// /** -// * @param dbuser -// */ -// public void delete(UserDatabase dbuser) { -// // TODO Auto-generated method stub -// -// } -// -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java index eac47f93f..7e031cc76 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java @@ -32,7 +32,6 @@ import org.hibernate.Transaction; import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; -import org.hibernate.service.ServiceRegistryBuilder; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java index 11eca81f5..6dacc2ec4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java @@ -11,20 +11,10 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; -import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -35,8 +25,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -46,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -99,7 +90,7 @@ public class CPEPS protected Boolean supportsXMLSignature; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<CPEPSAttributeValueItem> attributeValueItems; + // protected transient List<CPEPSAttributeValueItem> attributeValueItems; /** * Gets the value of the attributeValue property. @@ -293,31 +284,31 @@ public class CPEPS this.hjid = value; } - @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = { - CascadeType.ALL - }) - - public List<CPEPSAttributeValueItem> getAttributeValueItems() { - if (this.attributeValueItems == null) { - this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); - } - if (ItemUtils.shouldBeWrapped(this.attributeValue)) { - this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); - } - return this.attributeValueItems; - } - - public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) { - this.attributeValue = null; - this.attributeValueItems = null; - this.attributeValueItems = value; - if (this.attributeValueItems == null) { - this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); - } - if (ItemUtils.shouldBeWrapped(this.attributeValue)) { - this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); - } - } +// @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<CPEPSAttributeValueItem> getAttributeValueItems() { +// if (this.attributeValueItems == null) { +// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.attributeValue)) { +// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); +// } +// return this.attributeValueItems; +// } +// +// public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) { +// this.attributeValue = null; +// this.attributeValueItems = null; +// this.attributeValueItems = value; +// if (this.attributeValueItems == null) { +// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.attributeValue)) { +// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof CPEPS)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java deleted file mode 100644 index 0af8c64b4..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class CPEPSAttributeValueItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "AttributeValue", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java index 38835db05..25a9c03ea 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -32,7 +21,7 @@ import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -41,6 +30,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -109,8 +99,8 @@ public class Contact protected List<String> phone; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<ContactMailItem> mailItems; - protected transient List<ContactPhoneItem> phoneItems; +// protected transient List<ContactMailItem> mailItems; +// protected transient List<ContactPhoneItem> phoneItems; /** * Gets the value of the surName property. @@ -319,57 +309,57 @@ public class Contact this.hjid = value; } - @OneToMany(targetEntity = ContactMailItem.class, cascade = { - CascadeType.ALL - }) - - public List<ContactMailItem> getMailItems() { - if (this.mailItems == null) { - this.mailItems = new ArrayList<ContactMailItem>(); - } - if (ItemUtils.shouldBeWrapped(this.mail)) { - this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); - } - return this.mailItems; - } - - public void setMailItems(List<ContactMailItem> value) { - this.mail = null; - this.mailItems = null; - this.mailItems = value; - if (this.mailItems == null) { - this.mailItems = new ArrayList<ContactMailItem>(); - } - if (ItemUtils.shouldBeWrapped(this.mail)) { - this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); - } - } - - @OneToMany(targetEntity = ContactPhoneItem.class, cascade = { - CascadeType.ALL - }) - - public List<ContactPhoneItem> getPhoneItems() { - if (this.phoneItems == null) { - this.phoneItems = new ArrayList<ContactPhoneItem>(); - } - if (ItemUtils.shouldBeWrapped(this.phone)) { - this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); - } - return this.phoneItems; - } - - public void setPhoneItems(List<ContactPhoneItem> value) { - this.phone = null; - this.phoneItems = null; - this.phoneItems = value; - if (this.phoneItems == null) { - this.phoneItems = new ArrayList<ContactPhoneItem>(); - } - if (ItemUtils.shouldBeWrapped(this.phone)) { - this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); - } - } +// @OneToMany(targetEntity = ContactMailItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<ContactMailItem> getMailItems() { +// if (this.mailItems == null) { +// this.mailItems = new ArrayList<ContactMailItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.mail)) { +// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); +// } +// return this.mailItems; +// } +// +// public void setMailItems(List<ContactMailItem> value) { +// this.mail = null; +// this.mailItems = null; +// this.mailItems = value; +// if (this.mailItems == null) { +// this.mailItems = new ArrayList<ContactMailItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.mail)) { +// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); +// } +// } +// +// @OneToMany(targetEntity = ContactPhoneItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<ContactPhoneItem> getPhoneItems() { +// if (this.phoneItems == null) { +// this.phoneItems = new ArrayList<ContactPhoneItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.phone)) { +// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); +// } +// return this.phoneItems; +// } +// +// public void setPhoneItems(List<ContactPhoneItem> value) { +// this.phone = null; +// this.phoneItems = null; +// this.phoneItems = value; +// if (this.phoneItems == null) { +// this.phoneItems = new ArrayList<ContactPhoneItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.phone)) { +// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof Contact)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java deleted file mode 100644 index d7c656bd7..