aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java100
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java504
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java20
-rw-r--r--id/server/moa-id-commons/.classpath1
-rw-r--r--id/server/moa-id-commons/pom.xml58
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java42
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationUtil.java201
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java33
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionUtil.java (renamed from id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java)14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java19
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java10
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/bindings.xjb10
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml (renamed from id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml)0
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd943
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/persistence_template.xml10
18 files changed, 1884 insertions, 103 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index cef9f9ff9..e23b26417 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -143,6 +143,7 @@ public class MOAIDAuthInitializer {
// Loads the configuration
AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+
ConnectionParameter moaSPConnParam = authConf
.getMoaSpConnectionParameter();
@@ -175,6 +176,8 @@ public class MOAIDAuthInitializer {
AxisSecureSocketFactory.initialize(ssf);
}
+
+ //TODO: Set TimeOuts!!!
// sets the authentication session and authentication data time outs
String param = authConf
.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d85d61bc7..6f1af9842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -38,7 +38,10 @@ import org.hibernate.cfg.Configuration;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -276,37 +279,69 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} catch (IOException e) {
}
}
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
+ try {
+
//Initial Hibernate Framework
- //TODO: Full update to new MOA-ID configuration!!!
Logger.trace("Initializing Hibernate framework.");
-
+
+ //Load MOAID-2.0 properties file
String propertiesFileLocation = System.getProperty("moa.id.config");
MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
File propertiesFile = new File(propertiesFileLocation);
FileInputStream fis;
Properties props = new Properties();
+
+ //TODO: determine from new config file path
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
try {
fis = new FileInputStream(propertiesFile);
props.load(fis);
+
+ // read MOAID Session Hibernate properties
+ Properties moaSessionProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "moasession.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // read Config Hibernate properties
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "configuration.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
- Configuration hibernateConfig = new Configuration();
- hibernateConfig.addAnnotatedClass(AssertionStore.class);
- hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
- hibernateConfig.addAnnotatedClass(OASessionStore.class);
- hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);
- hibernateConfig.addProperties(props);
- HibernateUtil.initHibernate(hibernateConfig, props);
+
+ //Initial config Database
+ ConfigurationUtil.initHibernate(configProp);
+
+ //initial MOAID Session Database
+ Configuration config = new Configuration();
+ config.addAnnotatedClass(AssertionStore.class);
+ config.addAnnotatedClass(AuthenticatedSessionStore.class);
+ config.addAnnotatedClass(OASessionStore.class);
+ config.addAnnotatedClass(OldSSOSessionIDStore.class);
+ config.addProperties(moaSessionProp);
+ MOASessionUtil.initHibernate(config, moaSessionProp);
+
}
Logger.trace("Hibernate initialization finished.");
@@ -327,8 +362,19 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.debug("OpenSAML successfully initialized");
+ //TODO: load from Legacy if legacy.xml.configuration != null
+// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(fileName, rootConfigFileDir);
+// ConfigurationUtil.save(moaconfig);
+
+ //TODO: Save MOAID 2.0 config to XML
+// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+// Marshaller m = jc.createMarshaller();
+// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+// File test = new File("D:/moa2.0_config.xml");
+// m.marshal(moaconfig, test);
+
- // build the internal datastructures
+// // build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
bKUSelectable = (bKUConnectionParameter!=null);
@@ -399,14 +445,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
// }
// return transformsInfos;
// }
+
+
/**
* Return a string array with all filenames leading
* to the Transforms Information for the Security Layer
* @return String[] of filenames to the Security Layer Transforms Information
*/
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
- }
+ //TODO: only for testing
+// public String[] getTransformsInfoFileNames() {
+// return transformsInfoFileNames;
+// }
/**
* Build an array of the OnlineApplication Parameters containing information
@@ -428,7 +477,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
+
+// return ConfigurationDBUtils.getOnlineApplication(oaURL);
+
+ OAAuthParameter[] oaParams = getOnlineApplicationParameters();
for (int i = 0; i < oaParams.length; i++) {
OAAuthParameter oaParam = oaParams[i];
if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
new file mode 100644
index 000000000..62f85fa3c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -0,0 +1,504 @@
+package at.gv.egovernment.moa.id.config.legacy;
+
+import iaik.util.logging.Log;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class BuildFromLegacyConfig {
+
+ private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ public static MOAIDConfiguration build(String fileName, String rootConfigFileDir) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ Log.info("Load Legacy-Configuration from file=" + fileName);
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+
+ }
+ }
+
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+
+
+ MOAIDConfiguration moaIDConfig = new MOAIDConfiguration();
+
+ AuthComponentGeneral generalAuth = new AuthComponentGeneral();
+ moaIDConfig.setAuthComponentGeneral(generalAuth);
+
+
+ //not supported by MOA-ID 2.0
+ //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ //bKUSelectable = (bKUConnectionParameter!=null);
+ //bKUSelectionType = builder.buildAuthBKUSelectionType();
+
+
+ //Load generic Config
+ Map genericConfiguration = builder.buildGenericConfiguration();
+ GeneralConfiguration authGeneral = new GeneralConfiguration();
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ authGeneral.setAlternativeSourceID(
+ (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ authGeneral.setTrustManagerRevocationChecking(
+ Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ authGeneral.setCertStoreDirectory(
+ (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
+
+
+ //Load Assertion and Session timeouts
+ TimeOuts timeOuts = new TimeOuts();
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min
+
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min
+
+ timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min
+ authGeneral.setTimeOuts(timeOuts);
+ generalAuth.setGeneralConfiguration(authGeneral);
+
+
+ //TODO: set Protocols!!!!
