From a9b2e962d2853b74d314cb9f614cab446a7134c0 Mon Sep 17 00:00:00 2001
From: kstranacher
Date: Thu, 26 Jan 2012 21:59:33 +0000
Subject: =?UTF-8?q?*=20optionalen=20useUTC=20Parameter=20in=20Konfig=20ein?=
=?UTF-8?q?gef=C3=BCgt=20(damit=20IssueInstant=20in=20SAML=20Assertion=20a?=
=?UTF-8?q?uf=20UTC=20einstellbar)=20*=20optionalen=20sourceID=20Parameter?=
=?UTF-8?q?=20bei=20MOA-ID=20Aufruf=20eingef=C3=BCgt=20(wird=201:1=20in=20?=
=?UTF-8?q?SAML=20Assertion=20=C3=BCbernommen)=20*=20Update=20Doku=20(useU?=
=?UTF-8?q?TC,=20sourceID,=20Vollmachten-Profile)=20*=20Ablauf=C3=A4nderun?=
=?UTF-8?q?g=20bei=20Vollmachten-Modus=20(Signatur=20Zertifikat=20wird=20a?=
=?UTF-8?q?us=20Signatur=20entnommen=20und=20nicht=20mittels=20eigenem=20I?=
=?UTF-8?q?nfobox-Request)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1233 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
.../at/gv/egovernment/moa/util/DateTimeUtils.java | 83 +++++++++------
.../schemas/MOA-ID-Configuration-1.5.1.xsd | 9 +-
.../gv/egovernment/moa/util/DateTimeUtilsTest.java | 2 +-
id/readme_1.5.1.txt | 2 +
.../conf/moa-id/SampleMOAIDConfiguration.xml | 3 +-
.../conf/moa-id/SampleMOAIDConfigurationProxy.xml | 3 +-
.../SampleMOAIDConfiguration_withTestBKs.xml | 3 +-
.../SampleMOAIDConfiguration_withTestBKsProxy.xml | 3 +-
id/server/doc/MOA-ID-Configuration-1.5.1.xsd | 9 +-
id/server/doc/MOA_ID_1.5_Anhang.pdf | Bin 70517 -> 296723 bytes
id/server/doc/moa_id/faqs.htm | 3 +-
id/server/doc/moa_id/id-admin.htm | 2 +-
id/server/doc/moa_id/id-admin_1.htm | 2 +-
id/server/doc/moa_id/id-admin_2.htm | 10 +-
id/server/doc/moa_id/id-admin_3.htm | 2 +-
id/server/doc/moa_id/id-anwendung.htm | 2 +-
id/server/doc/moa_id/id-anwendung_1.htm | 8 +-
id/server/doc/moa_id/id-anwendung_2.htm | 3 +-
id/server/doc/moa_id/links.htm | 3 +-
id/server/doc/moa_id/moa.htm | 2 +-
.../moa/id/auth/AuthenticationServer.java | 59 +++++++----
.../moa/id/auth/MOAIDAuthConstants.java | 2 +
.../builder/AuthenticationAssertionBuilder.java | 26 +++++
.../AuthenticationDataAssertionBuilder.java | 15 ++-
.../moa/id/auth/data/AuthenticationSession.java | 28 +++++-
.../auth/servlet/GetAuthenticationDataService.java | 9 +-
.../auth/servlet/StartAuthenticationServlet.java | 13 ++-
.../servlet/VerifyAuthenticationBlockServlet.java | 112 +++++++++++++++++++--
.../id/auth/servlet/VerifyCertificateServlet.java | 62 +-----------
.../id/auth/servlet/VerifyIdentityLinkServlet.java | 2 +-
.../moa/id/config/ConfigurationBuilder.java | 1 +
.../moa/id/config/auth/OAAuthParameter.java | 21 ++++
.../moa/id/data/AuthenticationData.java | 15 +++
.../moa/id/proxy/builder/SAMLRequestBuilder.java | 2 +-
.../moa/id/util/ParamValidatorUtils.java | 30 ++++++
.../id/util/client/mis/simple/MISSimpleClient.java | 19 +++-
.../test/abnahme/A/Test100StartAuthentication.java | 16 +--
.../test/abnahme/A/Test300VerifyAuthBlock.java | 4 +-
.../A/Test600GetAuthenticationDataService.java | 2 +-
.../test/java/test/abnahme/AbnahmeTestCase.java | 2 +-
.../moa/id/auth/AuthenticationServerTest.java | 2 +-
41 files changed, 421 insertions(+), 175 deletions(-)
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
index 92e845967..d70073db8 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.util;
import java.io.StringWriter;
import java.text.ParseException;
+import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
@@ -48,38 +49,56 @@ public class DateTimeUtils {
* @param cal the Calendar
value
* @return the dateTime
value
*/
- public static String buildDateTime(Calendar cal) {
- StringWriter out = new StringWriter();
- out.write("" + cal.get(Calendar.YEAR));
- out.write("-");
- out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
- out.write("-");
- out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
- out.write("T");
- out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
- out.write(":");
- out.write(to2DigitString(cal.get(Calendar.MINUTE)));
- out.write(":");
- out.write(to2DigitString(cal.get(Calendar.SECOND)));
- int tzOffsetMilliseconds =
- cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET);
- if (tzOffsetMilliseconds != 0) {
- int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60);
- int tzOffsetHours = tzOffsetMinutes / 60;
- tzOffsetMinutes -= tzOffsetHours * 60;
- if (tzOffsetMilliseconds > 0) {
- out.write("+");
- out.write(to2DigitString(tzOffsetHours));
- out.write(":");
- out.write(to2DigitString(tzOffsetMinutes));
- } else {
- out.write("-");
- out.write(to2DigitString(-tzOffsetHours));
- out.write(":");
- out.write(to2DigitString(-tzOffsetMinutes));
- }
- }
- return out.toString();
+ public static String buildDateTime(Calendar cal, boolean useUTC) {
+
+ if (useUTC)
+ return buildDateTimeUTC(cal);
