From 07b0306ca470cca10eecceab1a762f995b894fb0 Mon Sep 17 00:00:00 2001 From: kstranacher_eGovL Date: Fri, 13 Jul 2012 10:15:53 +0000 Subject: Integration of STORK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1286 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/util/Constants.java | 62 +++- .../at/gv/egovernment/moa/util/DateTimeUtils.java | 100 ++++++ .../at/gv/egovernment/moa/util/KeyStoreUtils.java | 54 ++++ .../at/gv/egovernment/moa/util/XPathUtils.java | 5 + .../schemas/MOA-ID-Configuration-1.5.2.xsd | 96 +++++- .../resources/schemas/MOA-SPSS-config-1.5.2.xsd | 2 + .../schemas/saml-schema-assertion-2.0.xsd | 290 ++++++++++++++++++ .../resources/schemas/saml-schema-metadata-2.0.xsd | 337 +++++++++++++++++++++ .../resources/schemas/saml-schema-protocol-2.0.xsd | 306 +++++++++++++++++++ .../schemas/stork-schema-assertion-1.0.xsd | 80 +++++ .../schemas/stork-schema-protocol-1.0.xsd | 73 +++++ .../resources/resources/schemas/xenc-schema.xsd | 150 +++++++++ 12 files changed, 1553 insertions(+), 2 deletions(-) create mode 100644 common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd create mode 100644 common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd create mode 100644 common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd create mode 100644 common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd create mode 100644 common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd create mode 100644 common/src/main/resources/resources/schemas/xenc-schema.xsd (limited to 'common/src/main') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 998bbf26f..c4f7eb3f3 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -285,6 +285,61 @@ public interface Constants { /** URI of the XAdES v1.4.1 namespace */ public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; + + /** URI of the SAML 2.0 namespace. */ + public static final String SAML2_NS_URI = + "urn:oasis:names:tc:SAML:2.0:assertion"; + + /** Prefix used for the SAML 2.0 XML namespace */ + public static final String SAML2_PREFIX = "saml2"; + + /** Local location of the SAML 2.0 XML schema definition. */ + public static final String SAML2_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd"; + + /** URI of the SAML 2.0 protocol namespace. */ + public static final String SAML2P_NS_URI = + "urn:oasis:names:tc:SAML:2.0:protocol"; + + /** Prefix used for the SAML 2.0 protocol XML namespace */ + public static final String SAML2P_PREFIX = "saml2p"; + + /** Local location of the SAML 2.0 protocol XML schema definition. */ + public static final String SAML2P_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd"; + + /** URI of the STORK namespace. */ + public static final String STORK_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:assertion"; + + /** Prefix used for the STORK XML namespace */ + public static final String STORK_PREFIX = "stork"; + + /** Local location of the STORK XML schema definition. */ + public static final String STORK_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd"; + + /** URI of the STORK protocol namespace. */ + public static final String STORKP_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:protocol"; + + /** Prefix used for the STORK protocol XML namespace */ + public static final String STORKP_PREFIX = "storkp"; + + /** Local location of the STORK protocol XML schema definition. */ + public static final String STORKP_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd"; + + /** URI of the XML Encryption namespace. */ + public static final String XENC_NS_URI = + "http://www.w3.org/2001/04/xmlenc#"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String XENC_PREFIX = "xenc"; + + /** Local location of the XML Encryption XML schema definition. */ + public static final String XENC_SCHEMA_LOCATION = + SCHEMA_ROOT + "xenc-schema.xsd"; /** * Contains all namespaces and local schema locations for XML schema @@ -310,7 +365,12 @@ public interface Constants { + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ") + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ") + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ") - + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION); + + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ") + + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ") + + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ") + + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION); /** URN prefix for bPK and wbPK. */ public static final String URN_PREFIX = "urn:publicid:gv.at"; diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index d70073db8..8d57f911a 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.util; import java.io.StringWriter; +import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Calendar; @@ -32,6 +33,10 @@ import java.util.Date; import java.util.GregorianCalendar; import java.util.TimeZone; +import org.joda.time.DateTime; +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; + /** * Utility for parsing and building XML type dateTime, * according to ISO 8601. @@ -396,5 +401,100 @@ public class DateTimeUtils { } } } + + /** + * Calculates the age if date of birth is given (for a calendar time stamp) + * @param dateOfBirth Date of Birth + * @param now Calendar time stamp at which the age needs to be calculated for + * @return Age of a person + */ + public static int calcAge(Calendar dateOfBirth, Calendar now) { + int age = now.get(Calendar.YEAR) - dateOfBirth.get(Calendar.YEAR); + + int nowM = now.get(Calendar.MONTH); + int dobM = dateOfBirth.get(Calendar.MONTH); + int nowDOM = now.get(Calendar.DAY_OF_MONTH); + int dobDOM = dateOfBirth.get(Calendar.DAY_OF_MONTH); + + if ((nowM < dobM) || ((nowM == dobM) && (nowDOM < dobDOM))) { + age--; + } + + if (age < 0) { + throw new IllegalArgumentException("Calculated age results in negative value."); + } + return age; + } + + /** + * Calculates the age if date of birth is given as Calendar object + * @param dateOfBirth Date of Birth as Calendar object + * @return Age of a person + */ + public static int calcAge(Calendar dateOfBirth) { + return calcAge(dateOfBirth, Calendar.getInstance()); + } + + /** + * Calculates the age if date of birth is given (for a date time