From 6b6c98ae7af48c15e86b189e0db9e39bc1d14edb Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 5 Mar 2015 12:31:17 +0100 Subject: null safe assignment --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fd7c7f237..c638c6324 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.BooleanUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -1729,7 +1730,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { boolean globallyMandatory = false; for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = currentGlobalAttribute.isMandatory(); + globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.isMandatory()); break; } -- cgit v1.2.3 From 8d60f92b63ae39c6e9d308938004f77c29078215 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 17 Mar 2015 08:44:18 +0100 Subject: Added mapping AT => Other Countries, request from Thomas K. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit > · „Other Countries“ (dabei handelt es sich um den > Österreichischen Fall, bei dem MOCCA die Signatur mit ausländischen > Karten durchführt) --- .../src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index db8b4dd80..5223a181d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -149,7 +149,9 @@ public interface MOAIDAuthConstants { Collections.unmodifiableMap(new HashMap() { private static final long serialVersionUID = 1L; { + put("AT", "Other Countries");//"Workaround for PEPS Simulator" put("BE", "België/Belgique"); + //put("CH", "Schweiz"); put("EE", "Eesti"); put("ES", "España"); put("FI", "Suomi"); -- cgit v1.2.3 From 8eaab8fd3ec73e4ecbf3c24e9061a83419f6395e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 23 Mar 2015 16:25:46 +0100 Subject: and new EU TSL signing certificates --- .../trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt | 41 +++++++++++++++++++++ .../(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt | 42 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt create mode 100644 spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt diff --git a/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt new file mode 100644 index 000000000..5c07bd9b7 --- /dev/null +++ b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHSDCCBTCgAwIBAgIQHaaUHzn5vENUk+T/aHIefTANBgkqhkiG9w0BAQsFADAx +MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDzANBgNVBAMMBklTQSBD +QTAeFw0xNDEyMTkwODQyMzlaFw0xODEyMTkwODQyMzlaMEwxCzAJBgNVBAYTAkJF +MRwwGgYDVQQKDBNFVVJPUEVBTiBDT01NSVNTSU9OMR8wHQYDVQQDDBYoU0lHTikg +QUdOSUVTWktBIEJBSk5PMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +og6nQQcoPlHOrwXYDD+wj38lwn1zbalTTJL7yW3N7OgO9/eSCIY5nGgfnslapC36 +vSO9RbSxW3cV4CJCf2nGZdsZHxNJpf4IG4CEsByui30UGFANtBPlFj/r5avf0OrD +GKTI2H/6sN2swgs43grcRFQ5yt/ZPhOIgjXjzK4s36IFMBG1GGRQUSDJo+uv3cbu +BcNjdFro3Zmm9TypDv194f1NwXRbFOon1WtaIsJNKzw4+MKCAyD9BBVATQxGLYeC +T2tZt3DFbSSXZbBfSnfwGe7eMc99S12Hr/MwAPJhUwZZpienadVNlMNWxwutxcDO +5HrmOdtxv8Vh9MKlAwvN4QIDAQABo4IDPzCCAzswWwYDVR0RBFQwUoEcQUdOSUVT +WktBLkJBSk5PQEVDLkVVUk9QQS5FVaQyMDAxFDASBgkrBgEEAaxmAQIMBUJBSk5P +MRgwFgYJKwYBBAGsZgEBDAlBR05JRVNaS0EwCQYDVR0TBAIwADAOBgNVHQ8BAf8E +BAMCBkAwHQYDVR0OBBYEFIe8EqP5sxbiNrSKwgNC00FsSfkjMB8GA1UdIwQYMBaA +FEft+GPwma9e/n4OXFjL/uI1N6a9MIHgBgNVHSAEgdgwgdUwgcgGCisGAQQBrGYD +BAEwgbkwKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3Mv +MIGLBggrBgEFBQcCAjB/DH1RdWFsaWZpZWQgY2VydGlmaWNhdGUuIFVuZGVyIHRo +ZSB1c2FnZSBjb25kaXRpb25zIGFzc2VydGVkIGluIHRoZSBGTk1ULVJDTSBDUFMg +KDEwNiwgSm9yZ2UgSnVhbiBzdHJlZXQsMjgwMDksIE1hZHJpZCwgU3BhaW4pLjAI +BgYEAIswAQEwgYYGCCsGAQUFBwEBBHoweDBBBggrBgEFBQcwAYY1aHR0cDovL29j +c3BJU0FjYS5jZXJ0LmZubXQuZXMvb2NzcElTQWNhL09jc3BSZXNwb25kZXIwMwYI +KwYBBQUHMAKGJ2h0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NlcnRzL0lTQUNBLmNy +dDBGBggrBgEFBQcBAwQ6MDgwCAYGBACORgEBMAsGBgQAjkYBAwIBDzAVBgYEAI5G +AQIwCxMDRVVSAgECAgECMAgGBgQAjkYBBDCBzAYDVR0fBIHEMIHBMIG+oIG7oIG4 +hoGIbGRhcDovL2xkYXBJU0FjYS5jZXJ0LmZubXQuZXMvQ049Q1JMMSxjbj1JU0El +MjBDQSxvPUZOTVQtUkNNLEM9RVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDti +aW5hcnk/YmFzZT9vYmplY3RjbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIYraHR0 +cDovL3d3dy5jZXJ0LmZubXQuZXMvY3Jsc19JU0FjYS9DUkwxLmNybDANBgkqhkiG +9w0BAQsFAAOCAgEAd2CyyRljkbR+hxMwnjwzNE9q6nw29uLWx4c/kWfWGNxyjO/m +bE2KhgXfUm7e441Ih87PX1p8jpTeOhtfvL8CxmsqyDg56GBNq5NprbagpmKHiNCP +77baZiLMFfEvc915ktLlYQEH+wIe5i0gMPmRWjA2urB/M+fXwLgqQdOEe4e0NSLr +7YJqHeL1sWQsS4r1zK8ZGv1uJ0v+vAmYXwFtaYYht/c9X+QtVxYaflDcBVnPBxj3 +xUG7vQHe7g5/RPX4vvzAZNV9d5IBk+sCX05dRfRqsym4qw1sw4j0W2nxAfQwk3bf +W6NP5SgOHfC9sh2LrC3F/wlvePY8piTXFUkRzlsEb8zWM2vfz3QRNgGbxCz3DY3k +FavdEL/gnNHOg5Q4tn2TVV7YfXLEgu7zN+IqBOdlAtbJXEu60FiF9Cs35IGqwWlb +eOK8QvogFYDxlgIPrs3ijEA1WHyY+GH1mofSA7u30wEvooCzohFf4DBv06I4q9aC +NBnTo4yki1yFhBm71r60hlAas6aK6TZ+NUoFWwPypMP617SlHdy8QlFx1s3V+rIt +2hxUUGddid/FXDKtuUCRqKqx6x8J8bI7DecZsCS7ijPCApjJ84HB8UASRzdGtEwc +97hvnAqXjpCS/tHAVcVvmP3isNDu4WtV2LQfL/TIY8zMxUebv/E5JyB3KAw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt new file mode 100644 index 000000000..0264c9a80 --- /dev/null +++ b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHYDCCBUigAwIBAgIQLc4fd1CtIihUFtlELwMLDDANBgkqhkiG9w0BAQsFADAx +MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDzANBgNVBAMMBklTQSBD +QTAeFw0xNDA5MTUxMjE5MTVaFw0xODA5MTUxMjE5MTVaMFQxCzAJBgNVBAYTAkJF +MRwwGgYDVQQKDBNFVVJPUEVBTiBDT01NSVNTSU9OMScwJQYDVQQDDB4oU0lHTikg +Sk9MQU5EQSBWQU4gRUlKTkRUSE9WRU4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC0sin8VvNtcuOnUuGDWtXjZlTx5SoZzJiDG4/6bOt3geyPIvqHzci8 +HSlIJB1YqjNimGltI6BlHelR/skf8rEguEYn/Ijgio2/89b82rsFM1R+ehsjkLMv +uu+Kj7UunhRCdLAHgnOhmPwIDe3dIxY4Jw0rBdjtyEwV7cNDedOC4lE9iuJ71zls +pHMedtLfLdwIF0ay/r5Bx1vaiapmzxjDIcArsQlHNmNpK3ysHW+poAhzN8Tj9Vow +jhTDSw/FTBNbQASzuK0L2IWD0PXrsZSO+yW86Dx0kAN1qSmWxdwZ0PAX+n39mL2G +GuG8StIrpvLMZDGgN6G52msz2grnIAulAgMBAAGjggNPMIIDSzBrBgNVHREEZDBi +gSRKT0xBTkRBLlZBTi1FSUpORFRIT1ZFTkBFQy5FVVJPUEEuRVWkOjA4MR4wHAYJ +KwYBBAGsZgECDA9WQU4gRUlKTkRUSE9WRU4xFjAUBgkrBgEEAaxmAQEMB0pPTEFO +REEwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFIz+jZkpky2x +CorjhNpu1m1pDZ76MB8GA1UdIwQYMBaAFEft+GPwma9e/n4OXFjL/uI1N6a9MIHg +BgNVHSAEgdgwgdUwgcgGCisGAQQBrGYDBAEwgbkwKQYIKwYBBQUHAgEWHWh0dHA6 +Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMIGLBggrBgEFBQcCAjB/DH1RdWFsaWZp +ZWQgY2VydGlmaWNhdGUuIFVuZGVyIHRoZSB1c2FnZSBjb25kaXRpb25zIGFzc2Vy +dGVkIGluIHRoZSBGTk1ULVJDTSBDUFMgKDEwNiwgSm9yZ2UgSnVhbiBzdHJlZXQs +MjgwMDksIE1hZHJpZCwgU3BhaW4pLjAIBgYEAIswAQEwgYYGCCsGAQUFBwEBBHow +eDBBBggrBgEFBQcwAYY1aHR0cDovL29jc3BJU0FjYS5jZXJ0LmZubXQuZXMvb2Nz +cElTQWNhL09jc3BSZXNwb25kZXIwMwYIKwYBBQUHMAKGJ2h0dHA6Ly93d3cuY2Vy +dC5mbm10LmVzL2NlcnRzL0lTQUNBLmNydDBGBggrBgEFBQcBAwQ6MDgwCAYGBACO +RgEBMAsGBgQAjkYBAwIBDzAVBgYEAI5GAQIwCxMDRVVSAgECAgECMAgGBgQAjkYB +BDCBzAYDVR0fBIHEMIHBMIG+oIG7oIG4hoGIbGRhcDovL2xkYXBJU0FjYS5jZXJ0 +LmZubXQuZXMvQ049Q1JMNixjbj1JU0ElMjBDQSxvPUZOTVQtUkNNLEM9RVM/Y2Vy +dGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RjbGFzcz1j +UkxEaXN0cmlidXRpb25Qb2ludIYraHR0cDovL3d3dy5jZXJ0LmZubXQuZXMvY3Js +c19JU0FjYS9DUkw2LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAYnVYxWe3b57eq6qG +lVE9f7tiEPUGqmKm2cXlRLY50Hat4O/dVDv9teyNd/fvcaK4UHdhRaF+EhOoDsm9 +RTKrkc4VzWIUA8xbgJL8NlJd1OdVgdIk0kuI7QvQQ/x4c9PTyk0ucBw5MNWyr97U +O68rOBNiF+tS2mrOMJqjQS6vX7tf/HOvyPg9dLY/+KiiuijnAFS9+DPJNWQh8Ukv +SEqgBkydy0pDFLLOREFHiBY7cOflfjoQm+tKxsPt8Mw/z/p5OLeg8cMyVprtVZ2L +ohgkJP/Do0SB1lgenlVWAY7f/7swSgn4y6yd99hB74MKDgREqpBVIn5syrgpfZFK +yYeLZ9/q7FHDdr3TVXLSdcJlIa5+5D8iprdw70vstU9p3mMPXCZNvBFSmVeGNDVm +2jszt7oD254nj5dm/8tXdXqeq4MEi1wHRposKRc6pPtAPFRTcIzRLQ8BRKTEkA6s +UbeshjyIIA0942/zEFRO/H+cEMTqz1ZuCHoS3mwM6qjh0cEsZ0tmUpHzrNltR5WP +o0IKiqqaDxdxN/9OuTId+P5zLRdwsVSduvUm+5krW8Pxn2pkyTg16NN2wLQ7p/Xn +sEPwBVV2lEUJt8n0obHVYZvBZSUchbcpLQaQxMbIG5dpzFXXBYgXSUMhuf3Seoau +oMhXPm9N2UyFJ5fwcoXHZPNI1Uw= +-----END CERTIFICATE----- \ No newline at end of file -- cgit v1.2.3 From 1bb5a7e0db70fb95343436155571f2037372c352 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 23 Mar 2015 13:41:33 +0100 Subject: made logging system more robust --- common/src/main/java/at/gv/egovernment/moa/logging/Logger.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java index 6999656ab..265ad026d 100644 --- a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java +++ b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java @@ -58,7 +58,14 @@ public class Logger { * @return the logger */ private static synchronized org.slf4j.Logger getLogger() { - String className = Thread.currentThread().getStackTrace()[3].getClassName(); + StackTraceElement[] stacktrace = Thread.currentThread().getStackTrace(); + + int i; + for(i = 2; i < stacktrace.length; i++) + if(!stacktrace[i].getClassName().equals(Logger.class.getName())) + break; + + String className = stacktrace[i].getClassName(); org.slf4j.Logger logger = instances.get(className); if (logger != null) { -- cgit v1.2.3 From 443787eddd778e5388cba643413531981edc50ed Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 23 Mar 2015 13:42:33 +0100 Subject: error message when a keygroup is not found --- .../moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index d1281c1f1..6a85415f8 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -145,7 +145,12 @@ public class XMLSignatureCreationProfileFactory { // get the key group id String keyGroupID = request.getKeyIdentifier(); // get digest method on key group level (if configured) - String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + KeyGroup keygroup = config.getKeyGroup(keyGroupID); + if(null == keygroup) { + Logger.error("Could not find key group '" + keyGroupID + "'"); + throw new MOAApplicationException("2231", null); + } + String configDigestMethodKG = keygroup.getDigestMethodAlgorithm(); // get default digest method (if configured) String configDigestMethod = config.getDigestMethodAlgorithmName(); -- cgit v1.2.3 From e98bdf2b39ecb9100e64c8077752ed7c4ed883b3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 24 Mar 2015 12:18:49 +0100 Subject: escaped attribute values for saml1 responses --- .../gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index ea1526ff0..3809ec4bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -39,6 +39,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.stream.StreamSource; import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -286,6 +287,12 @@ public class STORKResponseProcessor { Object attributeValue = attribute.getValue(); if (null == attributeValue) attributeValue = attribute.getComplexValue(); + + // escape attributeValue + attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString()); + // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry! + attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1); + ExtendedSAMLAttribute extendedSAMLAttribute = new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); -- cgit v1.2.3 From e1c2c42aabf3b1207547dd40b91dc93921303c4a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 7 Apr 2015 10:19:21 +0200 Subject: add configuration property to deactivate PVP metadata schema validation --- .../moa/id/configuration/config/ConfigurationProvider.java | 5 +++++ .../configuration/validation/oa/OAPVP2ConfigValidation.java | 11 ++++++++++- .../conf/moa-id-configuration/moa-id-configtool.properties | 2 ++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e6000319e..8ac7b40d4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -462,6 +462,11 @@ public class ConfigurationProvider { } + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + private void initalPVP2Login() throws ConfigurationException { try { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 8e1dd6e64..ba77b601b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -133,7 +133,16 @@ public class OAPVP2ConfigValidation { List filterList = new ArrayList(); filterList.add(new MetaDataVerificationFilter(credential)); - filterList.add(new SchemaValidationFilter()); + + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + MetadataFilterChain filter = new MetadataFilterChain(); filter.setFilters(filterList); diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties index 7c71fadcb..b10913d69 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties +++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties @@ -15,6 +15,8 @@ general.ssl.truststore=certs/truststore general.moaconfig.key=ConfigurationEncryptionKey +general.pvp.schemavalidation=true + ##Mail general.mail.host=smtp.localhost... #general.mail.host.port= -- cgit v1.2.3 From 8400b9d9734f45d53ac722e85e04c599fdccfe0d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Apr 2015 12:41:11 +0200 Subject: fix wrong PVP attribute friendly names --- .../java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 1f3e86ff6..168f2362a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -237,12 +237,12 @@ public interface PVPConstants { public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86"; public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID; - public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID"; + public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID"; public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256; public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88"; public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID; - public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION"; + public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION"; public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024; public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90"; -- cgit v1.2.3 From 70aa50b21c2e9ef9318ed72ae90a67d984db33a7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:57:02 +0200 Subject: fix possible NullPointerException if no OA is found --- .../moa/id/configuration/struts/action/BasicOAAction.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 26d97484b..82390c49c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -291,13 +291,17 @@ public class BasicOAAction extends BasicAction { } else { - if (oaid == -1) { + if (oaid == -1) { List oaList = ConfigurationDBRead.getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; + + if (oaList != null) { + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + onlineapplication = el; + } } + if (onlineapplication == null) { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); -- cgit v1.2.3 From 1b019f2d114b158676b8fa4acc0e2f1c06beeac2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:57:59 +0200 Subject: fix problem with Authenticated sessions --- .../configuration/filter/AuthenticationFilter.java | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index d13696d51..8ddeb9ebc 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -134,21 +134,20 @@ public class AuthenticationFilter implements Filter{ log.trace("Request URL: " + requestURL); - AuthenticationManager authManager = AuthenticationManager.getInstance(); - if (!authManager.isActiveUser(authuser)) { - //user is not active anymore. Invalidate session and reauthenticate user - String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); - session.invalidate(); - authuser = null; + AuthenticationManager authManager = AuthenticationManager.getInstance(); + if (!authManager.isActiveUser(authuser) && !this.isExcluded(requestURL)) { + if (!this.isExcluded(requestURL)) { + //user is not active anymore. Invalidate session and reauthenticate user + String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.invalidate(); + authuser = null; - //TODO: set infotext - - session = httpServletRequest.getSession(true); - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID); - } - - if (authuser == null && !this.isExcluded(requestURL)) { + //TODO: set infotext + session = httpServletRequest.getSession(true); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID); + } + if (config.isLoginDeaktivated()) { //add dummy Daten log.warn("Authentication is deaktivated. Dummy authentication-information are used!"); @@ -178,6 +177,7 @@ public class AuthenticationFilter implements Filter{ } } else { + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); -- cgit v1.2.3 From a6189a32a78d2b3ed096356f6b7e0049c8870b21 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:59:25 +0200 Subject: update error handling in PVP metadata verification filter implemetations --- .../auth/pvp2/MetaDataVerificationFilter.java | 12 +++-- .../validation/oa/OAPVP2ConfigValidation.java | 31 +++++++++--- .../resources/applicationResources_de.properties | 4 +- .../resources/applicationResources_en.properties | 4 +- .../filter/SchemaValidationException.java | 43 ++++++++++++++++ .../filter/SignatureValidationException.java | 58 ++++++++++++++++++++++ .../pvp2x/metadata/MOAMetadataProvider.java | 14 +++++- .../metadata/MetadataSignatureFilter.java | 5 +- .../metadata/SchemaValidationFilter.java | 7 ++- 9 files changed, 155 insertions(+), 23 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 7bf2cf93f..104ea51f5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; public class MetaDataVerificationFilter implements MetadataFilter { @@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter { } - public void doFilter(XMLObject metadata) throws FilterException { + public void doFilter(XMLObject metadata) throws SignatureValidationException { + if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if(entitiesDescriptor.getSignature() == null) { - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed"); } try { processEntitiesDescriptor(entitiesDescriptor); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); } } if (metadata instanceof EntityDescriptor) { @@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter { EntityVerifier.verify(entity, this.credential); else - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed", null); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index ba77b601b..37a170267 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; @@ -181,15 +183,28 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { - - //TODO: check exception handling - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); } } finally { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 072f44981..c888a2d77 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -487,7 +487,9 @@ validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00F validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. -validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.metadata.verify.sig=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.metadata.verify.schema=Die Schema-Validierung der Metadaten ist fehlgeschlagen. +validation.pvp2.metadata.verify.general=Bei der Validierung der Metadaten ist ein allgemeiner Fehler aufgetreten. validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index b717377e0..43dcfeac8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -485,7 +485,9 @@ validation.stork.ap.attributes.valid=Invalid attribute configuration for Attribu validation.pvp2.metadataurl.empty=There is no metadata URL provided. validation.pvp2.metadataurl.valid=The metadata URL has invalid URL format . validation.pvp2.metadataurl.read=No information could be found under provided URL. -validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate. +validation.pvp2.metadata.verify.sig=The metadata could not be verified with the provided certificate. +validation.pvp2.metadata.verify.schema=Metadata schema validation FAILED. +validation.pvp2.metadata.verify.general=Metadata validation has an generic error. validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format. validation.pvp2.certificate.notfound=There is no PVP2 inserted. validation.pvp2.metadata.ssl=The SSL server certificate is not trusted. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java new file mode 100644 index 000000000..8da5edeed --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java @@ -0,0 +1,43 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SchemaValidationException extends FilterException { + + /** + * @param string + */ + public SchemaValidationException(String string) { + super(string); + + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java new file mode 100644 index 000000000..86a6a777b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SignatureValidationException extends FilterException { + + /** + * @param string + */ + public SignatureValidationException(String string) { + super(string); + + } + + /** + * @param e + */ + public SignatureValidationException(Exception e) { + super(e); + } + + /** + * @param string + * @param object + */ + public SignatureValidationException(String string, Exception e) { + super(string, e); + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 12afa14bc..d493ef9e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -55,6 +55,8 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; @@ -380,10 +382,18 @@ public class MOAMetadataProvider implements MetadataProvider { return httpProvider; - } catch (Throwable e) { + } catch (Throwable e) { if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { Logger.warn("SSL-Server certificate for metadata " - + metadataURL + " not trusted.", e); + + metadataURL + " not trusted.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + Logger.warn("Signature verification for metadata" + + metadataURL + " FAILED.