+ Protocols auth_protocols = new Protocols();
+ generalAuth.setProtocols(auth_protocols);
+
+ LegacyAllowed prot_legacy = new LegacyAllowed();
+ auth_protocols.setLegacyAllowed(prot_legacy);
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values
+ prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+
+ //TODO: remove beta test values
+ PVP2 prot_pvp2 = new PVP2();
+ auth_protocols.setPVP2(prot_pvp2);
+ prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
+
+ Organization pvp2_org = new Organization();
+ prot_pvp2.setOrganization(pvp2_org);
+ pvp2_org.setDisplayName("OrganisationDisplayName");
+ pvp2_org.setName("OrganisatioName");
+ pvp2_org.setURL("http://www.egiz.gv.at");
+
+ Contact pvp2_contact = new Contact();
+ prot_pvp2.setContact(pvp2_contact);
+ pvp2_contact.setCompany("OrganisationDisplayName");
+ pvp2_contact.setGivenName("Max");
+ pvp2_contact.setMail("max@muster.mann");
+ pvp2_contact.setPhone("01 5555 5555");
+ pvp2_contact.setSurName("Mustermann");
+ pvp2_contact.setType("technical");
+
+
+ //SSO
+ SSO auth_sso = new SSO();
+ generalAuth.setSSO(auth_sso);
+ auth_sso.setTarget("BF");
+ auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
+
+
+ //set SecurityLayer Transformations
+ String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+
+ List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>();
+ for (String transformInfo : transformsInfos) {
+ TransformsInfoType transforminfotype = new TransformsInfoType();
+ transforminfotype.setFilename("");
+ //TODO: Transformation is stored in BASE64
+ transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes()).getBytes());
+ auth_transformInfos.add(transforminfotype);
+ }
+ SecurityLayer auth_securityLayer = new SecurityLayer();
+ auth_securityLayer.setTransformsInfo(auth_transformInfos);
+ generalAuth.setSecurityLayer(auth_securityLayer);
+
+
+ //set MOASP configuration
+ MOASP auth_moaSP = new MOASP();
+ generalAuth.setMOASP(auth_moaSP);
+
+ //set MOASP connection
+ ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ if (moaSpConnectionParameter != null) {
+ ConnectionParameterClientAuthType auth_moaSP_connection =
+ parseConnectionParameterClientAuth(moaSpConnectionParameter);
+ auth_moaSP.setConnectionParameter(auth_moaSP_connection);
+ }
+
+ //set VerifyIdentityLink
+ String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink();
+ auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID);
+ auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink);
+
+ //set VerifyAuthBlock
+ String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock();
+ auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID);
+ String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> transformlist = new ArrayList<String>();
+ Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs);
+ auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist);
+ auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock);
+
+
+ //TODO: check correctness!!!
+ //set IdentityLinkSigners
+ IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
+ generalAuth.setIdentityLinkSigners(auth_idsigners);
+ List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames);
+
+
+ //not supported by MOA-ID 2.0
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters = null;
+// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+// if (defaultVerifyInfoboxParamtersElem != null) {
+// defaultVerifyInfoboxParameters =
+// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+// }
+
+
+ //Set ForeignIdentities
+ ForeignIdentities auth_foreign = new ForeignIdentities();
+ generalAuth.setForeignIdentities(auth_foreign);
+
+ //set Connection parameters
+ ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+ ConnectionParameterClientAuthType auth_foreign_connection =
+ parseConnectionParameterClientAuth(foreignIDConnectionParameter);
+ auth_foreign.setConnectionParameter(auth_foreign_connection);
+
+ //set STORK configuration
+ STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ STORK auth_foreign_stork = new STORK();
+ auth_foreign.setSTORK(auth_foreign_stork);
+
+ //set CPEPS
+ Map<String, at.gv.egovernment.moa.id.config.stork.CPEPS> map = storkConfig.getCpepsMap();
+ Set<String> map_keys = map.keySet();
+ List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
+ for (String key : map_keys) {
+ CPEPS cpep = new CPEPS();
+ cpep.setCountryCode(map.get(key).getCountryCode());
+ cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
+
+ List<RequestedAttributeType> cpep_reqs = new ArrayList<RequestedAttributeType>();
+ List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
+ for (RequestedAttribute e1 : map1) {
+ RequestedAttributeType cpep_req = new RequestedAttributeType();
+ cpep_req.setIsRequired(e1.isRequired());
+ cpep_req.setFriendlyName(e1.getFriendlyName());
+ cpep_req.setNameFormat(e1.getNameFormat());
+ cpep_req.setName(e1.getName());
+
+ List<XMLObject> e2s = e1.getAttributeValues();
+ List<Object> cpep_req_attr = new ArrayList<Object>();
+ for (XMLObject e2 : e2s) {
+ cpep_req_attr.add(e2);
+ }
+ cpep_req.setAttributeValue(cpep_req_attr);
+ }
+ cpep.setRequestedAttribute(cpep_reqs);
+ auth_foreign_stork_cpeps.add(cpep);
+ }
+ auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
+
+ //set SAMLSigningParameter
+ SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
+ auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
+
+ SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
+ auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
+ KeyStore stork_saml_creat_keystore = new KeyStore();
+ stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
+ stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
+ stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
+ KeyName stork_saml_creat_keyname = new KeyName();
+ stork_saml_creat.setKeyName(stork_saml_creat_keyname);
+ stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
+ stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
+
+ SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
+ auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
+ stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+
+ //TODO: check correctness
+ //set QualityAuthenticationAssurance
+ //set RequestedAttbutes
+
+
+ //set OnlineMandates config
+ ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
+ OnlineMandates auth_mandates = new OnlineMandates();
+ generalAuth.setOnlineMandates(auth_mandates);
+ auth_mandates.setConnectionParameter(
+ parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
+
+
+ //TODO: add auth template configuration!!!