+ else {
+ StringWriter out = new StringWriter();
+ out.write("" + cal.get(Calendar.YEAR));
+ out.write("-");
+ out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
+ out.write("-");
+ out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
+ out.write("T");
+ out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
+ out.write(":");
+ out.write(to2DigitString(cal.get(Calendar.MINUTE)));
+ out.write(":");
+ out.write(to2DigitString(cal.get(Calendar.SECOND)));
+ int tzOffsetMilliseconds =
+ cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET);
+ if (tzOffsetMilliseconds != 0) {
+ int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60);
+ int tzOffsetHours = tzOffsetMinutes / 60;
+ tzOffsetMinutes -= tzOffsetHours * 60;
+ if (tzOffsetMilliseconds > 0) {
+ out.write("+");
+ out.write(to2DigitString(tzOffsetHours));
+ out.write(":");
+ out.write(to2DigitString(tzOffsetMinutes));
+ } else {
+ out.write("-");
+ out.write(to2DigitString(-tzOffsetHours));
+ out.write(":");
+ out.write(to2DigitString(-tzOffsetMinutes));
+ }
+ }
+ return out.toString();
+ }
+ }
+
+ /**
+ * Builds a dateTime
value in UTC from a Calendar
value.
+ * @param cal the Calendar
value
+ * @return the dateTime
value
+ */
+ public static String buildDateTimeUTC(Calendar cal) {
+
+ SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ f.setTimeZone(TimeZone.getTimeZone("UTC"));
+
+ return f.format(cal.getTime());
}
/**
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
index cc562187a..d16953eab 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
@@ -89,10 +89,16 @@
-
+
enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+
+
@@ -467,6 +473,7 @@
+
diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
index 8fdd389a2..3364e9888 100644
--- a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
+++ b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -121,7 +121,7 @@ public class DateTimeUtilsTest extends TestCase {
Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone));
cal.set(year,month, day, hour, min, sec);
cal.set(Calendar.MILLISECOND, 0);
- String dateTimeBuilt = DateTimeUtils.buildDateTime(cal);
+ String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false);
assertEquals(dateTimeShould, dateTimeBuilt);
}
diff --git a/id/readme_1.5.1.txt b/id/readme_1.5.1.txt
index 8cf5e7361..e742212df 100644
--- a/id/readme_1.5.1.txt
+++ b/id/readme_1.5.1.txt
@@ -17,6 +17,8 @@ gleichen Verzeichnis):
- Änderung der Konfiguration
- für Online-Vollmachten
- Fixer Target-Parameter für Online-Applikation konfigurierbar
+ - Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
+- Weiterer optionaler Parameter sourceID beim MOA-ID Aufruf
- IAIK Libraries aktualisiert:
iaik-moa: Version 1.31
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 697cadec4..6525642f1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -65,7 +65,8 @@
-
+
+
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 41103cf3c..27bf6681c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -76,7 +76,8 @@
-
+
+
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 05c6387e1..eefc7cf6a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -67,7 +67,8 @@
-
+
+
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 1d8b50537..f9e296c62 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -77,7 +77,8 @@
-
+
+
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
index cc562187a..d16953eab 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
@@ -89,10 +89,16 @@
-
+
enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+
+
@@ -467,6 +473,7 @@
+
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf
index 454ff933a..f2e5057c7 100644
Binary files a/id/server/doc/MOA_ID_1.5_Anhang.pdf and b/id/server/doc/MOA_ID_1.5_Anhang.pdf differ
diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm
index 0b9ef0415..814d0c9f7 100644
--- a/id/server/doc/moa_id/faqs.htm
+++ b/id/server/doc/moa_id/faqs.htm
@@ -207,8 +207,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
-© 2003
- |
+© 2012
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 7192f02e2..7d014299e 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -311,7 +311,7 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
|
-© 2004
+© 2012
|
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 9b18fcdbe..08a1acc73 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -539,7 +539,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ungültigen SessionID fort
|
-© 2010
+© 2012
|
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index ea4874edd..8a217bfcc 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -613,8 +613,9 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt
Anmeldedaten aufzunehmen.