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class ContactMailItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "Mail", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java deleted file mode 100644 index ae9c57ea0..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class ContactPhoneItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "Phone", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java index 883245da8..d3e454e51 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java @@ -27,6 +27,7 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; @@ -107,6 +108,9 @@ public class GeneralConfiguration @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected boolean virtualPublicURLPrefixEnabled = false; + /** * Gets the value of the timeOuts property. * @@ -322,7 +326,24 @@ public class GeneralConfiguration return true; } - public boolean equals(Object object) { + + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + public boolean equals(Object object) { final EqualsStrategy strategy = JAXBEqualsStrategy.INSTANCE; return equals(null, null, object, strategy); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java index c48d4522d..90f46efe1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java @@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -73,7 +63,7 @@ public class IdentityLinkSigners protected List<String> x509SubjectName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems; +// protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems; /** * Gets the value of the x509SubjectName property. @@ -140,31 +130,31 @@ public class IdentityLinkSigners this.hjid = value; } - @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() { - if (this.x509SubjectNameItems == null) { - this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { - this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); - } - return this.x509SubjectNameItems; - } - - public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) { - this.x509SubjectName = null; - this.x509SubjectNameItems = null; - this.x509SubjectNameItems = value; - if (this.x509SubjectNameItems == null) { - this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { - this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); - } - } +// @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() { +// if (this.x509SubjectNameItems == null) { +// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { +// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); +// } +// return this.x509SubjectNameItems; +// } +// +// public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) { +// this.x509SubjectName = null; +// this.x509SubjectNameItems = null; +// this.x509SubjectNameItems = value; +// if (this.x509SubjectNameItems == null) { +// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { +// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof IdentityLinkSigners)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java deleted file mode 100644 index c0679df1c..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class IdentityLinkSignersX509SubjectNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "X509SubjectName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java index 12a48c88e..1a45642d1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java @@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -73,7 +63,7 @@ public class LegacyAllowed protected List<String> protocolName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems; +// protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems; /** * Gets the value of the protocolName property. @@ -140,31 +130,31 @@ public class LegacyAllowed this.hjid = value; } - @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() { - if (this.protocolNameItems == null) { - this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.protocolName)) { - this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); - } - return this.protocolNameItems; - } - - public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) { - this.protocolName = null; - this.protocolNameItems = null; - this.protocolNameItems = value; - if (this.protocolNameItems == null) { - this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.protocolName)) { - this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); - } - } +// @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() { +// if (this.protocolNameItems == null) { +// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.protocolName)) { +// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); +// } +// return this.protocolNameItems; +// } +// +// public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) { +// this.protocolName = null; +// this.protocolNameItems = null; +// this.protocolNameItems = value; +// if (this.protocolNameItems == null) { +// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.protocolName)) { +// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof LegacyAllowed)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java deleted file mode 100644 index 91aae9742..