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + Logger.warn("Schema validation for metadata " + + metadataURL + " FAILED.", e); } Logger.error( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index 0405fa114..6dac4bba1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; import at.gv.egovernment.moa.logging.Logger; @@ -126,7 +127,7 @@ public class MetadataSignatureFilter implements MetadataFilter { desc.getEntityDescriptors().addAll(verifiedEntIT); } - public void doFilter(XMLObject metadata) throws FilterException { + public void doFilter(XMLObject metadata) throws SignatureValidationException { try { if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; @@ -155,7 +156,7 @@ public class MetadataSignatureFilter implements MetadataFilter { Logger.info("Metadata signature policy check done OK"); } catch (MOAIDException e) { Logger.warn("Metadata signature policy check FAILED.", e); - throw new FilterException(e); + throw new SignatureValidationException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index 382adb108..f73b541bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -22,8 +22,6 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; -import java.io.IOException; - import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; @@ -38,6 +36,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; /** @@ -69,7 +68,7 @@ public class SchemaValidationFilter implements MetadataFilter { * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) */ @Override - public void doFilter(XMLObject arg0) throws FilterException { + public void doFilter(XMLObject arg0) throws SchemaValidationException { String errString = null; @@ -100,7 +99,7 @@ public class SchemaValidationFilter implements MetadataFilter { } - throw new FilterException("Metadata Schema validation FAILED with message: "+ errString); + throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString); } else Logger.info("Metadata Schema validation check is DEACTIVATED!"); -- cgit v1.2.3 From 945c4d28535724f0a54d220f9eb0ebd25b8227c4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 14 Apr 2015 13:58:27 +0200 Subject: respect multi-part stork responses --- ...onnectorHandleResponseWithoutSignatureTask.java | 18 +++++++++++------ .../modules/stork/tasks/PepsConnectorTask.java | 23 ++++++++++++++-------- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 3338804b4..e2c3880ac 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -136,7 +136,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep try { // validate SAML Token Logger.debug("Starting validation of SAML response"); - authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); + authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost()); Logger.info("SAML response succesfully verified!"); } catch (STORKSAMLEngineException e) { Logger.error("Failed to verify STORK SAML Response", e); @@ -211,10 +211,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - // //////////// incorporate gender from parameters if not in stork response - IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); + // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled + // with ALL attributes when there is more than one assertion in the SAML2 STORK message. + IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList(); + + // if the list is empty, there was just one assertion... probably + if(attributeList.isEmpty()) + attributeList = authnResponse.getPersonalAttributeList(); + // //////////// incorporate gender from parameters if not in stork response // but first, check if we have a representation case if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) @@ -233,7 +239,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep tmp.add(gendervalue); gender.setValue(tmp); - authnResponse.getPersonalAttributeList().add(gender); + attributeList.add(gender); } } } @@ -246,7 +252,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // extract signed doc element and citizen signature String citizenSignature = null; try { - PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc"); + PersonalAttribute signedDoc = attributeList.get("signedDoc"); String signatureInfo = null; // FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem... if (signedDoc != null) { @@ -259,7 +265,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // store authnResponse // moaSession.setAuthnResponse(authnResponse);//not serializable - moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList()); + moaSession.setAuthnResponseGetPersonalAttributeList(attributeList); String authnContextClassRef = null; try { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 6e0bd19ff..9df0ff37b 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -162,7 +162,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { try { // validate SAML Token Logger.debug("Starting validation of SAML response"); - authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); + authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost()); Logger.info("SAML response succesfully verified!"); } catch (STORKSAMLEngineException e) { Logger.error("Failed to verify STORK SAML Response", e); @@ -297,9 +297,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - // //////////// incorporate gender from parameters if not in stork response - IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); + // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled + // with ALL attributes when there is more than one assertion in the SAML2 STORK message. + IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList(); + + // if the list is empty, there was just one assertion... probably + if(attributeList.isEmpty()) + attributeList = authnResponse.getPersonalAttributeList(); + + // //////////// incorporate gender from parameters if not in stork response // but first, check if we have a representation case if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) @@ -320,7 +327,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { tmp.add(gendervalue); gender.setValue(tmp); - authnResponse.getPersonalAttributeList().add(gender); + attributeList.add(gender); } } } @@ -336,15 +343,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // extract signed doc element and citizen signature try { - if (authnResponse.getPersonalAttributeList().get("signedDoc") == null - || authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null - || authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) { + if (attributeList.get("signedDoc") == null + || attributeList.get("signedDoc").getValue() == null + || attributeList.get("signedDoc").getValue().get(0) == null) { Logger.info("STORK Response include NO signedDoc attribute!"); throw new STORKException("STORK Response include NO signedDoc attribute."); } - String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + String signatureInfo = attributeList.get("signedDoc").getValue().get(0); Logger.debug("signatureInfo:" + signatureInfo); -- cgit v1.2.3 From bd491504c9b77941cdc9a210856142472473d610 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 16 Apr 2015 13:19:59 +0200 Subject: update TrustStore and CertStore with A-Trust-Test-xxx-05 certificates --- ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++ ...remium-Enc-05.20141215-20141209.SerNo165fb7.crt | 36 ++++++++++++++++++++++ ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++ ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++ ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++ ...remium-Enc-05.20141215-20141209.SerNo165fb7.crt | 36 ++++++++++++++++++++++ ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++ ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++ ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++ 9 files changed, 318 insertions(+) create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt new file mode 100644 index 000000000..9ea6d0c1c --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri +jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq +/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss +6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL +7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr +23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z +/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww +tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B +kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0 +ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV +Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV +KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO +GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu +L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b +GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K +nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a +0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex +htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB +j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS +/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV ++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV +sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42 +cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS +UBU+/OTtSQGrLe+kMKP6uBO/cMhv +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt new file mode 100644 index 000000000..9ea6d0c1c --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri +jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq +/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss +6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL +7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr +23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z +/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww +tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B +kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0 +ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV +Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV +KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO +GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu +L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b +GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K +nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a +0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex +htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB +j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS +/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV ++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV +sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42 +cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS +UBU+/OTtSQGrLe+kMKP6uBO/cMhv +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- -- cgit v1.2.3 From d28e5b6e0d0793558f3328c5a420c17bdd606104 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 16 Apr 2015 13:48:50 +0200 Subject: update library versions --- common/pom.xml | 12 ++--- id/ConfigWebTool/pom.xml | 3 -- id/oa/pom.xml | 2 - id/server/idserverlib/pom.xml | 12 ++++- id/server/moa-id-commons/pom.xml | 9 ++-- id/server/stork2-commons/pom.xml | 3 +- id/server/stork2-saml-engine/pom.xml | 5 -- pom.xml | 89 +++++++++++++++++++++++++++++++----- 8 files changed, 96 insertions(+), 39 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index 72cf702bc..8f18a1b92 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -67,28 +67,24 @@ joda-time joda-time - 2.7 + ${jodatime.version} org.slf4j slf4j-api - 1.7.10 org.slf4j jcl-over-slf4j - 1.7.10 org.slf4j jul-to-slf4j - 1.7.10 - org.slf4j - slf4j-log4j12 - 1.7.10 - + org.slf4j + slf4j-log4j12 + log4j log4j diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 827254d00..423d442d0 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -83,7 +83,6 @@ at.gv.util egovutils - 2.0.0 org.apache.cxf @@ -159,12 +158,10 @@ org.apache.struts struts2-core - 2.3.20 org.apache.struts struts2-json-plugin - 2.3.20 diff --git a/id/oa/pom.xml b/id/oa/pom.xml index c97db6db2..173019c1b 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -110,12 +110,10 @@ org.slf4j slf4j-api - 1.7.6 org.slf4j slf4j-log4j12 - 1.7.6 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index dbfc19b68..9465b56d1 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -113,8 +113,6 @@ at.gv.util