From 4ccab7e5eb0843a490ab8292514e1d654f801ba6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 10 Dec 2013 16:17:40 +0100 Subject: stork OA config frontend --- id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 97f0d01c2..aef6aff24 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -302,6 +302,18 @@ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ + + +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %>

-- cgit v1.2.3 From f10baaa115823b8e0d2e6a736559467335a096df Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 10 Dec 2013 18:59:10 +0100 Subject: stork OA config persisted --- .../id/configuration/data/oa/OASTORKConfig.java | 33 ++++++++++++++++++++++ .../configuration/struts/action/EditOAAction.java | 16 +++++++++++ .../validation/oa/OASTORKConfigValidation.java | 1 + .../src/main/webapp/jsp/editOAGeneral.jsp | 4 +-- .../src/main/resources/config/moaid_config_2.0.xsd | 9 +++++- 5 files changed, 60 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 74edde653..1884fb808 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -1,5 +1,38 @@ package at.gv.egovernment.moa.id.configuration.data.oa; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + public class OASTORKConfig { + private boolean isStorkLogonEnabled = false; + + public OASTORKConfig() { + + } + + /** + * Parses the OA config for stork entities. + * + * @param dbOAConfig + * the db oa config + */ + public void parse(OnlineApplication dbOAConfig) { + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + OASTORK config = authdata.getOASTORK(); + if(config != null) { + setStorkLogonEnabled(config.isStorkLogonEnabled()); + } + } + } + + public boolean isStorkLogonEnabled() { + return isStorkLogonEnabled; + } + + public void setStorkLogonEnabled(boolean enabled) { + this.isStorkLogonEnabled = enabled; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index fc66eede4..d5a50836a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -102,6 +103,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, private OASSOConfig ssoOA = new OASSOConfig(); private OAOAuth20Config oauth20OA = new OAOAuth20Config(); private OASTORKConfig storkOA; + private OASTORKConfig storkOA = new OASTORKConfig(); private FormularCustomization formOA = new FormularCustomization(); private InputStream stream; @@ -160,6 +162,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, saml1OA.parse(onlineapplication); oauth20OA.parse(onlineapplication); session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + storkOA.parse(onlineapplication); Map map = new HashMap(); map.putAll(FormBuildUtils.getDefaultMap()); @@ -952,6 +956,18 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); + try { if (newentry) { ConfigurationDBUtils.save(dboa); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 76183caad..d12d918bd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -10,6 +10,7 @@ public class OASTORKConfigValidation { List errors = new ArrayList(); + // we only have a checkbox for now, so no need to validate anything here return errors; } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index aef6aff24..3234c6a86 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -305,8 +305,8 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

- - + @@ -917,6 +917,13 @@ + + + + + + + -- cgit v1.2.3 From 83773a3597dfccbf16c8265fa3ef9019706a3461 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 12 Dec 2013 12:23:55 +0100 Subject: peps list in general config --- .../id/configuration/data/GeneralStorkConfig.java | 43 ++++++++++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 24 +++++++++++- .../main/resources/applicationResources.properties | 3 ++ .../src/main/webapp/jsp/editMOAConfig.jsp | 18 +++++++++ 4 files changed, 87 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index d0b108e1e..51c6e8aa4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -1,5 +1,48 @@ package at.gv.egovernment.moa.id.configuration.data; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; + public class GeneralStorkConfig { + private List cpepslist; + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork != null) { + // deep clone to foreclose lazyloading session timeouts + cpepslist = new ArrayList(); + for(CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } + } + } + } + } + } + + public List getCpepslist() { + return cpepslist; + } + + public void setCpepslist(List cpepslist) { + this.cpepslist = cpepslist; + } + + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 61ab3cecd..b4ae27c6a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -48,6 +48,7 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; +import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.util.Random; @@ -65,7 +66,8 @@ public class EditGeneralConfigAction extends ActionSupport private AuthenticatedUser authUser; private GeneralMOAIDConfig moaconfig; - + private GeneralStorkConfig storkconfig; + private String formID; public String loadConfig() { @@ -84,6 +86,8 @@ public class EditGeneralConfigAction extends ActionSupport moaconfig = new GeneralMOAIDConfig(); moaconfig.parse(dbconfig); + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); ConfigurationDBUtils.closeSession(); @@ -531,6 +535,24 @@ public class EditGeneralConfigAction extends ActionSupport public void setMoaconfig(GeneralMOAIDConfig moaconfig) { this.moaconfig = moaconfig; } + + /** + * Gets the storkconfig. + * + * @return the storkconfig + */ + public GeneralStorkConfig getStorkconfig() { + return storkconfig; + } + + /** + * Sets the storkconfig. + * + * @param storkconfig the new storkconfig + */ + public void setStorkconfig(GeneralStorkConfig storkconfig) { + this.storkconfig = storkconfig; + } /** * @return the formID diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index fa955e944..5751783ae 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -224,6 +224,9 @@ webpages.oaconfig.sso.usesso=Single Sign-On verwenden webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed webpages.oaconfig.stork.usestork=STORK Logon aktivieren +webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration +webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren +webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..52fc79b68 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -226,6 +226,24 @@
+
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