+
+
+ //set OnlineApplications
+ OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+ ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+ moaIDConfig.setOnlineApplication(moa_oas);
+ for (OAAuthParameter oa : onlineApplicationAuthParameters) {
+ OnlineApplication moa_oa = new OnlineApplication();
+
+ //set general OA configuration
+ moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
+ moa_oa.setFriendlyName(oa.getFriendlyName());
+ moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness
+ moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix());
+ moa_oa.setTarget(oa.getTarget());
+ moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName());
+ moa_oa.setType(oa.getOaType());
+
+
+ AuthComponentOA oa_auth = new AuthComponentOA();
+ moa_oa.setAuthComponentOA(oa_auth);
+
+ //SLLayer Version / useIframe
+ oa_auth.setSlVersion(oa.getSlVersion());
+ oa_auth.setUseIFrame(false);
+
+
+ //BKUURLs
+ BKUURLS bkuurls = new BKUURLS();
+ bkuurls.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
+ bkuurls.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
+ bkuurls.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+ oa_auth.setBKUURLS(bkuurls);
+
+ //IdentificationNumber
+ IdentificationNumber idnumber = new IdentificationNumber();
+ idnumber.setValue(oa.getIdentityLinkDomainIdentifier());
+ idnumber.setType(oa.getIdentityLinkDomainIdentifierType());
+ oa_auth.setIdentificationNumber(idnumber);
+
+ //set Templates
+ TemplatesType templates = new TemplatesType();
+ oa_auth.setTemplates(templates);
+ templates.setAditionalAuthBlockText("");
+ TemplateType template = new TemplateType();
+ template.setURL(oa.getTemplateURL());
+ templates.setTemplate(template);
+
+ //set TransformsInfo
+ String[] transforminfos = oa.getTransformsInfos();
+ ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>();
+ for (String e1 : transforminfos) {
+ TransformsInfoType transforminfo = new TransformsInfoType();
+ transforminfo.setFilename(e1);
+ oa_transforminfos.add(transforminfo);
+ }
+ oa_auth.setTransformsInfo(oa_transforminfos);
+
+ //VerifyInfoBoxes not supported by MOAID 2.0
+
+ //set Mandates
+ Mandates oa_mandates = new Mandates();
+ oa_auth.setMandates(oa_mandates);
+ oa_mandates.setProfiles(oa.getMandateProfiles());
+
+ //STORK
+ //TODO: OA specific STORK config is deactivated in MOA 1.5.2
+
+ //SSO
+ OASSO oa_sso = new OASSO();
+ oa_auth.setOASSO(oa_sso);
+ oa_sso.setUseSSO(true);
+ oa_sso.setSingleLogOutURL("");
+
+ //OA_SAML1
+ OASAML1 oa_saml1 = new OASAML1();
+ oa_auth.setOASAML1(oa_saml1);
+ oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength()));
+ oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock());
+ oa_saml1.setProvideCertificate(oa.getProvideCertifcate());
+ oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData());
+ oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
+ oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
+ oa_saml1.setUseCondition(oa.getUseCondition());
+ oa_saml1.setUseUTC(oa.getUseUTC());
+
+ //OA_PVP2
+ OAPVP2 oa_pvp2 = new OAPVP2();
+ oa_auth.setOAPVP2(oa_pvp2);
+ oa_pvp2.setMetadataURL("TODO!!!");
+ oa_pvp2.setCertificate("TODO!!!".getBytes());
+
+ moa_oas.add(moa_oa);
+ }
+
+ //removed from MOAID 2.0 config
+ //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+
+
+ //set chaining modes
+ ChainingModes moa_chainingModes = new ChainingModes();
+ moaIDConfig.setChainingModes(moa_chainingModes);
+
+ ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode());
+ moa_chainingModes.setSystemDefaultMode(type);
+
+ Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes();
+ List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>();
+ Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet();
+ for (IssuerAndSerial e1 : chaining_anchor_map) {
+ TrustAnchor trustanchor = new TrustAnchor();
+
+ ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1));
+ trustanchor.setMode(type1);
+
+ trustanchor.setX509IssuerName(e1.getIssuerDN());
+ trustanchor.setX509SerialNumber(e1.getSerial());
+ chaining_anchor.add(trustanchor);
+ }
+ moa_chainingModes.setTrustAnchor(chaining_anchor);
+
+
+ //set trustedCACertificate path
+ moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates());
+
+
+ //TODO: move to read config functionality
+ //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+
+ //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
+ //trustedBKUs = builder.getTrustedBKUs();
+ //trustedTemplateURLs = builder.getTrustedTemplateURLs();
+
+
+ //set DefaultBKUs
+ DefaultBKUs moa_defaultbkus = new DefaultBKUs();
+ moaIDConfig.setDefaultBKUs(moa_defaultbkus);
+ moa_defaultbkus.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
+ moa_defaultbkus.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
+ moa_defaultbkus.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+
+
+ //set SLRequest Templates
+ SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates();
+ moaIDConfig.setSLRequestTemplates(moa_slrequesttemp);
+ moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html");
+ moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html");
+ moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
+
+ return moaIDConfig;
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth(
+ ConnectionParameter old) {
+ ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
+ auth_moaSP_connection.setURL(old.getUrl());
+ auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
+ ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
+ auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
+ auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
+ auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
+ return auth_moaSP_connection;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index d55482e95..eeb0afae2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -1,9 +1,6 @@
package at.gv.egovernment.moa.id.moduls;
import java.util.List;
-import java.util.Set;
-
-import iaik.util.logging.Log;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -13,7 +10,7 @@ import org.hibernate.Query;
import org.hibernate.Session;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -60,7 +57,7 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List<OldSSOSessionIDStore> result;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index b5de788af..9933142e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -11,7 +11,7 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
@@ -52,7 +52,7 @@ public class AssertionStorage {
//store AssertionStore element to Database
try {
- HibernateUtil.saveOrUpdate(element);
+ MOASessionUtil.saveOrUpdate(element);
Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -85,7 +85,7 @@ public class AssertionStorage {