egovutils - - 2.0.0 com.sun @@ -142,6 +140,16 @@ + + + org.apache.cxf + cxf-rt-frontend-jaxws + + + org.apache.cxf + cxf-rt-transports-http + + javax.xml.bind diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index c504a7f0c..27beeaaf3 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -46,23 +46,22 @@ org.hibernate hibernate-core - 4.3.8.Final + ${hibernate.version} org.hibernate hibernate-c3p0 - 4.3.8.Final + ${hibernate.version} org.hibernate hibernate-entitymanager - 4.3.8.Final + ${hibernate.version} org.apache.commons commons-lang3 - 3.3.2 commons-httpclient @@ -122,7 +121,7 @@ mysql mysql-connector-java - 5.1.34 + ${mysql-connector.java} diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml index 81f2cf4e5..1a8dfd786 100644 --- a/id/server/stork2-commons/pom.xml +++ b/id/server/stork2-commons/pom.xml @@ -34,7 +34,7 @@ joda-time joda-time - 2.3 + ${jodatime.version} @@ -113,7 +113,6 @@ junit junit - 4.11 test diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index e5d3dc1f4..36df747e4 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -96,7 +96,6 @@ org.slf4j slf4j-api - 1.7.10 - 2.0.3-SNAPSHOT - 2.2.1-SNAPSHOT - 2.0.1-SNAPSHOT - 2.0.5-SNAPSHOT - 1.1.6-SNAPSHOT - 2.0.4-SNAPSHOT + + 2.0.3 + 2.2.1 + 2.0.1-SNAPSHOT + 2.0.5 + 1.1.6 + 2.0.4 - 4.1.5.RELEASE - 2.18.1 - + + 4.1.6.RELEASE + 2.18.1 + 2.6.5 + 1.4.5 + 3.0.4 + 2.3.20 + 2.0.0 + 1.7.12 + 4.3.8.Final + 5.1.35 + 4.11 + 2.4 + 3.4 + 4.0 + 2.7 + @@ -232,15 +247,65 @@ org.opensaml opensaml - 2.6.5 + ${opensaml.version} org.opensaml xmltooling - 1.4.5 + ${xmltooling.version} + + org.apache.cxf + cxf-rt-frontend-jaxws + ${cxf.version} + + + org.apache.cxf + cxf-rt-transports-http + ${cxf.version} + + + + + org.apache.struts + struts2-core + ${struts.version} + + + org.apache.struts + struts2-json-plugin + ${struts.version} + + + + at.gv.util + egovutils + ${egovutils.version} + + + org.slf4j + slf4j-api + ${slf4j.version} + + + org.slf4j + jcl-over-slf4j + ${slf4j.version} + + + org.slf4j + jul-to-slf4j + ${slf4j.version} + + + org.slf4j + slf4j-log4j12 + ${slf4j.version} + + + axis axis @@ -307,7 +372,7 @@ org.apache.httpcomponents httpclient - 4.4 + 4.4.1 dav4j -- cgit v1.2.3 From f573c30e5b7e3f029baf96a287f7f14fdeb19012 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 16 Apr 2015 13:49:58 +0200 Subject: update pom --- id/server/pom.xml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/id/server/pom.xml b/id/server/pom.xml index 9d34cce78..2341552cc 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -14,10 +14,6 @@ MOA ID Server - 4.11 - 2.4 - 3.3.2 - 4.0 ${basedir}/../../repository -- cgit v1.2.3 From 72903418d83b984c8d2c9bb0b55d7cde0f19227a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 16 Apr 2015 13:50:41 +0200 Subject: update handbook and history add readme_2.2.1.txt --- id/history.txt | 20 ++ id/readme_2.2.1.txt | 451 ++++++++++++++++++++++++++++++ id/server/doc/handbook/config/config.html | 6 + 3 files changed, 477 insertions(+) create mode 100644 id/readme_2.2.1.txt diff --git a/id/history.txt b/id/history.txt index 837d1a883..1ba311273 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,6 +1,26 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf. +Version MOA-ID Release 2.2.1: Änderungen seit Version MOA-ID 2.2.0 +- Änderungen + - Anpassung VIDP Code für STORK + - Update des TrustStore und des Certstore + > A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt + > a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt + > a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt + - Kleinere Bug-Fixes + - Libraries aktualisiert: + > mysql:mysql-connector-java 5.1.35 + > org.slf4j:jcl-over-slf4j 1.7.12 + > org.slf4j:jul-to-slf4j 1.7.12 + > org.slf4j:slf4j-api 1.7.12 + > org.slf4j:slf4j-log4j12 1.7.12 + > apache:cxf 3.0.4 + > org.springframework 4.1.6.RELEASE + > org.apache.commons.lang3 3.4 + + +------------------------------------------------------------------------------- Version MOA-ID Release 2.2.0: Änderungen seit Version MOA-ID 2.1.2 - Neuerungen: - Überarbeitung der Prozessbeschreibung für Authentifizierungsprozesse diff --git a/id/readme_2.2.1.txt b/id/readme_2.2.1.txt new file mode 100644 index 000000000..123b51513 --- /dev/null +++ b/id/readme_2.2.1.txt @@ -0,0 +1,451 @@ +=============================================================================== +MOA ID Version Release 2.2.1 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 2.2.1 wurden folgende Neuerungen und Änderungen eingeführt, +die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch +history.txt im gleichen Verzeichnis): + +- Änderungen + - Anpassung VIDP Code für STORK + - Update von TrustStore und CertSTore + - Kleinere Bug-Fixes + - Update von Libraries + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +............................................................................... +B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Kopieren der folgenden Dateien: + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei bevor Sie diese durch die neue Version ersetzen. + a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml + b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml + +9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks + (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. + Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell + verwendeten KeyStore ab. + +10. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und + moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth + und das komplette Verzeichnis moa-id-configuration. + +4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Kopieren der folgenden Dateien + a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> + CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. + +9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks + (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. + Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell + verwendeten KeyStore ab. + +10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + +4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der + MOA-ID-Configuration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + a.) general.moaconfig.key=..... (Passwort zum Ver- und + Entschlüsseln von Konfigurationsparametern in der Datenbank) + +9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + a.) configuration.moaconfig.key=..... (Passwort zum Ver- und + Entschlüsseln von Konfigurationsparametern in der Datenbank) + +10. Kopieren der folgenden Dateien + a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> + CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html + Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der + Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. + +11. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0 +............................................................................... + 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update der STORK Konfiguration + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork + in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. + b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> + 2.4 Konfiguration des SamlEngines an. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei + CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + a.) general.ssl.certstore=certs/certstore + b.) general.ssl.truststore=certs/truststore + +8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs + nach CATALINA_HOME\conf\moa-id-configuration\ + +9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei + CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar. + a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion + protocols.pvp2.idp.ks.assertion.encryption.keypassword=password + +10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/ + nach CATALINA_HOME\conf\moa-id\ + a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\ + b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> + CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html + +11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen + zwei Varianten zur Verfügung. + a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth + CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile + moasession.hibernate.hbm2ddl.auto=update + zu + moasession.hibernate.hbm2ddl.auto=create + Danach werden die Tabellen beim nächsten Startvorgang neu generiert. + + b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson + Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert. + +12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1 +............................................................................... + +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + Für MOA ID Proxy: + Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als + auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Update des Cert-Stores. + Kopieren Sie den Inhalt des Verzeichnisses + MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis + CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie + vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann + bejahen sie das. + +7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen + wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile + beibehalten wollen, dann gehen Sie vor, wie in Punkt b). + + a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: + + 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. + 2) Kopieren Sie das Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis + CATALINA_HOME\conf\moa-spss. + + b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie + folgt vor, um die Profile auf den aktuellen Stand zu bringen: + + 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den + entsprechenden Profilen im Verzeichnis + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren + Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt + der einzelnen Profile aus der Distribution + (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden + Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) + kopieren und dabei die vorhandenen gleichnamigen Zertifikate + überschreiben), also z.B: Kopieren des Inhalts von + MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach + CATALINA_HOME\conf\moa-spss\trustProfiles\ + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. + +8. Update der Default html-Templates für die Bürgerkartenauswahl. + + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +9. Update der STORK Konfiguration + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork + in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. + b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> + 2.4 Konfiguration des SamlEngines an. + +10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei + CATALINA_HOME\conf\moa-id\moa-id.properties + + a.) configuration.validation.certificate.QC.ignore=false + b.) protocols.pvp2.assertion.encryption.active=false + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.6 Durchführung eines Updates von Version <= 1.5.1 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index f5292f76a..18be88951 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -227,6 +227,12 @@