+ + + + + + + + + + + +
Country ShortcodePEPS URL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='var target = document.getElementById("template"); var clone = target.cloneNode(true); clone.style=""; target.parentNode.appendChild(clone);' /> +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

-- cgit v1.2.3 From 9c46233d2fc5f81908addac6a5ec28046a1bc618 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Dec 2013 08:24:53 +0100 Subject: peps list commitable --- .../egovernment/moa/id/configuration/data/GeneralStorkConfig.java | 7 ++----- id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 6 +++--- 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 51c6e8aa4..41d19d116 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -39,10 +39,7 @@ public class GeneralStorkConfig { return cpepslist; } - public void setCpepslist(List cpepslist) { - this.cpepslist = cpepslist; + public void setCpepslist(List list) { + this.cpepslist = list; } - - - } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 52fc79b68..686b10c12 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -231,9 +231,9 @@

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

- - - + + + -- cgit v1.2.3 From 9786de6a3b5886437d23d9cce06ae76ab440ff51 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Dec 2013 09:13:50 +0100 Subject: new peps list entry can be created --- id/ConfigWebTool/src/main/webapp/js/common.js | 11 ++++++++++- id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 8 ++------ 2 files changed, 12 insertions(+), 7 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index ff9509895..e6fcdf977 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -177,4 +177,13 @@ function oaOnLoad() { ); return true; -} \ No newline at end of file +} +function newPeps() { + var target = $(document.getElementById("stork_pepslist").getElementsByTagName("tr")).last()[0]; + var clone = target.cloneNode(true); + var lastindex = parseInt(clone.innerHTML.match(/name="storkconfig.cpepslist\[(\d)/)[1]); + var nextindex = lastindex + 1; + clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.cpepslist\[\d/g, 'name="storkconfig.cpepslist[' + nextindex); + clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); + target.parentNode.appendChild(clone); +} diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 686b10c12..1b87ffc57 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -229,19 +229,15 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

-
Country ShortcodePEPS URL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+
- - - -
Country ShortcodePEPS URL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- " onclick='var target = document.getElementById("template"); var clone = target.cloneNode(true); clone.style=""; target.parentNode.appendChild(clone);' /> + " onclick='newPeps();' />
-- cgit v1.2.3 From 999756bd381ec4d81db7db7bb59863ad549d69b0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 17 Dec 2013 13:52:47 +0100 Subject: default qaa and attributes persisted and validated --- .../id/configuration/data/GeneralStorkConfig.java | 44 +++++++++++++++++++++- .../struts/action/EditGeneralConfigAction.java | 4 +- .../validation/moaconfig/StorkConfigValidator.java | 23 +++++++++++ .../main/resources/applicationResources.properties | 4 ++ .../src/main/webapp/jsp/editMOAConfig.jsp | 10 +++++ 5 files changed, 83 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 41d19d116..f270ab624 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -3,15 +3,20 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import edu.emory.mathcs.backport.java.util.Arrays; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; public class GeneralStorkConfig { private List cpepslist; + private List attributes; + private int qaa; public void parse(MOAIDConfiguration config) { @@ -29,6 +34,19 @@ public class GeneralStorkConfig { for(CPEPS current : stork.getCPEPS()) { cpepslist.add(current); } + + RequestedAttributesType tmp = stork.getRequestedAttributes(); + if(null != tmp) { + attributes = new ArrayList(); + for(String current : tmp.getAttributeValue()) + attributes.add(current); + } + + try { + qaa = stork.getQualityAuthenticationAssuranceLevel(); + } catch(NullPointerException e) { + qaa = 4; + } } } } @@ -40,6 +58,30 @@ public class GeneralStorkConfig { } public void setCpepslist(List list) { - this.cpepslist = list; + cpepslist = list; + } + + public RequestedAttributesType getRequestedAttributesType() { + RequestedAttributesType tmp = new RequestedAttributesType(); + tmp.setAttributeValue(attributes); + return tmp; + } + + public String getDefaultAttributes() { + return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + } + + public void setDefaultAttributes(String attributes) { + this.attributes = new ArrayList(); + for(String current : attributes.split(",")) + this.attributes.add(current.trim()); + } + + public int getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(int qaa) { + this.qaa = qaa; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 092dd5613..72da0b59f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -397,11 +397,13 @@ public class EditGeneralConfigAction extends ActionSupport if (oldstork != null) oldstork = new STORK(); + oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + oldstork.setRequestedAttributes(storkconfig.getRequestedAttributesType()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); } } - + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); if (dbmandate == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 91d5ecabd..4ee247695 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -55,6 +55,29 @@ public class StorkConfigValidator { } } + // check qaa + int qaa = form.getDefaultQaa(); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa} )); + } + + // check attributes + String check = form.getDefaultAttributes(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check} )); + } + } + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index f79b5a286..2dacf14a2 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -227,6 +227,8 @@ webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen +webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden +webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren @@ -373,6 +375,8 @@ validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifie validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 +validation.stork.qaa.outofrange=Gültige QAA Werte sind 1, 2, 3, und 4 validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 1b87ffc57..df6a43e7a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,6 +228,16 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