Date expioredate = new Date(now - authDataTimeOut);
List<AssertionStore> results;
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -98,7 +98,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- HibernateUtil.delete(result);
+ MOASessionUtil.delete(result);
Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ " after assertion timeout.");
@@ -115,7 +115,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- HibernateUtil.delete(element);
+ MOASessionUtil.delete(element);
} catch (MOADatabaseException e) {
Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
@@ -130,7 +130,7 @@ public class AssertionStorage {
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
synchronized (session) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 8ea6a6633..faff2955b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -18,7 +18,7 @@ import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -62,7 +62,7 @@ public class AuthenticationSessionStoreage {
//store AssertionStore element to Database
try {
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -83,7 +83,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -96,7 +96,7 @@ public class AuthenticationSessionStoreage {
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
@@ -168,7 +168,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
return id;
@@ -203,7 +203,7 @@ public class AuthenticationSessionStoreage {
try {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
synchronized (session) {
@@ -288,7 +288,7 @@ public class AuthenticationSessionStoreage {
MiscUtil.assertNotNull(SSOId, "moasessionID");
Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -331,7 +331,7 @@ public class AuthenticationSessionStoreage {
Date expioredate = new Date(now - authDataTimeOut);
List<AuthenticatedSessionStore> results;
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -344,7 +344,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- HibernateUtil.delete(result);
+ MOASessionUtil.delete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -361,7 +361,7 @@ public class AuthenticationSessionStoreage {
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath
index f903134e9..88431cf04 100644
--- a/id/server/moa-id-commons/.classpath
+++ b/id/server/moa-id-commons/.classpath
@@ -17,6 +17,7 @@
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
+ <classpathentry kind="src" path="target/generated-sources/xjc"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
<attributes>
<attribute name="maven.pomderived" value="true"/>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index e2189372b..540bd7b89 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -16,6 +16,17 @@
<version>4.2.1.Final</version>
</dependency>
<dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-c3p0</artifactId>
+ <version>4.2.1.Final</version>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>4.2.1.Final</version>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.1</version>
@@ -25,17 +36,19 @@
<artifactId>moa-common</artifactId>
<type>jar</type>
</dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-c3p0</artifactId>
- <version>4.2.1.Final</version>
- </dependency>
-
+
+ <!-- dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ <version>2.2.7</version>
+ </dependency -->
+
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.0-api</artifactId>
- <version>1.0.0.Final</version>
+ <version>1.0.1.Final</version>
</dependency>
+
<dependency>
<groupId>org.jvnet.hyperjaxb3</groupId>
<artifactId>hyperjaxb3-ejb-runtime</artifactId>
@@ -50,7 +63,24 @@
</dependencies>
<build>
- <plugins>
+ <defaultGoal>install</defaultGoal>
+
+ <resources>
+ <resource>
+ <directory>src/main/resources/config</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ <resource>
+ <directory>target/generated-sources/xjc</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ </resources>
+
+ <plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -76,14 +106,13 @@
</execution>
</executions>
</plugin>
-
+
<plugin>
<groupId>org.jvnet.hyperjaxb3</groupId>
<artifactId>maven-hyperjaxb3-plugin</artifactId>
<version>0.5.6</version>
<executions>
<execution>
- <phase>generate-sources</phase>
<goals>
<goal>generate</goal>
</goals>
@@ -91,8 +120,13 @@
</executions>
<configuration>
<extension>true</extension>
- <roundtripTestClassName>RoundtripTest</roundtripTestClassName>
- </configuration>
+ <schemaDirectory>src/main/resources/config</schemaDirectory>
+ <bindingDirectory>src/main/resources/config</bindingDirectory>
+ <!-- persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml-->
+ <generatePackage>at.gv.egovernment.moa.id.commons.db.dao.config</generatePackage>
+
+ <!-- roundtripTestClassName>RoundtripTest</roundtripTestClassName -->
+ </configuration>
</plugin>
<plugin>
<inherited>true</inherited>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
new file mode 100644
index 000000000..183fcda65
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.commons.db;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.persistence.EntityManager;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConfigurationDBUtils {
+
+ private static Map<String, String> QUERIES = new HashMap<String, String>();
+ static {
+ QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix LIKE :id");
+ }
+
+ @SuppressWarnings("rawtypes")
+ public static OnlineApplication getOnlineApplication(String id) {
+ MiscUtil.assertNotNull(id, "OnlineApplictionID");
+ Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
+
+ List result;
+ EntityManager session = ConfigurationUtil.getCurrentSession();
+
+ javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID"));
+ query.setParameter("id", id+"%");
+ result = query.getResultList();
+
+ Logger.trace("Found entries: " + result.size());
+
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+ return (OnlineApplication) result.get(0);
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationUtil.java
new file mode 100644
index 000000000..695bf4028
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationUtil.java
@@ -0,0 +1,201 @@
+package at.gv.egovernment.moa.id.commons.db;
+
+import java.util.Properties;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.EntityTransaction;
+import javax.persistence.Persistence;
+
+import org.hibernate.HibernateException;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public final class ConfigurationUtil {
+
+ private static EntityManagerFactory entitymanagerfactory;
+
+ @SuppressWarnings("rawtypes")
+ private static final ThreadLocal THREAD_LOCAL = new ThreadLocal();
+ private static boolean automaticSessionHandling = false;
+
+ protected ConfigurationUtil() { }
+
+ public static void initHibernate(Properties props) {
+
+ try {
+
+ //add Hibernate annotations