Passwort zum Verschlüsseln von Konfigurationsteilen welche in der Datenbank abgelegt werden. Hierbei kann jede beliebige Zeichenfolge aus Buchstaben, Zahlen und Sonderzeichen verwendet werden.

Hinweis: Dieses Passwort muss identisch zu dem im Modul MOA-ID-Auth hinterlegten Passwort sein.

+ + general.pvp.schemavalidation + true / false +

Hiermit kann die Schemavalidierung für konfigurierte PVP Metadaten deaktiviert werden.

+ Hinweis: Standardmäßig ist die Schemavalidierung aktiv. + general.userrequests.cleanup.delay 18 -- cgit v1.2.3 From 9a41161d236612bc0c53e91473c21e94de2da5a8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 Apr 2015 11:12:27 +0200 Subject: update version to 2.2.1 --- id/server/doc/handbook/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html index 1f71d56e2..497120fec 100644 --- a/id/server/doc/handbook/index.html +++ b/id/server/doc/handbook/index.html @@ -29,7 +29,7 @@
-

Übersicht zur Dokumentation der Version 2.1.2

+

Übersicht zur Dokumentation der Version 2.2.1

Einführung
-- cgit v1.2.3 From feb8128c8b2586c42b7b79c438e7bc6dc54e504d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 Apr 2015 11:24:40 +0200 Subject: update versions to new snapshot --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index a87900e72..48179e394 100644 --- a/pom.xml +++ b/pom.xml @@ -22,12 +22,12 @@ --> - 2.0.3 - 2.2.1 + 2.0.4-Snapshot + 2.2.2-Snapshot 2.0.1-SNAPSHOT - 2.0.5 - 1.1.6 - 2.0.4 + 2.0.5-Snapshot + 1.1.7--Snapshot + 2.0.5-Snapshot 4.1.6.RELEASE -- cgit v1.2.3 From 8e7d186bcc4846d5052327905ca669c21959456f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Apr 2015 12:39:33 +0200 Subject: Revert "update versions to new snapshot" This reverts commit feb8128c8b2586c42b7b79c438e7bc6dc54e504d. --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 48179e394..a87900e72 100644 --- a/pom.xml +++ b/pom.xml @@ -22,12 +22,12 @@ --> - 2.0.4-Snapshot - 2.2.2-Snapshot + 2.0.3 + 2.2.1 2.0.1-SNAPSHOT - 2.0.5-Snapshot - 1.1.7--Snapshot - 2.0.5-Snapshot + 2.0.5 + 1.1.6 + 2.0.4 4.1.6.RELEASE -- cgit v1.2.3 From e449a5704e520ca00cbb0451e78f69c5bbd0144c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Apr 2015 13:45:24 +0200 Subject: first fix to solve problems with errorhandling and process managment --- .../id/auth/modules/TaskExecutionException.java | 57 ++++++++++++++++++++++ .../internal/tasks/CertificateReadRequestTask.java | 18 ++++--- .../internal/tasks/CreateIdentityLinkFormTask.java | 15 +++--- .../modules/internal/tasks/GetForeignIDTask.java | 11 +++-- .../internal/tasks/GetMISSessionIDTask.java | 14 +++--- .../tasks/PrepareAuthBlockSignatureTask.java | 6 ++- .../tasks/VerifyAuthenticationBlockTask.java | 20 +++++--- .../internal/tasks/VerifyCertificateTask.java | 21 ++++---- .../internal/tasks/VerifyIdentityLinkTask.java | 14 +++--- .../moa/id/auth/servlet/AuthServlet.java | 45 ++++++++++------- .../auth/servlet/ProcessEngineSignalServlet.java | 7 ++- .../moa/id/process/ProcessEngineImpl.java | 1 + .../at/gv/egovernment/moa/id/process/api/Task.java | 4 +- .../moa/id/process/springweb/MoaIdTask.java | 5 +- .../spring/test/task/CreateSAML1AssertionTask.java | 7 ++- .../spring/test/task/GetIdentityLinkTask.java | 6 ++- .../spring/test/task/SignAuthBlockTask.java | 7 ++- .../test/task/ValidateSignedAuthBlockTask.java | 3 +- 18 files changed, 181 insertions(+), 80 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java new file mode 100644 index 000000000..3e9f4cf14 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java @@ -0,0 +1,57 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules; + +import at.gv.egovernment.moa.id.process.ProcessExecutionException; + +/** + * @author tlenz + * + */ +public class TaskExecutionException extends ProcessExecutionException { + + private static final long serialVersionUID = 1L; + Throwable originalException = null; + + /** + * @param message + * @param cause + */ + public TaskExecutionException(String message, Throwable cause) { + super(message, cause); + originalException = cause; + + } + + /** + * Get the original internal exception from task + * + * @return the originalException + */ + public Throwable getOriginalException() { + return originalException; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index bc73a9f2f..ed3089a41 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -2,6 +2,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import java.io.IOException; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -16,6 +18,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -47,15 +50,12 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate" Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - setNoCachingHeaders(resp); - - String pendingRequestID = null; - + setNoCachingHeaders(resp); try { String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); @@ -65,8 +65,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12"); } - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); boolean useMandate = session.getUseMandate(); @@ -91,7 +89,11 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); + + } catch (IOException e) { + throw new TaskExecutionException(e.getMessage(), e); + } finally { ConfigurationDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 4cd1ea94e..ee6f0d5a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -60,9 +61,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { - String pendingRequestID = null; String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID))); AuthenticationSession moasession = null; try { @@ -72,9 +72,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { throw new MOAIDException("auth.18", new Object[] {}); } - try { - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); + try { moasession = AuthenticationSessionStoreage.getSession(moasessionid); AuthenticationSessionStoreage.changeSessionID(moasession); executionContext.remove(PARAM_SESSIONID); @@ -100,14 +98,17 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { } } catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); +// handleWrongParameters(ex, req, resp); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); +// handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("CreateIdentityLinkFormTask has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 4771628a3..6bf68e2eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -24,6 +24,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; @@ -66,7 +67,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { Logger.debug("POST GetForeignIDServlet"); @@ -76,9 +77,10 @@ public class GetForeignIDTask extends AbstractAuthServletTask { try { parameters = getParameters(req); - } catch (FileUploadException e) { + + } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); @@ -170,10 +172,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("GetForeignIDServlet has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index f08f96782..4ff5672bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -21,6 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -62,7 +63,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { Logger.debug("POST GetMISSessionIDServlet"); @@ -154,22 +155,23 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { Logger.debug("REDIRECT TO: " + redirectURL); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (PKIException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (SAXException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (ParserConfigurationException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { Logger.error("MISMandateValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index dcea3a1dd..3ae35bc24 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -12,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -45,7 +46,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet Logger.debug("Process IdentityLink"); @@ -88,10 +89,11 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { "VerifyIdentityLink"); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("IdentityLinkValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 1e1a4df89..64dcb0f41 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -77,7 +78,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet @@ -89,12 +90,13 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { try { parameters = getParameters(req); - } catch (FileUploadException e) + + } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } + String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); @@ -219,19 +221,21 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (GeneralSecurityException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (PKIException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (TransformerException e) { - handleError(null, e, req, resp, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { Logger.error("AuthBlockValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 32ea7fe3a..607641532 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -57,30 +58,26 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet Logger.debug("POST VerifyCertificateServlet"); - - String pendingRequestID = null; - + Map parameters; try { parameters = getParameters(req); - } catch (FileUploadException e) + } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - } + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); + } String sessionID = req.getParameter(PARAM_SESSIONID); // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + AuthenticationSession session = null; try { // check parameter @@ -148,10 +145,12 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("CertificateValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index bf10b3681..44557453a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -16,6 +16,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -50,7 +51,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet @@ -59,13 +60,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { setNoCachingHeaders(resp); Map parameters; - String pendingRequestID = null; try { parameters = getParameters(req); } catch (Exception e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } try { @@ -75,8 +75,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { if (!ParamValidatorUtils.isValidSessionID(sessionID)) { throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); } - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null; @@ -85,13 +83,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { executionContext.put("identityLinkAvailable", identityLinkAvailable); } catch (ParseException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("IdentityLinkValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); + } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 331a7653a..c4c4b2691 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -77,9 +77,11 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; import at.gv.egovernment.moa.id.process.ProcessEngine; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.storage.IExceptionStore; import at.gv.egovernment.moa.id.util.ServletUtils; @@ -185,29 +187,36 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { protected void handleError(String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { - if (null != errorMessage) { - Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage); - } - - if (null != exceptionThrown) { - if (null == errorMessage) - errorMessage = exceptionThrown.getMessage(); - Logger.error(errorMessage, exceptionThrown); - req.setAttribute("ExceptionThrown", exceptionThrown); - } - - if (Logger.isDebugEnabled()) { - req.setAttribute("LogLevel", "debug"); + Throwable loggedException = null; + + if (exceptionThrown != null + && exceptionThrown instanceof ProcessExecutionException) { + ProcessExecutionException procExc = + (ProcessExecutionException) exceptionThrown; + if (procExc.getCause() != null && + procExc.getCause() instanceof TaskExecutionException) { + TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); + loggedException = taskExc.getOriginalException(); + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.error(exceptionThrown.getMessage(), exceptionThrown); + + } else + Logger.error(exceptionThrown.getMessage()); + + } } + + if (loggedException == null) + loggedException = exceptionThrown; + - if (!