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class LegacyAllowedProtocolNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "ProtocolName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java index 64e4be82b..810139c84 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java @@ -12,19 +12,10 @@ import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.Transient; @@ -37,8 +28,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.datatype.XMLGregorianCalendar; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -511,22 +501,24 @@ public class MOAIDConfiguration @Temporal(TemporalType.TIMESTAMP) public Date getTimestampItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp()); + return new Date(); } public void setTimestampItem(Date target) { - setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } @Temporal(TemporalType.TIMESTAMP) public Date getPvp2RefreshItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh()); + return new Date(); } public void setPvp2RefreshItem(Date target) { - setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java index 247be940c..a87a6d1f6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java @@ -11,25 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -38,6 +27,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -78,7 +68,7 @@ public class Mandates protected List<String> profileName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<MandatesProfileNameItem> profileNameItems; +// protected transient List<MandatesProfileNameItem> profileNameItems; /** * Gets the value of the profiles property. @@ -171,31 +161,31 @@ public class Mandates this.hjid = value; } - @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<MandatesProfileNameItem> getProfileNameItems() { - if (this.profileNameItems == null) { - this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.profileName)) { - this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); - } - return this.profileNameItems; - } - - public void setProfileNameItems(List<MandatesProfileNameItem> value) { - this.profileName = null; - this.profileNameItems = null; - this.profileNameItems = value; - if (this.profileNameItems == null) { - this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.profileName)) { - this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); - } - } +// @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<MandatesProfileNameItem> getProfileNameItems() { +// if (this.profileNameItems == null) { +// this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.profileName)) { +// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); +// } +// return this.profileNameItems; +// } +// +// public void setProfileNameItems(List<MandatesProfileNameItem> value) { +// this.profileName = null; +// this.profileNameItems = null; +// this.profileNameItems = value; +// if (this.profileNameItems == null) { +// this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.profileName)) { +// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof Mandates)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java deleted file mode 100644 index 0ef09c0dc..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class MandatesProfileNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "ProfileName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java index d5cee7b83..ea34d7a06 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java @@ -10,16 +10,8 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.Date; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; + import javax.persistence.Lob; -import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.Transient; @@ -31,8 +23,7 @@ import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.datatype.XMLGregorianCalendar; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -196,11 +187,12 @@ public class OAPVP2 @Temporal(TemporalType.TIMESTAMP) public Date getUpdateRequiredItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired()); + return new Date(); } public void setUpdateRequiredItem(Date target) { - setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java index 2e80cb0d5..673e7b9ce 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -31,8 +20,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -42,6 +30,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -81,7 +71,7 @@ public class TestCredentials protected Boolean enableTestCredentials; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems; + //protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems; @XmlTransient protected boolean useTestIDLTrustStore; @@ -185,31 +175,31 @@ public class TestCredentials this.hjid = value; } - @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = { - CascadeType.ALL - }) - - public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() { - if (this.credentialOIDItems == null) { - this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.credentialOID)) { - this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); - } - return this.credentialOIDItems; - } - - public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) { - this.credentialOID = null; - this.credentialOIDItems = null; - this.credentialOIDItems = value; - if (this.credentialOIDItems == null) { - this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.credentialOID)) { - this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); - } - } +// @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() { +// if (this.credentialOIDItems == null) { +// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.credentialOID)) { +// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); +// } +// return this.credentialOIDItems; +// } +// +// public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) { +// this.credentialOID = null; +// this.credentialOIDItems = null; +// this.credentialOIDItems = value; +// if (this.credentialOIDItems == null) { +// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.credentialOID)) { +// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); +// } +// } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java deleted file mode 100644 index 3e386be66..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class TestCredentialsCredentialOIDItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "credentialOID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java index 155863b03..01a5c9b1b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -30,7 +19,7 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -39,6 +28,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -79,7 +69,7 @@ public class VerifyAuthBlock protected List<String> verifyTransformsInfoProfileID; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems; +// protected List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems; @XmlTransient protected String TestTrustProfileID; @@ -192,31 +182,31 @@ public class VerifyAuthBlock this.hjid = value; } - @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = { - CascadeType.ALL - }) +// @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = { +// CascadeType.ALL +// }) - public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() { - if (this.verifyTransformsInfoProfileIDItems == null) { - this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { - this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); - } - return this.verifyTransformsInfoProfileIDItems; - } - - public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) { - this.verifyTransformsInfoProfileID = null; - this.verifyTransformsInfoProfileIDItems = null; - this.verifyTransformsInfoProfileIDItems = value; - if (this.verifyTransformsInfoProfileIDItems == null) { - this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { - this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); - } - } +// public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() { +// if (this.verifyTransformsInfoProfileIDItems == null) { +// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { +// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); +// } +// return this.verifyTransformsInfoProfileIDItems; +// } +// +// public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) { +// this.verifyTransformsInfoProfileID = null; +// this.verifyTransformsInfoProfileIDItems = null; +// this.verifyTransformsInfoProfileIDItems = value; +// if (this.verifyTransformsInfoProfileIDItems == null) { +// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { +// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof VerifyAuthBlock)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java deleted file mode 100644 index 8955525dd..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class VerifyAuthBlockVerifyTransformsInfoProfileIDItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "VerifyTransformsInfoProfileID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java index 7b298a7d9..54216edc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -62,6 +62,9 @@ public class InterfederationSessionStore implements Serializable{ @Column(name = "QAALevel", unique=false, nullable=false) private String QAALevel; + @Column(name = "authURL", unique=false, nullable=false) + private String authURL; + @Column(name = "attributesRequested", unique=false, nullable=true) private boolean attributesRequested; @@ -207,6 +210,20 @@ public class InterfederationSessionStore implements Serializable{ this.storeSSOInformation = storeSSOInformation; } + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + /** + * @param authURL the authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index 0daeba40e..8b720e901 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -65,6 +65,9 @@ public class OASessionStore implements Serializable{ @Column(name = "protocolType", unique=false, nullable=true) private String protocolType; + @Column(name = "authURL", unique=false, nullable=false) + private String authURL; + @Column(name = "attributequeryused", unique=false, nullable=false) private boolean attributeQueryUsed = false; @@ -183,6 +186,20 @@ public class OASessionStore implements Serializable{ this.userNameIDFormat = userNameIDFormat; } + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + /** + * @param authURL the authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index 8f3a8402d..cbdd13d0e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -31,6 +31,8 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class KeyValueUtils { public static final String KEY_DELIMITER = "."; + public static final String CSV_DELIMITER = ","; /** * Extract the first child of an input key after a the prefix @@ -237,7 +240,8 @@ public class KeyValueUtils { * Normalize a CSV encoded list of value of an key/value pair * * This method removes all whitespace at the begin or the - * end of CSV values + * end of CSV values and remove newLine signs at the end of value. + * The ',' is used as list delimiter * * @param value CSV encoded input data * @return normalized CSV encoded data or null if {value} is null or empty @@ -245,7 +249,7 @@ public class KeyValueUtils { public static String normalizeCSVValueString(String value) { String normalizedCodes = null; if (MiscUtil.isNotEmpty(value)) { - String[] codes = value.split(","); + String[] codes = value.split(CSV_DELIMITER); for (String el: codes) { if (normalizedCodes == null) normalizedCodes = el.trim(); @@ -256,4 +260,39 @@ public class KeyValueUtils { } return normalizedCodes; } + + + /** + * Check a String if it is a comma separated list of values + * + * This method uses the ',' as list delimiter. + * + * @param value CSV encoded input data + * @return true if the input data contains a ',' and has more then 1 list element, otherwise false + */ + public static boolean isCSVValueString(String value) { + if (MiscUtil.isNotEmpty(value)) { + String[] codes = value.split(CSV_DELIMITER); + if (codes.length >= 2) { + if (MiscUtil.isNotEmpty(codes[1].trim())) + return true; + + } + } + + return false; + } + + + /** + * This method remove all newline delimiter (\n or \r\n) from input data + * + * @param value Input String + * @return Input String without newline characters + */ + public static String removeAllNewlineFromString(String value) { + return value.replaceAll("(\\t|\\r?\\n)+", ""); + + } + } diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java index 758209193..edf7ce268 100644 --- a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java +++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java @@ -50,7 +50,7 @@ public class MOAHttpClient extends HttpClient { else port = url.getPort(); - Protocol authhttps = new Protocol("https", protoSocketFactory, port); + Protocol authhttps = new Protocol("https", protoSocketFactory, 443); getHostConfiguration().setHost(url.getHost(), port, authhttps); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0850bb676..11917d0c3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -371,6 +371,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -379,7 +380,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * <code><CreateXMLSignatureRequest></code> */ public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, + X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { @@ -409,7 +410,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + authConf, oaParam, pendingReq); return returnvalue; } @@ -471,6 +472,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param session * @param authConf * @param oaParam + * @param pendingReq * @return * @throws ConfigurationException * @throws