Alle Attribute sind optional und haben den Default-Wert
false.
- Das Attribut provideFullMandatorData bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion übermittelt. Bei provideFullMandatorData=false werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei provideFullMandatorData=true wird zusätzlich die gesamte Vollmacht übergeben.
-Anmerkung: Das Attribut provideStammzahl steht in keinem
+ Das Attribut provideFullMandatorData bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion übermittelt. Bei provideFullMandatorData=false werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei provideFullMandatorData=true wird zusätzlich die gesamte Vollmacht übergeben.
+ Das Attribut useUTC bestimmt ob IssueInstant in der SAML Assertion als UTC (2012-01-26T18:38:35Z, useUTC=true) oder dem Default-Format (z.B.: 2012-01-26T19:38:35+01:00, useUTC=false) angegeben wird.
+ Anmerkung: Das Attribut provideStammzahl steht in keinem
Zusammenhang zum gleichnamigen Attribut
VerifyInfoboxes/@provideStammzahl,
das angibt ob die Stammzahl an eine Prüfapplikation weitergegeben
@@ -921,7 +922,8 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt
Mit Hilfe dieses Elements werden die Online-Vollmachten für die Online-Applikation aktiviert.
Als Kindelement muss Profiles angegeben werden. Dieses Element beinhaltet eine (Komma-separierte)
- Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.
+ Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.
+ Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.
Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe hier
@@ -1453,7 +1455,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die ursprüngliche Konf
|
-© 2010
+© 2012
|
diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm
index 8b1c74e7c..5b95feca8 100644
--- a/id/server/doc/moa_id/id-admin_3.htm
+++ b/id/server/doc/moa_id/id-admin_3.htm
@@ -194,7 +194,7 @@ Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfigur
|
-© 2004
+© 2012
|
diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm
index d5057f854..c4cab64e1 100644
--- a/id/server/doc/moa_id/id-anwendung.htm
+++ b/id/server/doc/moa_id/id-anwendung.htm
@@ -94,7 +94,7 @@ Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die für
|
-© 2003
+© 2012
|
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 28f7a5979..ad45ff7e1 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,7 +73,7 @@ Projekt moa
Der Aufruf erfolgt durch einen Verweis der Form:
<a href="https://<moa-id-server-und-pfad>/
StartAuthentication?Target=<geschäftsbereich>
-&OA=<oa-url>&Template=<template-url>&useMandate=false">
+&OA=<oa-url>&Template=<template-url>&useMandate=false&sourceID=<sourceID>">
<moa-id-server-und-pfad> | Server und Pfad, wo MOA-ID-AUTH installiert ist |
@@ -92,6 +92,10 @@ StartAuthentication?Target=<geschäftsbereich>
useMandate=<true/false> |
optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgeführt werden soll (=true) oder nicht (=false); |
+
+ sourceID=<sourceID> |
+ optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint |
+
@@ -204,7 +208,7 @@ Im folgenden Beispiel wird in den Java Truststore "truststore.jks" mit
|
-© 2004
+© 2012
|
diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm
index df8b10aad..4e2e89d74 100644
--- a/id/server/doc/moa_id/id-anwendung_2.htm
+++ b/id/server/doc/moa_id/id-anwendung_2.htm
@@ -237,8 +237,7 @@ Falls nötig, kann eine ma
|
-© 2003
- |
+© 2012
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
index ef6c09083..2956c6263 100644
--- a/id/server/doc/moa_id/links.htm
+++ b/id/server/doc/moa_id/links.htm
@@ -134,8 +134,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
|
-© 2010
-
+© 2012
|
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 94f4a35ea..09fb1c5b6 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -247,7 +247,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
|
-© 2010
+© 2012
|
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 68e6b950a..a68dca65a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,11 +24,15 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
@@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
@@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param useMandate Indicates if mandate is used or not
* @param templateURL URL providing an HTML template for the HTML form generated
* @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode)
- * @param scheme determines the protocol used
+ * @param scheme determines the protocol used
+ * @param sourceID
* @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
@@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String bkuURL,
String useMandate,
String sessionID,
- String scheme)
+ String scheme,
+ String sourceID)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
String useMandateString = null;
@@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
+ session.setBusinessService(oaParam.getBusinessService());
+ if (sourceID != null)
+ session.setSourceID(sourceID);
}
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
// for testing new identity link certificate
- // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample
// xmlInfoboxReadResponse = null;
// try {
-// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+// File file = new File("c:/temp/XXXMuster.xml");
// FileInputStream fis;
//
// fis = new FileInputStream(file);
// byte[] array = Utils.readFromInputStream(fis);
//
// xmlInfoboxReadResponse = new String(array);
-// //System.out.println(xmlInfoboxReadResponse);
+// System.out.println(xmlInfoboxReadResponse);
//
// } catch (FileNotFoundException e) {
// // TODO Auto-generated catch block
@@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
-//
+
// parses the
@@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
+ String authBlock = buildAuthenticationBlock(session, oaParam);
// session.setAuthBlock(authBlock);
// builds the
@@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
String identificationValue = identityLink.getIdentificationValue();
String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
@@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// parses
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+
try {
String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
session.setAuthBlock(serializedAssertion);
@@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
if (session.getUseMandate()) {
// mandate mode
+ //session.setAssertionAuthBlock(assertionAuthBlock)
+
+ // set signer certificate
+ session.setSignerCertificate(vsresp.getX509certificate());
+
return null;
}
else {
@@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
- X509Certificate cert = session.getForeignSignerCertificate();
+ X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
String samlAssertion =
@@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private AuthenticationData buildAuthenticationData(
AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
+ VerifyXMLSignatureResponse verifyXMLSigResp,
+ boolean useUTC)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
@@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC));
authData.setIdentificationType(identityLink.getIdentificationType());
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
+ authData.setUseUTC(oaParam.getUseUTC());
boolean provideStammzahl = oaParam.getProvideStammzahl();
if (provideStammzahl) {
authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 260b3fd01..f3be98ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -43,6 +43,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_OA = "OA";
/** servlet parameter "bkuURI" */
public static final String PARAM_BKU = "bkuURI";
+ /** servlet parameter "sourceID" */
+ public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter "BKUSelectionTemplate" */
public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
/** servlet parameter "BKUSelectionTemplate" */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 8af4e3af5..410d045f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder {
" " + NL +
" {2}" + NL +
" "+ NL;
+
+ protected static String SAML_ATTRIBUTE_NO_NAMESPACE =
+ " " + NL +
+ " {1}" + NL +
+ " "+ NL;
/**
* Empty constructor
@@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder {
}
return sb.toString();
}
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException {
+ StringBuffer sb = new StringBuffer();
+ if (sourceID!=null)
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID}));
+
+ return sb.toString();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 367116c73..7032e09eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" " + NL +
" {9}" + NL +
" " + NL +
- "{10}" +
- "{11}" +
+ "{10}" +
+ "{11}" +
"{12}" +
+ "{13}" +
" " + NL +
"";
@@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" " + NL +
" {10}" + NL +
" " + NL +
- "{11}" +
- "{12}" +
+ "{11}" +
+ "{12}" +
"{13}" +
+ "{14}" +
" " + NL +
"";
/**
@@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
+
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
@@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlPersonData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
@@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlMandateData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3ab8ff819..5a18b720b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -62,6 +62,11 @@ public class AuthenticationSession {
* Friendly name for the target, if target is configured via MOA-ID configuration
*/
private String targetFriendlyName;
+
+ /**
+ * SourceID
+ */
+ private String sourceID;
/**
* Indicates if target from configuration is used or not
*/
@@ -155,7 +160,7 @@ public class AuthenticationSession {
private boolean businessService;
/**
- * Signer certificate of the foreign citizen
+ * Signer certificate of the foreign citizen or for mandate mode
*/
private X509Certificate signerCertificate;
/**
@@ -212,11 +217,11 @@ public class AuthenticationSession {
infoboxValidators = new ArrayList();
}
- public X509Certificate getForeignSignerCertificate() {
+ public X509Certificate getSignerCertificate() {
return signerCertificate;
}
- public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+ public void setSignerCertificate(X509Certificate signerCertificate) {
this.signerCertificate = signerCertificate;
}
@@ -284,6 +289,14 @@ public class AuthenticationSession {
return target;
}
+ /**
+ * Returns the sourceID.