-- cgit v1.2.3 From 1bb655bbb372f069e907c6ddcc40a43ca1f36e09 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 19 Dec 2013 11:01:44 +0100 Subject: OA qaa and attributes gui --- .../src/main/resources/applicationResources.properties | 4 +++- id/ConfigWebTool/src/main/webapp/js/common.js | 7 +++++++ id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 16 ++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 2dacf14a2..0ac4b2cbc 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -229,6 +229,8 @@ webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen +webpages.moaconfig.stork.requestedattributes=Attribute, die von STORK angefordert werden +webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren @@ -401,4 +403,4 @@ validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr F validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert. -validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} \ No newline at end of file +validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index e6fcdf977..b07b31205 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -22,6 +22,13 @@ function oaSSOService() { } } +function oaStork() { + if ($('#OAuseSTORKLogon').attr('checked') == 'checked') { + $('#stork_block').css('display', "block"); + } else { + $('#stork_block').css('display', "none"); + } +} function oaSAML1() { if ($('#oa_saml1_area').css('display') == "block") { $('#oa_saml1_area').css('display', "none"); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 3234c6a86..d12a47b9e 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -310,8 +310,20 @@ labelposition="left" key="webpages.oaconfig.stork.usestork" cssClass="checkbox" - id="OAuseSTORKLogon"> - + onclick="oaStork();" + id="OAuseSTORKLogon" /> +
+ + +
-- cgit v1.2.3 From 7c39d9e0cff15a87678bf68d6d754ee1e720ca12 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 13:48:06 +0100 Subject: attr table in global config --- .../id/configuration/data/GeneralStorkConfig.java | 11 ++++------ .../validation/moaconfig/StorkConfigValidator.java | 25 +++++++++++++--------- .../main/resources/applicationResources.properties | 4 ++-- .../src/main/webapp/jsp/editMOAConfig.jsp | 13 ++++++----- 4 files changed, 29 insertions(+), 24 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 8b527aa8f..695caa3fd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; @@ -66,14 +65,12 @@ public class GeneralStorkConfig { return tmp; } - public String getDefaultAttributes() { - return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + public List getAttributes() { + return attributes; } - public void setDefaultAttributes(String attributes) { - this.attributes = new ArrayList(); - for(String current : attributes.split(",")) - this.attributes.add(current.trim()); + public void setAttributes(List attributes) { + this.attributes = attributes; } public int getDefaultQaa() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 730466e15..cc5d0f2c4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -64,18 +64,23 @@ public class StorkConfigValidator { } // check attributes - String check = form.getDefaultAttributes(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); - } - if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { - log.warn("default attributes do not match the requested format : " + check); + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for(String check : form.getAttributes()) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + if(!check.toLowerCase().matches("^[a-z0-9]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check} )); + } } + } else { + log.warn("no attributes specified"); + errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", + new Object[] {} )); } return errors; diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 0ac4b2cbc..14f282c85 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -227,9 +227,8 @@ webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen -webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen -webpages.moaconfig.stork.requestedattributes=Attribute, die von STORK angefordert werden +webpages.moaconfig.stork.attributes.heading=Attributkonfiguration webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration @@ -379,6 +378,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 validation.stork.qaa.outofrange=Gültige QAA Werte sind 1, 2, 3, und 4 +validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index df6a43e7a..aff2028ac 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,11 +228,6 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