+// Configuration hibernateConfig = new Configuration();
+// hibernateConfig.addAnnotatedClass(AssertionStore.class);
+// hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
+// hibernateConfig.addAnnotatedClass(OASessionStore.class);
+// hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);
+// hibernateConfig.addProperties(props);
+
+
+ Logger.debug("Creating initial session factory...");
+// entitymanagerfactory =
+// Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config",
+// hibernateConfig.getProperties());
+
+ entitymanagerfactory =
+ Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config",
+ props);
+
+ Logger.debug("Initial session factory successfully created.");
+
+
+ } catch (Throwable ex) {
+ Logger.error("Initial session factory creation failed: " + ex.getMessage());
+ throw new ExceptionInInitializerError(ex);
+ }
+ }
+
+
+ /**
+ * Checks if a session factory is currently available. If necessary a new
+ * session factory is created.
+ *
+ * @return current (or new) session factory
+ * @throws HibernateException
+ * thrown if a hibernate error occurs
+ */
+ public static EntityManager getCurrentSession() {
+ if (automaticSessionHandling) {
+
+ return entitymanagerfactory.createEntityManager();
+ }
+
+ EntityManager session = (EntityManager) THREAD_LOCAL.get();
+ // Open a new Session, if this Thread has none yet
+ if (session == null) {
+ session = getNewSession();
+ }
+ return session;
+ }
+
+ @SuppressWarnings("unchecked")
+ public static EntityManager getNewSession() {
+ if (automaticSessionHandling) {
+ Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
+ //return sessionFactory.getCurrentSession();
+ return entitymanagerfactory.createEntityManager();
+ }
+ EntityManager session = (EntityManager) THREAD_LOCAL.get();
+ if (session != null) {
+ Logger.warn("Previous session has not been closed; closing session now.");
+ closeSession();
+ }
+ Logger.debug("Opening new hibernate session...");
+ try {
+ session = entitymanagerfactory.createEntityManager();
+ THREAD_LOCAL.set(session);
+ } catch (HibernateException hex) {
+ Logger.error(hex.getMessage());
+ }
+ return session;
+ }
+
+ /**
+ * Closes the current session.
+ *
+ * @throws HibernateException
+ * thrown if session is already closed or a hibernate error
+ * occurs.
+ */
+ @SuppressWarnings("unchecked")
+ public static void closeSession() {
+ if (automaticSessionHandling) {
+ Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
+ return;
+ }
+ Logger.debug("Closing current hibernate session...");
+ Session session = (Session) THREAD_LOCAL.get();
+ THREAD_LOCAL.set(null);
+ if (session != null) {
+ try {
+ session.close();
+
+ } catch (HibernateException hex) {
+ Logger.error(hex.getMessage());
+ }
+ }
+ }
+
+ public static boolean save(Object dbo) throws MOADatabaseException {
+ EntityTransaction tx = null;
+
+ try {
+ EntityManager session = ConfigurationUtil.getCurrentSession();
+ tx = session.getTransaction();
+
+ synchronized (session) {
+ tx.begin();
+ session.persist(dbo);
+ tx.commit();
+
+ session.clear();
+ }
+ return true;
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new MOADatabaseException(e);
+ }
+ }
+
+
+ public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
+ EntityTransaction tx = null;
+
+ try {
+ EntityManager session = ConfigurationUtil.getCurrentSession();
+ tx = session.getTransaction();
+
+ synchronized (session) {
+ tx.begin();
+
+ session.merge(dbo);
+ session.flush();
+
+ tx.commit();
+
+ session.clear();
+ }
+ return true;
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new MOADatabaseException(e);
+ }
+ }
+
+ public static boolean delete(Object dbo) {
+ EntityTransaction tx = null;
+ try {
+ EntityManager session = ConfigurationUtil.getCurrentSession();
+ tx = session.getTransaction();
+
+ synchronized (session) {
+ tx.begin();
+ session.remove(session.contains(dbo) ? dbo : session.merge(dbo));
+ tx.commit();
+
+ session.clear();
+ }
+
+ return true;
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database delete. Rollback.", e);
+ tx.rollback();
+ return false;
+ }
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java
deleted file mode 100644
index d60c5ef45..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package at.gv.egovernment.moa.id.commons.db;
-
-import java.util.List;
-
-import org.hibernate.Query;
-import org.hibernate.Session;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DBUtils {
-
-// @SuppressWarnings("rawtypes")
-// public static AssertionStore getAssertion(String artifact) {
-// MiscUtil.assertNotNull(artifact, "artifact");
-// Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
-//
-// Session session = HibernateUtil.getCurrentSession();
-// session.beginTransaction();
-// Query query = session.getNamedQuery("getAssertionWithArtifact");
-// query.setString("artifact", artifact);
-// List result = query.list();
-// Logger.trace("Found entries: " + result.size());
-//
-// if (result.size() == 0) {
-// Logger.trace("No entries found.");
-// return null;
-// }
-// return (AssertionStore) result.get(0);
-// }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionUtil.java
index 1fa5a20fd..ccc4e9589 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionUtil.java
@@ -11,10 +11,14 @@ import org.hibernate.cfg.Configuration;
import org.hibernate.service.ServiceRegistry;
import org.hibernate.service.ServiceRegistryBuilder;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
-public final class HibernateUtil {
+public final class MOASessionUtil {
private static SessionFactory sessionFactory;
private static ServiceRegistry serviceRegistry;
@@ -28,7 +32,7 @@ public final class HibernateUtil {
private static Configuration configuration;
- protected HibernateUtil() { }
+ protected MOASessionUtil() { }
public static void initHibernate(Configuration config, Properties hibernateProperties) {
@@ -45,7 +49,7 @@ public final class HibernateUtil {
try {
//Create the SessionFactory
Logger.debug("Creating initial session factory...");
-
+
config.configure();
serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
sessionFactory = config.buildSessionFactory(serviceRegistry);
@@ -127,7 +131,7 @@ public final class HibernateUtil {
public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
Transaction tx = null;
try {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
tx = session.beginTransaction();
@@ -146,7 +150,7 @@ public final class HibernateUtil {
public static boolean delete(Object dbo) {
Transaction tx = null;
try {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
tx = session.beginTransaction();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index a0898efc1..50c156c4e 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -5,13 +5,16 @@ import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Lob;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