stamp) + * @param dateOfBirth Date of Birth + * @param now Date time stamp at which the age needs to be calculated for + * @return Age of a person + */ + public static int calcAge(Date dateOfBirth, Date now) { + Calendar dob = Calendar.getInstance(); + dob.setTime(dateOfBirth); + Calendar nowCal = Calendar.getInstance(); + nowCal.setTime(now); + return calcAge(dob, nowCal); + } + + /** + * Calculates the age if date of birth is given as Date object + * @param dateOfBirth Date of Birth as Date object + * @return Age of a person + */ + public static int calcAge(Date dateOfBirth) { + return calcAge(dateOfBirth, new Date()); + } + + public static String formatPEPSDateToMOADate(String pepsDate) { + + if (StringUtils.isEmpty(pepsDate)) { + return null; + } + + DateTimeFormatter fmt = null; + + switch (pepsDate.length()) { + case 4: + fmt = DateTimeFormat.forPattern("yyyy"); + break; + case 6: + fmt = DateTimeFormat.forPattern("yyyyMM"); + break; + case 8: + fmt = DateTimeFormat.forPattern("yyyyMMdd"); + break; + default: + break; + } + + DateTime dt = fmt.parseDateTime(pepsDate); + DateTimeFormatter fmt2 = DateTimeFormat.forPattern("yyyy-MM-dd"); + return fmt2.print(dt); + + } + + /** + * Returns a date as String using a provided format + * @param format Format the date/time should be returned + * @return Date/Time as String formatted according the provided format + */ + public static String getDateTimeWithFormat(String format) { + DateFormat dateFormat = new SimpleDateFormat(format); + Date date = new Date(); + return dateFormat.format(date); + } } diff --git a/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java index 78fe8a345..9db3ca6e3 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java @@ -26,14 +26,19 @@ package at.gv.egovernment.moa.util; import iaik.x509.X509Certificate; +import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; +import java.security.cert.CertificateException; /** * Utility for creating and loading key stores. @@ -42,6 +47,18 @@ import java.security.cert.Certificate; * @version $Id$ */ public class KeyStoreUtils { + + /** + * JAVA KeyStore + */ + private static final String KEYSTORE_TYPE_JKS = "JKS"; + + /** + * PKCS12 KeyStore + */ + private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; + + /** * Loads a key store from file. @@ -154,5 +171,42 @@ public class KeyStoreUtils { in.close(); return cert; } + + + /** + * Loads a keyStore without knowing the keyStore type + * @param keyStorePath URL to the keyStore + * @param password Password protecting the keyStore + * @return keyStore loaded + * @throws KeyStoreException thrown if keyStore cannot be loaded + * @throws FileNotFoundException + * @throws IOException + */ + public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{ + + //InputStream is = new FileInputStream(keyStorePath); + URL keystoreURL = new URL(keyStorePath); + InputStream in = keystoreURL.openStream(); + InputStream isBuffered = new BufferedInputStream(in); + + isBuffered.mark(1024*1024); + KeyStore ks = null; + try { + try { + ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, isBuffered, password); + } catch (IOException e2) { + isBuffered.reset(); + ks = loadKeyStore(KEYSTORE_TYPE_JKS, isBuffered, password); + } + } catch(Exception e) { + e.printStackTrace(); + //throw new KeyStoreException(e); + } + return ks; + + } + + + } diff --git a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java index 7a72c0bfb..faa009b0e 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java @@ -82,6 +82,11 @@ public class XPathUtils { ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI); ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI); ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI); + ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI); + ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI); + ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI); + ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI); + ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI); NS_CONTEXT = ctx; } diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd index f78c3fc1e..c5f751061 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd @@ -1,8 +1,10 @@ - + + + @@ -287,6 +289,11 @@ Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + Verbindungsparameter zu den Country-PEPS (C-PEPS) + + @@ -458,6 +465,7 @@ + @@ -657,4 +665,90 @@ + + + Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung + + + + + + + + + Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response + + + + + + + + + Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält + + + + + + + + + + + + Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt + + + + + + + + + + + + + Enthält Informationen zu einem Citizen Country PEPS (C-PEPS) + + + + + + + + + + + + + Contains STORK related information + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd index 9fdaac33e..98659557c 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd @@ -163,6 +163,7 @@ + diff --git a/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd new file mode 100644 index 000000000..91706a8f5 --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,290 @@ + + + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd new file mode 100644 index 000000000..0d158c0ba --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,337 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd new file mode 100644 index 000000000..768241056 --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,306 @@ + + + + + + + + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd b/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd new file mode 100644 index 000000000..ecb001f68 --- /dev/null +++ b/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd b/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd new file mode 100644 index 000000000..a8efa533c --- /dev/null +++ b/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/xenc-schema.xsd b/common/src/main/resources/resources/schemas/xenc-schema.xsd new file mode 100644 index 000000000..d4519cd7a --- /dev/null +++ b/common/src/main/resources/resources/schemas/xenc-schema.xsd @@ -0,0 +1,150 @@ + + + + + + ]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3