BuildException @@ -478,7 +480,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam) throws ConfigurationException, + OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { // // check for intermediate processing of the infoboxes @@ -493,7 +495,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.getPublicOAURLPrefix()); // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); + String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); // builds the <CreateXMLSignatureRequest> List<String> transformsInfos = authConf.getTransformsInfos(); @@ -665,12 +667,13 @@ public class AuthenticationServer extends BaseAuthenticationServer { * given session data. * * @param session authentication session + * @param pendingReq * @return <code><saml:Assertion></code> as a String * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { + OAAuthParameter oaParam, IRequest pendingReq) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -726,15 +729,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); + String oaURL = pendingReq.getAuthURL(); + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); - } catch (ConfigurationException e) { - } String authBlock = new AuthenticationBlockAssertionBuilder() .buildAuthBlockSSO(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, @@ -1087,9 +1085,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } // validates <CreateXMLSignatureResponse> if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); else - new CreateXMLSignatureResponseValidator().validate(csresp, session); + new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index feab1ec66..a86385d06 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -158,7 +158,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { ccc, moasession.getModul(), moasession.getAction(), - request); + request, + pendingReq); } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 469ca91a9..49888c136 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -17,6 +17,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; @@ -66,7 +68,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { } pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); // change MOASessionID @@ -77,7 +81,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); String createXMLSignatureRequest = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq); AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index d99ba873d..2734d1027 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -110,7 +110,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { if (useMandate) { // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq); try { AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e1ab0025e..8a9c19c80 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -124,9 +125,10 @@ public class CreateXMLSignatureResponseValidator { * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} * @param createXMLSignatureResponse * @param session + * @param pendingReq * @throws ValidateException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier @@ -411,20 +413,15 @@ public class CreateXMLSignatureResponseValidator { * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} * @param createXMLSignatureResponse * @param session + * @param pendingReq * @throws ValidateException */ - public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) throws ValidateException { - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - String oaURL; - try { - oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - } catch (ConfigurationException e1) { - oaURL = new String(); - } - + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + String oaURL = pendingReq.getAuthURL(); + IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 18432fd1c..06643ec53 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -35,16 +35,6 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import eu.eidas.auth.commons.EIDASAuthnRequest; -import eu.eidas.auth.commons.EIDASUtil; -import eu.eidas.auth.commons.EidasLoaCompareType; -import eu.eidas.auth.commons.EidasLoaLevels; -import eu.eidas.auth.commons.IPersonalAttributeList; -import eu.eidas.auth.commons.PersonalAttribute; -import eu.eidas.auth.commons.PersonalAttributeList; -import eu.eidas.auth.engine.EIDASSAMLEngine; -import eu.eidas.auth.engine.core.eidas.SPType; -import eu.eidas.engine.exceptions.EIDASSAMLEngineException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -66,6 +56,16 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; +import eu.eidas.auth.commons.EIDASAuthnRequest; +import eu.eidas.auth.commons.EIDASUtil; +import eu.eidas.auth.commons.EidasLoaCompareType; +import eu.eidas.auth.commons.EidasLoaLevels; +import eu.eidas.auth.commons.IPersonalAttributeList; +import eu.eidas.auth.commons.PersonalAttribute; +import eu.eidas.auth.commons.PersonalAttributeList; +import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.auth.engine.core.eidas.SPType; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; /** * @author tlenz @@ -141,7 +141,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //build eIDAS AuthnRequest EIDASAuthnRequest authnRequest = new EIDASAuthnRequest(); - authnRequest.setProviderName(moaconfig.getPublicURLPrefix()); + authnRequest.setProviderName(pendingReq.getAuthURL()); authnRequest.setPersonalAttributeList(pAttList); authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java index ae9dd5a51..5040f1fe3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java @@ -28,11 +28,11 @@ import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.core.MediaType; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.springframework.http.MediaType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -41,8 +41,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -104,8 +102,7 @@ public class AuthenticationRequest implements IAction { response.setPersonalAttributeList(resultingAttributeList); // - create metadata url - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String pubURLPrefix = config.getPublicURLPrefix(); + String pubURLPrefix = req.getAuthURL(); String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; response.setIssuer(metadata_url); @@ -153,7 +150,7 @@ public class AuthenticationRequest implements IAction { Logger.trace("Sending html content : " + new