+ * @return String
+ */
+ public String getSourceID() {
+ return sourceID;
+ }
+
/**
* Returns the target friendly name.
* @return String
@@ -332,6 +345,15 @@ public class AuthenticationSession {
this.target = target;
}
}
+
+ /**
+ * Sets the sourceID
+ * @param sourceID The sourceID to set
+ */
+ public void setSourceID(String sourceID) {
+ this.sourceID = sourceID;
+ }
+
/**
* Sets the target. If the target includes the target prefix, the prefix will be stripped off.
* @param target The target to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
index da5ad6ab9..b5c72ef9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants {
String statusMessageCode = null;
String statusMessage = null;
String samlAssertion = "";
+ boolean useUTC = false;
if (requests.length > 1) {
// more than 1 request given as parameter
statusCode = "samlp:Requester";
@@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants {
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
try {
+
AuthenticationData authData = AuthenticationServer.getInstance().
getAuthenticationData(samlArtifact);
+
+ useUTC = authData.getUseUTC();
// success
samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
@@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants {
}
}
try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+
}
catch (MOAIDException e) {
AxisFault fault = AxisFault.makeFault(e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index ca3883dad..431af3c31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(req.getContextPath() + "/");
String target = req.getParameter(PARAM_TARGET);
+ String sourceID = req.getParameter(PARAM_SOURCEID);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
String useMandate = req.getParameter(PARAM_USEMANDATE);
-
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
sessionID = StringEscapeUtils.escapeHtml(sessionID);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
-
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
@@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidTarget(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
else {
// use target from config
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
resp.setContentType("text/html;charset=UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f7f9d8fed..17cbe7a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -24,26 +24,40 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
/**
@@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
+
+ callMISService(session, req, resp);
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+ //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+ //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
@@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
+
+ /**
+ * Calls the MIS Service
+ * @param session
+ * @throws IOException
+ */
+ private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
+
+ try {
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+
+ System.out.println("IDL: " + s);
+
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ String redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
+
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ String oaFriendlyName = oaParam.getFriendlyName();
+ String mandateReferenceValue = session.getMandateReferenceValue();
+ X509Certificate cert = session.getSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
+ }
+ }
/**
* Adds a parameter to a URL.
* @param url the URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index acf8b0b64..27f956c40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
if (useMandate) {
- // Mandate Modus
- // make request to MIS
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- // get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
- String s = DOMUtils.serializeNode(elem);
- byte[] idl = s.getBytes();
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
- String redirectURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- GET_MIS_SESSIONID,
- session.getSessionID());
-
- String oaURL = session.getOAURLRequested();
- OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
- String profiles = oaParam.getMandateProfiles();
-
- if (profiles == null) {
- Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
- }
-
- String profilesArray[] = profiles.split(",");
- for(int i = 0; i < profilesArray.length; i++) {
- profilesArray[i] = profilesArray[i].trim();
- }
-
- String oaFriendlyName = oaParam.getFriendlyName();
- String mandateReferenceValue = session.getMandateReferenceValue();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
- String redirectMISGUI = misSessionID.getRedirectURL();
-
- if (misSessionID == null) {
- Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
- throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
- }
-
- session.setMISSessionID(misSessionID.getSessiondId());
-
- resp.setStatus(302);
- resp.addHeader("Location", redirectMISGUI);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+ throw new AuthenticationException("auth.13", null);
}
else {
// Foreign Identities Modus
@@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet {
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
- } catch (TransformerException e) {
- handleError(null, e, req, resp);
- }
+ }
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 6d4a21674..fc5d82936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
- // build dataurl (to the GetForeignIDSerlvet)
+ // build dataurl (to the VerifyCertificateSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7fe85cfae..8cc51bf93 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -579,6 +579,7 @@ public class ConfigurationBuilder {
oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
+ oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f85666acf..65e21cbce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter {
* determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
*/
private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
/**
* url to a template for web page "Auswahl der Bürgerkartenumgebung"
*/
@@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter {
return provideFullMandatorData;
}
+ /**
+ * Returns true
if the IssueInstant should be given in UTC, otherwise false
.