-
Country ShortcodePEPS URL
" onclick='newPeps();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

+ + + + + + +
Attribute Name
-- cgit v1.2.3 From 3da3836bcd77a23ca00df2bdb088e63b47cc6499 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 15:07:32 +0100 Subject: mandatory field in global config --- .../id/configuration/data/GeneralStorkConfig.java | 23 +++++++++------------- .../struts/action/EditGeneralConfigAction.java | 2 +- .../validation/moaconfig/StorkConfigValidator.java | 7 ++++--- .../src/main/webapp/jsp/editMOAConfig.jsp | 7 ++++--- .../src/main/resources/config/moaid_config_2.0.xsd | 17 ++++++++-------- 5 files changed, 27 insertions(+), 29 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 695caa3fd..854334bed 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -7,13 +7,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; public class GeneralStorkConfig { private List cpepslist; - private List attributes; + private List attributes; private int qaa; public void parse(MOAIDConfiguration config) { @@ -27,16 +27,17 @@ public class GeneralStorkConfig { if (foreign != null) { STORK stork = foreign.getSTORK(); if (stork != null) { - // deep clone to foreclose lazyloading session timeouts + // deep clone all the things + // to foreclose lazyloading session timeouts cpepslist = new ArrayList(); for(CPEPS current : stork.getCPEPS()) { cpepslist.add(current); } - RequestedAttributesType tmp = stork.getRequestedAttributes(); + List tmp = stork.getRequestedAttributes(); if(null != tmp) { - attributes = new ArrayList(); - for(String current : tmp.getAttributeValue()) + attributes = new ArrayList(); + for(StorkAttribute current : tmp) attributes.add(current); } @@ -59,17 +60,11 @@ public class GeneralStorkConfig { cpepslist = list; } - public RequestedAttributesType getRequestedAttributesType() { - RequestedAttributesType tmp = new RequestedAttributesType(); - tmp.setAttributeValue(attributes); - return tmp; - } - - public List getAttributes() { + public List getAttributes() { return attributes; } - public void setAttributes(List attributes) { + public void setAttributes(List attributes) { this.attributes = attributes; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 72da0b59f..1de440506 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -398,7 +398,7 @@ public class EditGeneralConfigAction extends ActionSupport oldstork = new STORK(); oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); - oldstork.setRequestedAttributes(storkconfig.getRequestedAttributesType()); + oldstork.setRequestedAttributes(storkconfig.getAttributes()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index cc5d0f2c4..318b3b3e7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -5,6 +5,7 @@ import java.util.List; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; @@ -65,13 +66,13 @@ public class StorkConfigValidator { // check attributes if (MiscUtil.isNotEmpty(form.getAttributes())) { - for(String check : form.getAttributes()) { - if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + for(StorkAttribute check : form.getAttributes()) { + if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) { log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); } - if(!check.toLowerCase().matches("^[a-z0-9]*$")) { + if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) { log.warn("default attributes do not match the requested format : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {check} )); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index aff2028ac..078e5f681 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -245,9 +245,10 @@ " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- - - + + + +
Attribute Name
Attribute NameMandatory
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 9700b0a4f..b1834fc96 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -49,7 +49,7 @@ - + possibility to include common austrian primary keys in human readable way, english translation not available @@ -79,12 +79,13 @@ - + - + + - + @@ -853,7 +854,7 @@ - + @@ -922,10 +923,10 @@ - + - + @@ -989,7 +990,7 @@ - + -- cgit v1.2.3 From c26721de9136104520fd0ce9e8aba91b480a4bb9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 15:12:46 +0100 Subject: new attribute button --- .../src/main/resources/applicationResources.properties | 1 + id/ConfigWebTool/src/main/webapp/js/common.js | 9 +++++++++ id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 14f282c85..712c8f56b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -229,6 +229,7 @@ webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.moaconfig.stork.attributes.heading=Attributkonfiguration +webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index b07b31205..774bffd8d 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -194,3 +194,12 @@ function newPeps() { clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); } +function newStorkAttribute() { + var target = $(document.getElementById("stork_attributelist").getElementsByTagName("tr")).last()[0]; + var clone = target.cloneNode(true); + var lastindex = parseInt(clone.innerHTML.match(/name="storkconfig.attributes\[(\d)/)[1]); + var nextindex = lastindex + 1; + clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.attributes\[\d/g, 'name="storkconfig.attributes[' + nextindex); + clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); + target.parentNode.appendChild(clone); +} \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 078e5f681..0f8ec5f1b 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -244,7 +244,7 @@ " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- +
@@ -252,6 +252,7 @@
Attribute NameMandatory
+ " onclick='newStorkAttribute();' />
-- cgit v1.2.3 From 6ef9296d79741b455530f70262003fefd51ee85c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 15:17:56 +0100 Subject: i18n --- .../moa/id/configuration/data/StorkAttributes.java | 28 ---------------------- .../main/resources/applicationResources.properties | 3 +++ .../src/main/webapp/jsp/editMOAConfig.jsp | 4 ++-- 3 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java deleted file mode 100644 index b1857aea1..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.gv.egovernment.moa.id.configuration.data; - -public class StorkAttributes { - - - public AttributValues eIdentifier; - - - public void parse() { - eIdentifier = AttributValues.MANDATORY; - } - - - public enum AttributValues { - MANDATORY, OPTIONAL, NOT; - - public String getValue() { - if (this == MANDATORY) - return MANDATORY.name(); - if (this == OPTIONAL) - return OPTIONAL.name(); - else - return NOT.name(); - } - } - -} - diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 712c8f56b..8691ab8ae 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -230,6 +230,9 @@ webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.moaconfig.stork.attributes.heading=Attributkonfiguration webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen +webpages.moaconfig.stork.attributes.heading.name=Attributname +webpages.moaconfig.stork.attributes.heading.mandatory=zwingend +webpages.moaconfig.stork.attributes.remove=l\u00F6schen webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 0f8ec5f1b..a86daf699 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -245,11 +245,11 @@ " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- + - +