String(writer.getBuffer())); httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); - httpResp.setContentType(MediaType.TEXT_HTML); + httpResp.setContentType(MediaType.TEXT_HTML_VALUE); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 0bedf0432..374c3df30 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -2,14 +2,26 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; -import eu.eidas.auth.commons.EIDASAuthnRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import eu.eidas.auth.commons.EIDASAuthnRequest; public class EIDASData extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public EIDASData(HttpServletRequest req) throws ConfigurationException { + super(req); + + } + /** The Constant serialVersionUID. */ private static final long serialVersionUID = 8765755670214923910L; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index a94e136b4..b652503f8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -22,6 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.eidas; +import java.util.HashMap; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -38,11 +43,6 @@ import eu.eidas.auth.commons.EIDASAuthnRequest; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.engine.EIDASSAMLEngine; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import java.util.HashMap; - /** * Stork 2 Protocol Support * @@ -54,11 +54,14 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String PATH = "eidas"; public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - + public static final String METADATAREQUEST = "MetadataRequest"; + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + actions.put(METADATAREQUEST, new EidasMetaDataRequest()); + } public String getName() { @@ -102,7 +105,7 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken); // memorize important stuff - EIDASData result = new EIDASData(); + EIDASData result = new EIDASData(request); // - memorize remote ip result.setRemoteAddress(request.getRemoteAddr()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 6ae532210..31594f515 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -14,23 +14,22 @@ * See the Licence for the specific language governing permissions and * limitations under the Licence. *******************************************************************************/ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; +package at.gv.egovernment.moa.id.protocols.eidas; -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.core.MediaType; import org.slf4j.Logger; +import org.springframework.http.MediaType; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.auth.engine.metadata.MetadataConfigParams; import eu.eidas.auth.engine.metadata.MetadataGenerator; @@ -40,20 +39,21 @@ import eu.eidas.engine.exceptions.SAMLEngineException; /** * First version to provide some valid metadata to an asking eIDaS node */ -@WebServlet("/eidas/metadata") -public class EidasMetaDataServlet extends HttpServlet { - private static final long serialVersionUID = -2129228304760706063L; - private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class); - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - try { +public class EidasMetaDataRequest implements IAction { + private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + try { logger.debug("EidasMetaDataServlet GET"); - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String pubURLPrefix = config.getPublicURLPrefix(); + String pubURLPrefix = req.getAuthURL(); String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; @@ -62,14 +62,36 @@ public class EidasMetaDataServlet extends HttpServlet { logger.trace(metaData); - response.setContentType(MediaType.TEXT_XML); - response.getWriter().print(metaData); - response.flushBuffer(); + httpResp.setContentType(MediaType.TEXT_XML_VALUE); + httpResp.getWriter().print(metaData); + httpResp.flushBuffer(); } catch (Exception e) { e.printStackTrace(); } - } + + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return "eIDAS-Metadata Action"; + + } + public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{ String metadata="invalid metadata"; diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 2a953bcab..080d5ae0b 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -20,6 +20,12 @@ <dependencies> <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.10</version> + </dependency> + + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -35,13 +41,13 @@ <dependency> <groupId>com.google.http-client</groupId> <artifactId>google-http-client-jackson2</artifactId> - <version>1.19.0</version> + <version>1.21.0</version> <scope>test</scope> </dependency> <dependency> <groupId>com.google.oauth-client</groupId> <artifactId>google-oauth-client-jetty</artifactId> - <version>1.19.0</version> + <version>1.21.0</version> <scope>test</scope> <exclusions> <exclusion> @@ -67,11 +73,11 @@ </exclusions> </dependency> - <dependency> +<!-- <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> - <version>18.0</version> - </dependency> + <version>19.0</version> + </dependency> --> <!-- TestNG --> <dependency> diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 94a1d14d0..88e26da76 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -105,7 +105,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule()); return sloInformation; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index b9556b815..e5d8db873 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -48,6 +48,15 @@ import at.gv.egovernment.moa.logging.Logger; public class OAuth20AuthRequest extends OAuth20BaseRequest { + /** + * @param req + * @throws ConfigurationException + */ + public OAuth20AuthRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + private static final long serialVersionUID = 1L; private String responseType; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index bd3fdb3e8..5fcac0b2f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,8 +31,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -52,8 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected Set<String> allowedParameters = new HashSet<String>(); - protected OAuth20BaseRequest() { - + public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException { + super(req); } protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { @@ -124,15 +122,21 @@ abstract class OAuth20BaseRequest extends RequestImpl { public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception { OAuth20BaseRequest res; - - if (action.equals(OAuth20Protocol.AUTH_ACTION)) { - res = new OAuth20AuthRequest(); + try { + if (action.equals(OAuth20Protocol.AUTH_ACTION)) { + res = new OAuth20AuthRequest(request); - } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { - res = new OAuth20TokenRequest(); + } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { + res = new OAuth20TokenRequest(request); - } else { + } else { + throw new OAuth20InvalidRequestException(); + } + + } catch (ConfigurationException e) { + Logger.warn(e.getMessage()); throw new OAuth20InvalidRequestException(); + } res.setAction(action); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 56d86df72..70c29359e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -104,7 +104,7 @@ public class OAuth20Protocol implements IModulInfo { // get error code and description String errorCode; String errorDescription; - String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 6bebe5a6a..abfe4ce15 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -41,6 +41,15 @@ import at.gv.egovernment.moa.logging.Logger; class OAuth20TokenRequest extends OAuth20BaseRequest { + /** + * @param req + * @throws ConfigurationException + */ + public OAuth20TokenRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + private static final long serialVersionUID = 1L; private String code; diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 9c43ae277..b5d5a1f8f 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -24,7 +24,19 @@ <artifactId>moa-id-lib</artifactId> <scope>test</scope> <type>test-jar</type> - <version>3.0.3-Snapshot</version> + <version>${moa-id-version}</version> + </dependency> + + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + <!-- Only for development to use SAML1 protocol + SAML1 is removed from official OPB release --> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-eIDAS</artifactId> </dependency> <dependency> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5bdf51e7d..7f3c353f1 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; - import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -43,6 +41,7 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; +import eu.eidas.auth.commons.IPersonalAttributeList; public class GetArtifactAction implements IAction { @@ -86,7 +85,7 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); if (authData.isSsoSession()) { - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); @@ -115,7 +114,7 @@ public class GetArtifactAction implements IAction { } SLOInformationInterface sloInformation = - new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule()); + new SLOInformationImpl(req.getAuthURL(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index eb869756e..af5dada54 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -38,9 +38,6 @@ import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; @@ -64,7 +61,6 @@ import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; -//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -77,6 +73,11 @@ import at.gv.util.xsd.persondata.IdentificationType.Value; import at.gv.util.xsd.persondata.PersonNameType; import at.gv.util.xsd.persondata.PersonNameType.FamilyName; import at.gv.util.xsd.persondata.PhysicalPersonType; +import eu.eidas.auth.commons.IPersonalAttributeList; +import eu.eidas.auth.commons.PersonalAttribute; +//import eu.stork.peps.auth.commons.IPersonalAttributeList; +//import eu.stork.peps.auth.commons.PersonalAttribute; +//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; public class SAML1AuthenticationServer extends AuthenticationServer { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 7416dfb00..6573270e4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -101,7 +101,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, String sessionId, String transactionId) throws MOAIDException { - SAML1RequestImpl config = new SAML1RequestImpl(); + SAML1RequestImpl config = new SAML1RequestImpl(request); if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); @@ -185,7 +185,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = protocolRequest.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 5370573a7..3da7cab80 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -42,6 +44,16 @@ import at.gv.egovernment.moa.logging.Logger; */ public class SAML1RequestImpl extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public SAML1RequestImpl(HttpServletRequest req) + throws ConfigurationException { + super(req); + + } + private static final long serialVersionUID = -4961979968425683115L; private String sourceID = null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index 9896f2454..13fb59038 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -93,7 +93,7 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAConfigurationDatabase() throws Exception{ - String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + List<String> publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); if (MiscUtil.isEmpty(publicURLPreFix)) return ("MOA-ID 2.x configuration can not be loaded from Database."); diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml index 1b2e3f008..2fec7f519 100644 --- a/id/server/modules/module-stork/pom.xml +++ b/id/server/modules/module-stork/pom.xml @@ -22,6 +22,33 @@ <dependencies> <dependency> + <groupId>eu.stork</groupId> + <artifactId>DocumentService</artifactId> + <version>0.0.1-SNAPSHOT</version> + <classifier>classes</classifier> + <exclusions> + <exclusion> + <artifactId>axis</artifactId> + <groupId>org.apache.axis</groupId> + </exclusion> + <exclusion> + <artifactId>bcprov-jdk16</artifactId> + <groupId>org.bouncycastle</groupId> + </exclusion> + <exclusion> + <artifactId>jaxws-tools</artifactId> + <groupId>com.sun.xml.ws</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>eu.stork</groupId> + <artifactId>SamlEngine</artifactId> + <version>1.5.1</version> + </dependency> + + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 7c178d97e..c0422e06e 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
import java.io.IOException;
import java.io.StringWriter;
@@ -17,7 +17,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