(exceptionThrown instanceof MOAIDException)) { - Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown); + if (!(loggedException instanceof MOAIDException)) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); } IExceptionStore store = DBExceptionStoreImpl.getStore(); - String id = store.storeException(exceptionThrown); + String id = store.storeException(loggedException); if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { @@ -228,7 +237,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { } else { //Exception can not be stored in database - handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp); + handleErrorNoRedirect(errorMessage, loggedException, req, resp); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index d670cbe8a..43b6c03d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; /** @@ -54,7 +55,8 @@ public class ProcessEngineSignalServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req)); - setNoCachingHeaders(resp); + setNoCachingHeaders(resp); + String pendingRequestID = null; try { if (sessionID == null) { @@ -62,6 +64,7 @@ public class ProcessEngineSignalServlet extends AuthServlet { } // retrieve moa session + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); AuthenticationSession session = AuthenticationServer.getSession(sessionID); // process instance is mandatory @@ -73,7 +76,7 @@ public class ProcessEngineSignalServlet extends AuthServlet { getProcessEngine().signal(session.getProcessInstanceId()); } catch (Exception ex) { - handleError(null, ex, req, resp, null); + handleError(null, ex, req, resp, pendingRequestID); } finally { MOASessionDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index 0ffa22ec3..096e5ee9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -13,6 +13,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java index 6401b1d5d..343b8fe0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.process.api; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; + /** * Represents a single task to be performed upon process execution. @@ -16,6 +18,6 @@ public interface Task { * Provides execution related information. * @throws Exception An exception upon task execution. */ - void execute(ExecutionContext executionContext) throws Exception; + void execute(ExecutionContext executionContext) throws TaskExecutionException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java index bae6391ec..fb75fc8d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java @@ -8,6 +8,7 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.filter.RequestContextFilter; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -52,10 +53,10 @@ public abstract class MoaIdTask implements Task { * Thrown in case of error executing the task. */ public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws Exception; + HttpServletResponse response) throws TaskExecutionException; @Override - public void execute(ExecutionContext executionContext) throws Exception { + public void execute(ExecutionContext executionContext) throws TaskExecutionException { RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) { HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java index 7e56071bd..ebda3c5c3 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.process.spring.test.task; +import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; import java.util.Objects; @@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -37,7 +39,7 @@ public class CreateSAML1AssertionTask implements Task { private Logger log = LoggerFactory.getLogger(getClass()); @Override - public void execute(ExecutionContext executionContext) throws Exception { + public void execute(ExecutionContext executionContext) throws TaskExecutionException { Objects.requireNonNull(executionContext.get("IdentityLink")); assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); Objects.requireNonNull(executionContext.get("SignedAuthBlock")); @@ -47,6 +49,9 @@ public class CreateSAML1AssertionTask implements Task { try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) { executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8"))); + + } catch (IOException e) { + throw new TaskExecutionException("", e); } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java index 412fb0123..bd08ec6a1 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java @@ -9,6 +9,7 @@ import org.apache.commons.io.IOUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -37,13 +38,16 @@ public class GetIdentityLinkTask implements Task { private Logger log = LoggerFactory.getLogger(getClass()); @Override - public void execute(ExecutionContext executionContext) throws IOException { + public void execute(ExecutionContext executionContext) throws TaskExecutionException { Objects.requireNonNull(executionContext.get("bkuURL")); log.debug("Using bkuURL in order to retrieve IdentityLink."); try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) { executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8"))); + + } catch (IOException e) { + throw new TaskExecutionException("", e); } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java index 8099c0f98..8f9b72cea 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.process.spring.test.task; +import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; import java.util.Objects; @@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -38,7 +40,7 @@ public class SignAuthBlockTask implements Task { private Logger log = LoggerFactory.getLogger(getClass()); @Override - public void execute(ExecutionContext executionContext) throws Exception { + public void execute(ExecutionContext executionContext) throws TaskExecutionException { Objects.requireNonNull(executionContext.get("IdentityLink")); assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); Objects.requireNonNull(executionContext.get("bkuURL")); @@ -46,6 +48,9 @@ public class SignAuthBlockTask implements Task { log.debug("Using validated IdentityLink and bkuURL in order to sign auth block."); try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) { executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8"))); + } catch (IOException e) { + throw new TaskExecutionException("", e); + } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java index 07b2ea69c..cece373d4 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java @@ -5,6 +5,7 @@ import java.util.Objects; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -33,7 +34,7 @@ public class ValidateSignedAuthBlockTask implements Task { private Logger log = LoggerFactory.getLogger(getClass()); @Override - public void execute(ExecutionContext executionContext) throws Exception { + public void execute(ExecutionContext executionContext) throws TaskExecutionException { Objects.requireNonNull(executionContext.get("IdentityLink")); assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); Objects.requireNonNull(executionContext.get("SignedAuthBlock")); -- cgit v1.2.3 From bc41be7e1478e4b213c0357135a24572fce5f21d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Apr 2015 13:52:25 +0200 Subject: update STORK authentication module --- .../modules/stork/tasks/CreateStorkAuthRequestFormTask.java | 8 +++++--- .../tasks/PepsConnectorHandleLocalSignResponseTask.java | 12 +++++++----- .../PepsConnectorHandleResponseWithoutSignatureTask.java | 12 +++++++----- .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 8 +++++--- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index f8cc17b93..021ee62cf 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -63,7 +64,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws Exception { + throws TaskExecutionException { String pendingRequestID = null; String sessionID = null; @@ -97,11 +98,12 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { AuthenticationServer.startSTORKAuthentication(req, resp, moasession); } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e); - throw new MOAIDException("Internal error.", new Object[] { sessionID }, e); + throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e); + } finally { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java index 077bb2dee..1ae66f24e 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java @@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.moduls.ModulUtils; @@ -79,7 +80,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws TaskExecutionException { String moaSessionID = request.getParameter("moaSessionID"); String signResponse = request.getParameter("signresponse"); Logger.info("moaSessionID:" + moaSessionID); @@ -90,13 +91,13 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec handleSignResponse(executionContext, request, response); } else { // should not occur - throw new IOException("should not occur"); + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null); } return; } private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response) throws TaskExecutionException { Logger.info("handleSignResponse started"); String moaSessionID = request.getParameter("moaSessionID"); String signResponse = request.getParameter("signresponse"); @@ -199,13 +200,14 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec Logger.info("REDIRECT TO: " + redirectURL); } catch (AuthenticationException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (MOAIDException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { Logger.error("PEPSConnector has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } finally { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index e2c3880ac..08da21460 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; @@ -83,7 +84,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws TaskExecutionException { String moaSessionID = request.getParameter("moaSessionID"); String signResponse = request.getParameter("signresponse"); Logger.info("moaSessionID:" + moaSessionID); @@ -95,13 +96,13 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep } else { // should not occur - throw new IOException("should not occur"); + throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null); } return; } private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response) throws TaskExecutionException { Logger.info("handleSAMLResponse started"); String pendingRequestID = null; @@ -399,13 +400,14 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep Logger.info("REDIRECT TO: " + redirectURL); } catch (AuthenticationException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (MOAIDException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { Logger.error("PEPSConnector has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } finally { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 9df0ff37b..81c7c3a7b 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKException; @@ -128,7 +129,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws TaskExecutionException { String pendingRequestID = null; setNoCachingHeaders(response); @@ -613,13 +614,14 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.info("REDIRECT TO: " + redirectURL); } catch (AuthenticationException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (MOAIDException e) { - handleError(null, e, request, response, pendingRequestID); + throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { Logger.error("PEPSConnector has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); } finally { -- cgit v1.2.3 From 4707d0408674020f3c0f82ab08c605cef3e4932e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Apr 2015 14:35:13 +0200 Subject: update handbook --- id/server/doc/handbook/install/install.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html index aa508183e..f669af2a6 100644 --- a/id/server/doc/handbook/install/install.html +++ b/id/server/doc/handbook/install/install.html @@ -87,13 +87,13 @@