Attribute NameMandatory
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='newStorkAttribute();' /> -- cgit v1.2.3 From fb6e40832df5182ae1ebd7555583caed174e8776 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 17:25:38 +0100 Subject: oa attr configuration revisited --- .../id/configuration/data/oa/AttributeHelper.java | 61 ++++++++++++++++++++++ .../id/configuration/data/oa/OASTORKConfig.java | 56 +++++++++++++------- .../configuration/struts/action/EditOAAction.java | 2 +- .../validation/oa/OASTORKConfigValidation.java | 17 ------ .../src/main/webapp/jsp/editOAGeneral.jsp | 15 ++++-- .../src/main/resources/config/moaid_config_2.0.xsd | 11 +++- 6 files changed, 117 insertions(+), 45 deletions(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java new file mode 100644 index 000000000..1590918c6 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; + +public class AttributeHelper { + private boolean isUsed = false; + private String name; + private boolean mandatory; + private boolean readonly; + + public AttributeHelper() { + // TODO Auto-generated constructor stub + } + + public AttributeHelper(OAStorkAttribute attribute) { + isUsed = true; + name = attribute.getAttribute().getName(); + mandatory = attribute.isMandatory(); + readonly = attribute.getAttribute().isMandatory(); + } + + public AttributeHelper(StorkAttribute attribute) { + name = attribute.getName(); + mandatory = false; + readonly = attribute.isMandatory(); + isUsed = readonly; + } + + public boolean isUsed() { + return isUsed; + } + + public void setUsed(boolean used) { + isUsed = used; + } + + public String getName() { + return name; + } + + public void setName(String newname) { + name = newname; + } + + public boolean isMandatory() { + return mandatory; + } + + public void setMandatory(boolean value) { + mandatory = value; + } + + public boolean isReadOnly() { + return readonly; + } + + public void setReadOnly(boolean value) { + // we do not allow setting the readonly field + } +} \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index f6fc4416f..42501b4d1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -1,20 +1,21 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; public class OASTORKConfig { private boolean isStorkLogonEnabled = false; private int qaa; - private List attributes; + + private List attributes; public OASTORKConfig() { @@ -40,13 +41,20 @@ public class OASTORKConfig { setQaa(ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel()); } - RequestedAttributesType tmp = config.getAttributes(); - if(null == tmp) - // if there is no configuration available for the OA, get the default attributes - tmp = ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes(); - attributes = new ArrayList(); - for(String current : tmp.getAttributeValue()) - attributes.add(current); + // prepare attribute helper list + attributes = new ArrayList(); + for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes()) { + AttributeHelper tmp = null; + + for(OAStorkAttribute sepp : config.getAttributes()) + if(sepp.getAttribute().equals(current)) + tmp = new AttributeHelper(sepp); + + if(null == tmp) + tmp = new AttributeHelper(current); + + attributes.add(tmp); + } } } } @@ -67,19 +75,27 @@ public class OASTORKConfig { this.qaa = qaa; } - public RequestedAttributesType getRequestedAttributesType() { - RequestedAttributesType tmp = new RequestedAttributesType(); - tmp.setAttributeValue(attributes); - return tmp; + public List getAttributes() { + List result = new ArrayList(); + for(AttributeHelper current : getHelperAttributes()) { + if(current.isUsed()) { + OAStorkAttribute tmp = new OAStorkAttribute(); + for(StorkAttribute currentAttribute : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes()) + if(currentAttribute.getName().equals(current.getName())) + tmp.setAttribute(currentAttribute); + tmp.setMandatory(current.isMandatory()); + result.add(tmp); + } + } + + return result; } - public String getAttributes() { - return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + public List getHelperAttributes() { + return attributes; } - public void setAttributes(String attributes) { - this.attributes = new ArrayList(); - for(String current : attributes.split(",")) - this.attributes.add(current.trim()); + public void setHelperAttributes(List attributes) { + this.attributes = attributes; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 466feba23..59d5f7302 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -968,7 +968,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, // transfer the incoming data to the database model stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); stork.setQaa(storkOA.getQaa()); - stork.setAttributes(storkOA.getRequestedAttributesType()); + stork.setAttributes(storkOA.getAttributes()); try { if (newentry) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 31cf7bcee..71b3857c3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -7,8 +7,6 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.util.MiscUtil; public class OASTORKConfigValidation { @@ -26,21 +24,6 @@ public class OASTORKConfigValidation { new Object[] {qaa} )); } - // check attributes - String check = oageneral.getAttributes(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { - log.warn("attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); - } - if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { - log.warn("attributes do not match the requested format : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check} )); - } - } - return errors; } } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index d12a47b9e..57728845c 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -313,16 +313,21 @@ onclick="oaStork();" id="OAuseSTORKLogon" />
- +