@@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -61,9 +59,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -71,6 +66,21 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.oasisdss.api.AdditionalProfiles;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.Profiles;
+import eu.stork.oasisdss.api.QualityLevels;
+import eu.stork.oasisdss.api.SignatureTypes;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.AnyType;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
@@ -120,6 +130,8 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { sessionID = (String) executionContext.get(PARAM_SESSIONID);
pendingRequestID = (String) executionContext.get("pendingRequestID");
+ String ccc = (String) executionContext.get("CCC");
+
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
@@ -145,10 +157,13 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { // STORK authentication
// cpeps cannot be null
- CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+ CPEPS cpeps = storkConfig.getCPEPS(ccc);
Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+ //add selected Country-Code to MOASession DAO
+ moasession.setCcc(ccc);
+
Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
startSTORKAuthentication(req, resp, moasession, pendingReq);
@@ -207,7 +222,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { Logger.debug("C-PEPS URL: " + destination);
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
// String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
// PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 8240f6d00..0ac26f45f 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -30,7 +30,9 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -183,7 +185,8 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
// load MOASession from database
AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
@@ -294,7 +297,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
// signRequest
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
String acsURL = issuerValue
+ AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 25cb952d7..2e72f216a 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -83,7 +83,7 @@ public class AttributeCollector implements IAction { if (httpReq.getParameter("SAMLResponse") != null) { Logger.info("Got SAML response from external attribute provider."); - MOASTORKResponse STORK2Response = new MOASTORKResponse(); + MOASTORKResponse STORK2Response = new MOASTORKResponse(httpReq); //extract STORK Response from HTTP Request byte[] decSamlToken; @@ -173,7 +173,7 @@ public class AttributeCollector implements IAction { SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); if (sloInfo == null) { - sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule()); + sloInfo = new SLOInformationImpl(req.getAuthURL(), null, null, null, req.requestedModule()); } return sloInfo; @@ -297,7 +297,7 @@ public class AttributeCollector implements IAction { Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 4d3c01bee..f16f7c9a8 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -85,7 +85,7 @@ public class AuthenticationRequest implements IAction { if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { @@ -217,9 +217,9 @@ public class AuthenticationRequest implements IAction { String destinationURL = null; try { - issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString(); + issuer = new URL(moaStorkRequest.getAuthURL()).toString(); destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + publicURLPrefix = moaStorkRequest.getAuthURL(); assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; } catch (MalformedURLException ex) { Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex); diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 947accf8e..2b7d4e045 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -145,7 +145,7 @@ public class ConsentEvaluator implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); VelocityContext context = new VelocityContext(); - context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); + context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); // assemble table String table = ""; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 11eb01453..4e666c21c 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; @@ -52,6 +54,15 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; */ public class MOASTORKRequest extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public MOASTORKRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( new String[] { PVPConstants.BPK_NAME, diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index d2cf2e813..a233835bf 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.logging.Logger; @@ -33,6 +34,8 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; import java.io.Serializable; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; /** @@ -43,6 +46,15 @@ import org.opensaml.saml2.core.Attribute; public class MOASTORKResponse extends RequestImpl { /** + * @param req + * @throws ConfigurationException + */ + public MOASTORKResponse(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + + /** * The Constant serialVersionUID. */ private static final long serialVersionUID = -5798803155055518747L; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index e58fe804f..2351450e4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -92,7 +92,7 @@ public class MandateRetrievalRequest implements IAction { if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); this.authData = authData; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 071b5ae8a..c4f9658e4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -91,8 +91,8 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.debug("Request content length: " + request.getContentLength()); Logger.debug("Initiating action: " + action); - MOASTORKRequest STORK2Request = new MOASTORKRequest(); - MOASTORKResponse STORK2Response = new MOASTORKResponse(); + MOASTORKRequest STORK2Request = new MOASTORKRequest(request); + MOASTORKResponse STORK2Response = new MOASTORKResponse(request); if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index d44e2a18a..69cd7c217 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -41,6 +41,10 @@ <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> </exclusion> + <exclusion> + <artifactId>DocumentService</artifactId> + <groupId>eu.stork</groupId> + </exclusion> </exclusions> </dependency> <dependency> |