Die Basisinstallation der Module MOA-ID-Auth und MOA-ID-Configuration stellt einerseits die minimalen Anforderungen für den Betrieb von MOA-ID dar, andererseits dient sie als Ausgangspunkt für optionale Erweiterungsmöglichkeiten.

Die Mindestanforderungen für die Basisinstallation sind:

Wir empfehlen jedoch jeweils aktuelle Version zu verwenden:

In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module können sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. Für den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgeführt werden. In beiden Fällen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt für beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.

2.1.2 Installation

-- cgit v1.2.3 From 523f28c2b7f2f6b9ade75a5e8907a8cb6b1f25ba Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Apr 2015 14:40:25 +0200 Subject: change to new snapshot version --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index a87900e72..2ecc43a21 100644 --- a/pom.xml +++ b/pom.xml @@ -22,12 +22,12 @@ --> - 2.0.3 - 2.2.1 + 2.0.4-SNAPSHOT + 2.2.2-SNAPSHOT 2.0.1-SNAPSHOT - 2.0.5 - 1.1.6 - 2.0.4 + 2.0.5-SNAPSHOT + 1.1.7-SNAPSHOT + 2.0.5-SNAPSHOT 4.1.6.RELEASE -- cgit v1.2.3 From 2db59d0b99e6ca3bc9139b72fedfd9356be7e898 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 12:55:56 +0200 Subject: fixed NullPointerException in Logger class triggered by empty message --- .../java/at/gv/egovernment/moa/logging/Logger.java | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java index 265ad026d..7cb2e7daf 100644 --- a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java +++ b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java @@ -78,6 +78,19 @@ public class Logger { return logger; } + /** + * Prepare the message for printing it as string. + *

Mainly introduce because the message might be null. + * + * @param message the message + * @return the string + */ + private static String prepareMessage(Object message) { + if(null == message) + return "no message given"; + return message.toString(); + } + /** * Test, if the trace log level is enabled. * @@ -108,7 +121,7 @@ public class Logger { */ public static void trace(Object message) { org.slf4j.Logger logger = getLogger(); - logger.trace(message.toString()); + logger.trace(prepareMessage(message)); } /** @@ -141,17 +154,17 @@ public class Logger { */ public static void debug(Object message) { org.slf4j.Logger logger = getLogger(); - logger.debug(message.toString()); + logger.debug(prepareMessage(message)); } - - /** + +/** * Log an info message. * * @param message The message to log. */ public static void info(Object message) { org.slf4j.Logger logger = getLogger(); - logger.info(message.toString()); + logger.info(prepareMessage(message)); } /** @@ -161,7 +174,7 @@ public class Logger { */ public static void warn(Object message) { org.slf4j.Logger logger = getLogger(); - logger.warn(message.toString()); + logger.warn(prepareMessage(message)); } /** @@ -172,7 +185,7 @@ public class Logger { */ public static void warn(Object message, Throwable t) { org.slf4j.Logger logger = getLogger(); - logger.warn(message.toString(), t); + logger.warn(prepareMessage(message), t); } /** @@ -182,7 +195,7 @@ public class Logger { */ public static void error(Object message) { org.slf4j.Logger logger = getLogger(); - logger.error(message.toString()); + logger.error(prepareMessage(message)); } /** @@ -193,7 +206,7 @@ public class Logger { */ public static void error(Object message, Throwable t) { org.slf4j.Logger logger = getLogger(); - logger.error(message.toString(), t); + logger.error(prepareMessage(message), t); } /** -- cgit v1.2.3 From ae570bf65585de05db08dd50d87352fc2027c624 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 12:58:29 +0200 Subject: fixed attribute forwarding when using STORK2 SAML for SP --- .../moa/id/protocols/stork2/MOAAttributeProvider.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 3ab4ec4a1..d3a5a1085 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -99,6 +99,16 @@ public class MOAAttributeProvider { Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); e.printStackTrace(); } + } else if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) { + Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]"); + try { + PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName()); + attributeList.add((PersonalAttribute) tmp.clone()); + } catch(Exception e) { + Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute); + if(Logger.isDebugEnabled()) + e.printStackTrace(); + } } else { Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); } -- cgit v1.2.3 From 7d8b6f80bb6faf33c4a19aac2d23784a8dbbddc2 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 13:01:43 +0200 Subject: refactored some code regarding multi-part SAML responses --- .../stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java | 2 +- .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 08da21460..aff69aa9c 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -342,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code. try { - SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions() + SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions() .get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef() .getAuthnContextClassRef(), citizenSignature); } catch (STORKException e) { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 81c7c3a7b..6eabc0538 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -506,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Starting connecting SZR Gateway"); identityLink = STORKResponseProcessor.connectToSZRGateway( - authnResponse.getPersonalAttributeList(), + attributeList, oaParam.getFriendlyName(), targetType, null, @@ -560,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { moaSession.setIdentityLink(identityLink); Logger.debug("Adding addtional STORK attributes to MOA session"); - moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); + moaSession.setStorkAttributes(attributeList); Logger.debug("Add full STORK AuthnResponse to MOA session"); moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse")); -- cgit v1.2.3 From 4df561f9f19966c92cd658efa0cd3942a0a091d4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 16:10:56 +0200 Subject: moved consent request before attributes are being collected --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 2 +- .../id/protocols/stork2/AttributeCollector.java | 12 ++----- .../id/protocols/stork2/AuthenticationRequest.java | 7 +++- .../moa/id/protocols/stork2/ConsentEvaluator.java | 42 ++++++++++++++-------- 4 files changed, 38 insertions(+), 25 deletions(-) diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 54debca81..8f01ca22b 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -74,7 +74,7 @@ /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} - ^/stork2/CompleteAuthentication$ + ^/stork2/GetConsent$ /dispatcher?mod=id_stork2&action=ConsentEvaluator&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1e6cf6910..704f8b8a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -26,12 +26,8 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -186,7 +182,8 @@ public class AttributeCollector implements IAction { List missingAttributes = new ArrayList(); for (PersonalAttribute current : requestAttributeList) if (!responseAttributeList.containsKey(current.getName())) - missingAttributes.add(current); + if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) + missingAttributes.add(current); Logger.info("collecting attributes..."); Logger.debug("found " + missingAttributes.size() + " missing attributes"); @@ -253,10 +250,7 @@ public class AttributeCollector implements IAction { Logger.info("collecting attributes done"); // ask for consent if necessary - if(oaParam.isRequireConsentForStorkAttributes()) - new ConsentEvaluator().requestConsent(container, response, oaParam); - else - new ConsentEvaluator().generateSTORKResponse(response, container); + new ConsentEvaluator().generateSTORKResponse(response, container); return null; // AssertionId // TODO diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 859f4900b..e0c4b3d16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction { Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); + if(oaParam.isRequireConsentForStorkAttributes()) + new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam); + else + new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam); + + return null; } // // check if we are getting request for citizen of some other country // else if (req instanceof MOASTORKRequest) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 2c5728798..51e731e8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -23,13 +23,17 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; + import java.util.ArrayList; import java.util.HashMap; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import java.util.Map.Entry; + import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; import eu.stork.peps.exceptions.STORKSAMLEngineException; + import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; @@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction { DataContainer container; try { container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + req = container.getRequest(); } catch (MOADatabaseException e) { Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); throw new MOAIDException("stork.17", null); } // evaluate response - for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) { + for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) { if(null == httpReq.getParameter(current.getName())) { - current.setStatus(AttributeStatusType.NOT_AVAILABLE.value()); + current.setStatus(AttributeStatusType.WITHHELD.value()); current.setValue(new ArrayList()); current.setComplexValue(new HashMap()); } } - // build and send response - generateSTORKResponse(httpResp, container); - + //TODO: CHECK: req.getOAURL() should return the unique OA identifier + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); + + new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam); + return null; // AssertionId } @@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction { * Fills the given HttpResponse with the required web page. * * @param container the container + * @param authData * @param response the response * @param oaParam the oa param * @return the string * @throws MOAIDException the mOAID exception */ - public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException { + public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException { + //check if we need to collect consent + if(!oaParam.isRequireConsentForStorkAttributes()) { + (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); + return ""; + } + // prepare redirect String newArtifactId; try { @@ -130,13 +145,12 @@ public class ConsentEvaluator implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); VelocityContext context = new VelocityContext(); - context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId); + context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); // assemble table String table = ""; - for (PersonalAttribute current : container.getResponse().getPersonalAttributeList()) - if ("Available".equals(current.getStatus())) - table += "" + current.getName() + "\n"; + for (PersonalAttribute current : container.getRequest().getPersonalAttributeList()) + table += "" + current.getName() + "\n"; context.put("tablecontent", table); -- cgit v1.2.3 From d086e2f7c278b0b5034d058fe8deff34927bf811 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 16:12:06 +0200 Subject: consent request cosmetics --- .../moa/id/protocols/stork2/ConsentEvaluator.java | 2 ++ .../resources/templates/stork2_consent.html | 20 ++++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 51e731e8a..865cec5a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -153,6 +153,8 @@ public class ConsentEvaluator implements IAction { table += "" + current.getName() + "\n"; context.put("tablecontent", table); + for(Entry current : oaParam.getFormCustomizaten().entrySet()) + context.put(current.getKey().replace("#", ""), current.getValue()); StringWriter writer = new StringWriter(); template.merge(context, writer); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html index e21a61665..0ab41f146 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html @@ -80,6 +80,7 @@ overflow:auto; min-width: 190px; height: 260px; + padding: 20px; } h2#tabheader{ @@ -134,6 +135,7 @@ #bkulogin { min-height: 150px; + padding: 20px; } } @@ -146,6 +148,7 @@ #bkulogin { height: 180px; + padding: 20px; } } @@ -175,7 +178,7 @@ color : #000; text-align: center; font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; + background-color: ${MAIN_BACKGOUNDCOLOR}; } #page { @@ -230,6 +233,7 @@ #bkulogin { min-width: 190px; height: 155px; + padding: 20px; } .setAssertionButton_full { @@ -249,7 +253,7 @@ * { margin: 0; padding: 0; - font-family: #FONTTYPE#; + font-family: ${FONTTYPE}; } #selectArea { @@ -333,13 +337,13 @@ } .hell { - background-color : #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; + background-color : ${MAIN_BACKGOUNDCOLOR}; + color: ${MAIN_COLOR}; } .dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; + background-color: ${HEADER_BACKGROUNDCOLOR}; + color: ${HEADER_COLOR}; } .main_header { @@ -404,7 +408,7 @@ } -#HEADER_TEXT# +Informationsfreigabe