-import org.hibernate.annotations.NamedQueries;
-import org.hibernate.annotations.NamedQuery;
+
@Entity
@@ -27,6 +30,10 @@ public class AssertionStore implements Serializable{
private static final long serialVersionUID = 1L;
@Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id", unique=true, nullable=false)
+ private long id;
+
@Column(name = "artifact", unique=true, nullable=false)
private String artifact;
@@ -72,6 +79,14 @@ public class AssertionStore implements Serializable{
public void setDatatime(Date datatime) {
this.timestamp = datatime;
}
+
+ public long getId() {
+ return id;
+ }
+
+ public void setId(long id) {
+ this.id = id;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 4ed42175e..98c2d7461 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -4,7 +4,6 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
-import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
@@ -12,7 +11,6 @@ import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
-import javax.persistence.JoinColumn;
import javax.persistence.Lob;
import javax.persistence.OneToMany;
import javax.persistence.PrePersist;
@@ -20,11 +18,11 @@ import javax.persistence.PreUpdate;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
import org.hibernate.annotations.DynamicUpdate;
-import org.hibernate.annotations.IndexColumn;
-import org.hibernate.annotations.NamedQueries;
-import org.hibernate.annotations.NamedQuery;
+
@Entity
@DynamicUpdate(value=true)
@@ -40,7 +38,7 @@ public class AuthenticatedSessionStore implements Serializable{
private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
new file mode 100644
index 000000000..6269e2dbc
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
@@ -0,0 +1,10 @@
+<jaxb:bindings version="1.0"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+ <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema">
+ <jaxb:globalBindings localScoping="toplevel">
+ <jaxb:serializable/>
+ </jaxb:globalBindings>
+ </jaxb:bindings>
+</jaxb:bindings> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml
index 4841481b6..4841481b6 100644
--- a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml
+++ b/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
new file mode 100644
index 000000000..136e49154
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -0,0 +1,943 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0">
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- ### Identification elements ### -->
+ <xsd:complexType name="AbstractSimpleIdentificationType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string"/>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:element name="AbstractSimpleIdentification" type="AbstractSimpleIdentificationType">
+ <xsd:annotation>
+ <xsd:documentation>possibility to include common austrian primary
+ keys in human readable way, english translation not available
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <!-- ### DSIG imports ### -->
+ <xsd:complexType name="X509IssuerSerialType">
+ <xsd:sequence>
+ <xsd:element name="X509IssuerName" type="xsd:string"/>
+ <xsd:element name="X509SerialNumber" type="xsd:integer"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- ### Imported STORK resources ### -->
+ <xsd:simpleType name="QualityAuthenticationAssuranceLevelType">
+ <xsd:restriction base="xsd:integer">
+ <xsd:minInclusive value="1"/>
+ <xsd:maxInclusive value="4"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="QualityAuthenticationAssuranceLevel" type="QualityAuthenticationAssuranceLevelType"/>
+ <xsd:element name="AttributeValue" type="xsd:anyType"/>
+ <xsd:complexType name="RequestedAttributeType">
+ <xsd:sequence>
+ <xsd:element ref="AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="Name" type="xsd:string" use="required"/>
+ <xsd:attribute name="NameFormat" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="FriendlyName" type="xsd:string" use="optional"/>
+ <xsd:attribute name="isRequired" type="xsd:boolean" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="RequestedAttribute" type="RequestedAttributeType"/>
+ <xsd:simpleType name="CountryCodeType">
+ <xsd:restriction base="xsd:token">
+ <xsd:pattern value="[A-Z]{2}"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="RequestedAttributesType">
+ <xsd:sequence>
+ <xsd:element ref="RequestedAttribute" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="RequestedAttributes" type="RequestedAttributesType"/>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation -->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent_General" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="AuthComponentType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent_General" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter_Proxy" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung
+ von der Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+ <xsd:attribute name="target" type="xsd:string" use="optional"/>
+ <xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder
+ "chaining") für die Zertifikatspfadvalidierung
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender
+ ChiningMode kann für jeden TrustAnchor gesetzt werden
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das
+ vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate
+ enthält.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ <xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+ <xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+ <xsd:enumeration value="AuthenticationServer.SourceID"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="DefaultBKUs">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="OnlineBKU" type="xsd:anyURI" minOccurs="0"/>
+ <xsd:element name="HandyBKU" type="xsd:anyURI"/>
+ <xsd:element name="LocalBKU" type="xsd:anyURI"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SLRequestTemplates">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="OnlineBKU" type="xsd:anyURI"/>
+ <xsd:element name="HandyBKU" type="xsd:anyURI"/>
+ <xsd:element name="LocalBKU" type="xsd:anyURI"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element ref="GeneralConfiguration"/>
+ <xsd:element name="Protocols">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="SAML1" minOccurs="0"/>