+ * @return true
if the IssueInstant should be given in UTC, otherwise false
.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
/**
* Returns the key box identifier.
@@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter {
public void setProvideFullMandatorData(boolean provideFullMandatorData) {
this.provideFullMandatorData = provideFullMandatorData;
}
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+
/**
* Sets the key box identifier.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 44eb98dad..79f3b4e30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -107,6 +107,9 @@ public class AuthenticationData {
* the corresponding lt;saml:Assertion>
*/
private String samlAssertion;
+
+ /** useUTC */
+ private boolean useUTC;
/**
* creation timestamp
*/
@@ -166,6 +169,14 @@ public class AuthenticationData {
public String getWBPK() {
return wbPK;
}
+
+ /**
+ * Returns useUTC
+ * @return useUTC
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
/**
* Sets the minorVersion.
@@ -215,6 +226,10 @@ public class AuthenticationData {
this.wbPK = wbPK;
}
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
/**
* Returns the assertionID.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
index 5ce952662..2493f42b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {
*/
public Element build(String requestID, String samlArtifactBase64) throws BuildException {
try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);
String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
return requestElem;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 8c3bccab3..fa220d13d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -75,6 +75,36 @@ public class ParamValidatorUtils {
return false;
}
+ }
+
+ /**
+ * Checks if the given target is valid
+ * @param sourceID HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSourceID(String sourceID) {
+
+ Logger.debug("Überprüfe Parameter sourceID");
+
+ // if non parameter is given return true
+ if (sourceID == null) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[\\w-_]{1,50}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter sourceID erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)");
+ return false;
+ }
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 1181253f1..620919c61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,7 +149,8 @@ public class MISSimpleClient {
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
-
+
+
idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
mirElement.appendChild(idlElement);
@@ -237,7 +238,18 @@ public class MISSimpleClient {
}
}
- private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+
+// try {
+// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request));
+// } catch (TransformerException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// } catch (IOException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// }
+
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -249,7 +261,8 @@ public class MISSimpleClient {
PostMethod post = new PostMethod(webServiceURL);
StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
post.setRequestEntity(re);
- int responseCode = httpclient.executeMethod(post);
+ int responseCode = httpclient.executeMethod(post);
+
if (responseCode != 200) {
throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index fcf7477c5..818773794 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -47,7 +47,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"http://localhost:9080/", //oaURL
"file:" + findXmldata("AuthTemplate.html"),
"http://localhost:3495/http-security-layer-request",
- null, null, null);
+ null, null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -66,7 +66,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
null,
"http://localhost:9080/", //oaURL
null,
- "http://localhost:3495/http-security-layer-request", null, null, null);
+ "http://localhost:3495/http-security-layer-request", null, null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -87,7 +87,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"file:" + findXmldata("AuthTemplate.html"),
null,
null,
- null, null);
+ null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -106,7 +106,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"gb", //target
null,
"http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
//assertEquals("",htmlForm);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -126,7 +126,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("http://localhost:8080/auth", //authURL
"gb", null, "http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -144,7 +144,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", null, "http://host_not_in_config/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -163,7 +163,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", null, null, //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -182,7 +182,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
null, null, "http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
index 6ebb3cf3e..d9cd13259 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -598,7 +598,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), false));
String vpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(), session.getTarget());
authData.setBPK(vpkBase64);
@@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
+ authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null);
authData.setSamlAssertion(samlAssertion);
return authData;
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
index a66e6072c..fab258e09 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -228,7 +228,7 @@ public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
String request =
"" +
+ DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" +
"";
Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 69f33f82c..8e38c7673 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -142,7 +142,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
null,
null,
null,
- null);
+ null, null);
String sessionID = parseSessionIDFromForm(htmlForm);
return sessionID;
}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index 052c1fed4..187f577a3 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase {
public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
AuthenticationServer server = AuthenticationServer.getInstance();
- String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null);
+ String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null, null);
String sessionID = parseSessionIDFromForm(htmlForm);
String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
HashMap parameters = new HashMap(1);
--
cgit v1.2.3