@@ -417,7 +421,7 @@

STORK Informationsfreigabe

- Alle angehakten Daten werden an das fragende Drittland übermittelt. + Wählen Sie jene Daten, die, wenn verfügbar, an ein Drittland weitergegeben werden sollen:
${tablecontent}
-- cgit v1.2.3 From b4e8abf78acf92e6a40606ddd02d381e73a0d487 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 16:34:30 +0200 Subject: added required status to consent list --- .../at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 865cec5a3..baa2f1b40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -150,7 +150,7 @@ public class ConsentEvaluator implements IAction { // assemble table String table = ""; for (PersonalAttribute current : container.getRequest().getPersonalAttributeList()) - table += "" + current.getName() + "\n"; + table += "" + current.getName() + (current.isRequired() ? "" : " (optional)") + "\n"; context.put("tablecontent", table); for(Entry current : oaParam.getFormCustomizaten().entrySet()) -- cgit v1.2.3 From b110b9d1acd557e103ea4afc88499f2271d4c855 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 16:35:38 +0200 Subject: fix: gather any attribute from STORK2 response first if available --- .../id/protocols/stork2/MOAAttributeProvider.java | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index d3a5a1085..3b2fae0d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -79,7 +79,17 @@ public class MOAAttributeProvider { public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { String storkAttribute = requestedAttribute.getName(); - if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { + if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) { + Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]"); + try { + PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName()); + attributeList.add((PersonalAttribute) tmp.clone()); + } catch(Exception e) { + Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute); + if(Logger.isDebugEnabled()) + e.printStackTrace(); + } + } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); @@ -99,16 +109,6 @@ public class MOAAttributeProvider { Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); e.printStackTrace(); } - } else if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) { - Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]"); - try { - PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName()); - attributeList.add((PersonalAttribute) tmp.clone()); - } catch(Exception e) { - Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute); - if(Logger.isDebugEnabled()) - e.printStackTrace(); - } } else { Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); } -- cgit v1.2.3 From 637e57f15061232351b30a53a50825de51522142 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 6 May 2015 09:15:39 +0200 Subject: fixed nullpointerex during attribute extraction --- .../gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 4 ++-- .../gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e0c4b3d16..01f84125f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -499,11 +499,11 @@ public class AuthenticationRequest implements IAction { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); + Logger.error("Exception, attributes: " + e.getMessage(), e); } } } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); + Logger.error("Exception, attributes: " + e.getMessage(), e); } Logger.trace("AUTHBLOCK " + authData.getAuthBlock()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 3b2fae0d5..9a6206947 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -79,7 +79,7 @@ public class MOAAttributeProvider { public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { String storkAttribute = requestedAttribute.getName(); - if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) { + if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) { Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]"); try { PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName()); -- cgit v1.2.3 From e694549a0e77265f77651b68c7b6adfa6d8f1c30 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 6 May 2015 09:16:41 +0200 Subject: fixed compilation issues --- .../at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java | 2 +- .../gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index baa2f1b40..3acd1039f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -158,7 +158,7 @@ public class ConsentEvaluator implements IAction { StringWriter writer = new StringWriter(); template.merge(context, writer); - response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index ed8480ccb..b24c0df4f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -211,7 +211,7 @@ public class MandateRetrievalRequest implements IAction { // ask for consent if necessary if (oaParam.isRequireConsentForStorkAttributes()) - new ConsentEvaluator().requestConsent(container, httpResp, oaParam); + new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam); else new ConsentEvaluator().generateSTORKResponse(httpResp, container); -- cgit v1.2.3 From c621447906a77c5d457ce2ee854c08586509626a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 6 May 2015 09:28:20 +0200 Subject: remove unselected attributes from result set --- .../moa/id/protocols/stork2/AttributeCollector.java | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 704f8b8a9..371cfb1d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -180,10 +180,21 @@ public class AttributeCollector implements IAction { IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); List missingAttributes = new ArrayList(); + Logger.debug("aquire list of missing attributes"); for (PersonalAttribute current : requestAttributeList) - if (!responseAttributeList.containsKey(current.getName())) - if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) + if (!responseAttributeList.containsKey(current.getName())) { + if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) { + // add the ones we need missingAttributes.add(current); + Logger.debug("add " + current.getName() + " to the list of missing attributes"); + } + } else { + // remove the ones we do not want to share from the response list + if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) { + responseAttributeList.remove(current.getName()); + Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data"); + } + } Logger.info("collecting attributes..."); Logger.debug("found " + missingAttributes.size() + " missing attributes"); -- cgit v1.2.3 From c230145208b7fbe53b7bf2d6aff49a24301559eb Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 6 May 2015 12:46:10 +0200 Subject: fixed samlengine transient issue --- .../src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java index 5d8281445..15803fb68 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java @@ -69,7 +69,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { /** * Is the personal attribute mandatory? */ - private transient boolean required; + private boolean required; /** * Returned status of the attribute from the IdP. -- cgit v1.2.3