+ <xsd:element name="PVP2" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="PublicURLPrefix" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Organization">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="DisplayName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="URL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Contact">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="SurName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="GivenName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Mail" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Type" minOccurs="1" maxOccurs="1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="technical"/>
+ <xsd:enumeration value="support"/>
+ <xsd:enumeration value="administrative"/>
+ <xsd:enumeration value="billing"/>
+ <xsd:enumeration value="other"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:element name="Company" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Phone" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="LegacyAllowed">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ProtocolName" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SSO">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="target" type="xsd:string"/>
+ <xsd:element name="FriendlyName" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthaelt Konfiguratiosnparameter für die
+ Kommunikation mit dem MOA SP Modul
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von
+ der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den
+ Endpunkt des Server; wird das Schema "https" verwendet müssen
+ die Kind-Elemente angegeben werden; wird das Schema "http"
+ verwendet dürfen keine Kind-Elemente angegeben werden; wird das
+ Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers
+ des IdentityLinks
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden
+ per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ForeignIdentities" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>Verbindungsparameter zum SZR-Gateway
+ (GetIdentityLink)
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="STORK" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Verbindungsparameter zu den Country-PEPS
+ (C-PEPS)
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineMandates" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>Verbindungsparameter zum
+ Online-Vollmachten-Service
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="OnlineBKU" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="HandyBKU" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="LocalBKU" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit
+ globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese
+ TransformsInfo werden in den CreateXMLSignatureRequest fuer die
+ Signatur des AUTH-Blocks inkludiert
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="transformation" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="AditionalAuthBlockText" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des
+ Templates
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyInfoboxesType">
+ <xsd:annotation>
+ <xsd:documentation>Verifikation zusaetzlicher Infoboxen
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="DefaultTrustProfile" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionales DefaultTrustprofil für die
+ Überprüfung aller weiteren Infoboxen
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SchemaLocationType">
+ <xsd:annotation>
+ <xsd:documentation>Spezifiziert die Lage von XML Schemas
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="Schema" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent_OA" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="BKUURLS">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="OnlineBKU" type="xsd:anyURI" minOccurs="1"/>
+ <xsd:element name="HandyBKU" type="xsd:anyURI" minOccurs="1"/>
+ <xsd:element name="LocalBKU" type="xsd:anyURI" minOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:string"/>
+ <xsd:element name="Value" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="Mandates" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="Profiles" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="STORK" minOccurs="0"/>
+ <xsd:element name="OA_SSO" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UseSSO" type="xsd:boolean"/>
+ <xsd:element name="SingleLogOutURL" type="xsd:anyURI"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="OA_SAML1" minOccurs="0"/>
+ <xsd:element ref="OA_PVP2" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="useIFrame" type="xsd:boolean" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0"
+ maxOccurs="1"/ -->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent_OA" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Proxy-Komponente betreffen
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Proxy-Komponente betreffen
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte
+ Server-Zertifikate der TLS-Verbindung enthält (keine
+ CA-Zertifikate)
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten
+ Schlüssel, der für die TLS-Client-Authentisierung verwendet
+ wird, enthält
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="CompatibilityMode" default="false">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:boolean"/>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:element name="EnableInfoboxValidator" default="true">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:boolean"/>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:element name="AlwaysShowForm" default="false">
+ <xsd:annotation>
+ <xsd:documentation>Soll nicht nur bei leerer oder standardisierter
+ Vollmacht mit unvollständigen Daten, sondern beispielsweise zu
+ Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein
+ Einschreiten durch berufliche Parteienvertretung geschieht so kann
+ dies mittels dieses Schalters veranlasst werden
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:boolean"/>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:complexType name="InputProcessorType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="template" type="xsd:anyURI" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>Das Attribut spezifiziert die Lage des
+ Templates, welches der InputProcessor zur Darstellung des
+ Eingabeformulars nutzen soll
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="PartyRepresentationType">
+ <xsd:sequence>
+ <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Default InputProcessor. Konfiguration eines vom
+ Standardprozess abweichenden Verarbeitungsvorgangs bei der
+ beruflichen Parteienvertretung. Der Wert dieses Elements ist der
+ vollständige Klassenname des InputProzessors
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="AlwaysShowForm" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Default Wert fuer Formularanzeige. Soll nicht nur
+ bei leerer oder standardisierter Vollmacht mit unvollstaendigen
+ Daten, sondern beispielsweise zu Kontrollzwecken das
+ Eingabeformular zur vervollstaendigung der Vertretenendaten immer
+ angezeigt werden, wenn ein Einschreiten durch berufliche
+ Parteienvertretung geschieht so kann dies mittels dieses Schalters
+ veranlasst werden
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Default Verbindungsparameter zum SZR-Gateway
+ (für den EGIZ-Demonstrator im internen Netzwerk:
+ https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Falls keine speziellen beruflichen
+ ParteienvertreterInnen definiert sind (Element kommt nicht vor),
+ werden ausschließlich standardisierte Vollmachten mit einer
+ MandateID="*" akzeptiert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="PartyRepresentativeType">
+ <xsd:sequence>
+ <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Konfiguration eines vom Standardprozess
+ abweichenden Verarbeitungsvorgangs bei der beruflichen
+ Parteienvertretung. Der Wert dieses Elements ist der vollständige
+ Klassenname des InputProzessors
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionale Verbindungsparameter zu speziellem
+ (SZR-)Gateway
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="oid" use="required">
+ <xsd:annotation>
+ <xsd:documentation>OID der Parteienvertretung lt. "Object Identifier
+ der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID
+ muss mit der MandateID der übermittelten standardisierten Vollmacht
+ übereinstimmen. Eine Parteienvertretung für standardisierte
+ Vollmachten mit der MandateID "*" muss nicht definiert werden und
+ erlaubt eine allgemeine berufliche Parteienvertretung mit
+ Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels
+ dieses Attributs zu definieren
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="representPhysicalParty" use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für
+ natürliche Personen erlaubt ist
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:boolean"/>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="representCorporateParty" use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für
+ juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht
+ vertreten darf und dieser Wert aus diesem Grund dort false sein
+ muss)
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:boolean"/>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="representationText" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>Beschreibender Text, der an Stelle des
+ Standardtexts bei der Signatur der Anmeldedaten im Falle einer
+ vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt
+ wird
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="SignatureCreationParameterType">
+ <xsd:annotation>
+ <xsd:documentation>Enthaelt Informationen zu einem KeyStore bzw. Key
+ zur STORK SAML AuthnRequest Signaturerstellung
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element ref="KeyStore"/>
+ <xsd:element ref="KeyName"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SignatureVerificationParameterType">
+ <xsd:annotation>
+ <xsd:documentation>Enthaelt Informationen zur Verfikation von
+ Signaturen einer STORK SAML Response
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="SAMLSigningParameter">
+ <xsd:annotation>
+ <xsd:documentation>Enthält Informationen zur Erstellung und
+ Verifikation von STORK SAML Messages
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="SignatureCreationParameter" type="SignatureCreationParameterType"/>
+ <xsd:element name="SignatureVerificationParameter" type="SignatureVerificationParameterType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="KeyStore">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel
+ zum Erstellen einer Signatur enthält
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="KeyName">
+ <xsd:annotation>
+ <xsd:documentation>Name zum Key eines KeyStores, der den privaten
+ Schlüssel zum Erstellen einer Signatur darstellt
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="C-PEPS">
+ <xsd:annotation>
+ <xsd:documentation>Enthält Informationen zu einem Citizen Country
+ PEPS (C-PEPS)
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="RequestedAttribute" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="countryCode" type="CountryCodeType" use="required"/>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="STORK">
+ <xsd:annotation>
+ <xsd:documentation>Contains STORK related information
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:sequence>
+ <xsd:element ref="C-PEPS" maxOccurs="unbounded"/>
+ <xsd:element ref="SAMLSigningParameter"/>
+ </xsd:sequence>
+ <xsd:sequence>
+ <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0"/>
+ <xsd:element ref="RequestedAttributes"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OA_SAML1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="provideStammzahl" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="provideAUTHBlock" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="provideIdentityLink" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="provideCertificate" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="provideFullMandatorData" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="useUTC" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="useCondition" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="conditionLength" type="xsd:integer" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OA_PVP2">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="metadataURL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="certificate" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="GeneralConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TimeOuts">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="Assertion" type="xsd:integer" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="MOASessionCreated" type="xsd:integer" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="MOASessionUpdated" type="xsd:integer" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="AlternativeSourceID" type="xsd:string"/>
+ <xsd:element name="CertStoreDirectory" type="xsd:anyURI"/>
+ <xsd:element name="TrustManagerRevocationChecking" type="xsd:boolean"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>
diff --git a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml
new file mode 100644
index 000000000..d7ec8c625
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd
+http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <persistence-unit name="##generated">
+ <class>at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore</class>
+ <class>at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore</class>
+ <class>at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore</class>
+ <class>at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore</class>
+ </persistence-unit>
+</persistence>