Attributes

+ + + + + + + + +
verwendetAttributnamemandatory
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index b1834fc96..6972b031c 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -49,7 +49,7 @@ - + possibility to include common austrian primary keys in human readable way, english translation not available @@ -923,8 +923,8 @@ - + @@ -993,4 +993,11 @@ + + + + + + + -- cgit v1.2.3 From 21c26bc3ead6ca414179268056bfc11006c5efe3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 17:34:03 +0100 Subject: global mandatory attr cannot be deselected for OA --- id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 57728845c..413298724 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -322,7 +322,7 @@ - + -- cgit v1.2.3 From 7fb3ae0e4922ec76e998937b771df244574be394 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 14 Jan 2014 13:45:24 +0100 Subject: refactored stork-related database structure --- .../id/configuration/data/GeneralStorkConfig.java | 4 +++- .../id/configuration/data/oa/AttributeHelper.java | 3 +-- .../id/configuration/data/oa/OASTORKConfig.java | 28 +++++++++++++--------- .../struts/action/EditGeneralConfigAction.java | 2 +- .../configuration/struts/action/EditOAAction.java | 2 +- .../src/main/webapp/jsp/editOAGeneral.jsp | 7 +++--- .../src/main/resources/config/moaid_config_2.0.xsd | 15 ++++++------ 7 files changed, 34 insertions(+), 27 deletions(-) (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 854334bed..ce4803978 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -34,12 +34,14 @@ public class GeneralStorkConfig { cpepslist.add(current); } - List tmp = stork.getRequestedAttributes(); + List tmp = stork.getAttributes(); if(null != tmp) { attributes = new ArrayList(); for(StorkAttribute current : tmp) attributes.add(current); } + if(attributes.isEmpty()) + attributes.add(new StorkAttribute()); try { qaa = stork.getQualityAuthenticationAssuranceLevel(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java index 1590918c6..349f3bf4a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java @@ -15,9 +15,8 @@ public class AttributeHelper { public AttributeHelper(OAStorkAttribute attribute) { isUsed = true; - name = attribute.getAttribute().getName(); + name = attribute.getName(); mandatory = attribute.isMandatory(); - readonly = attribute.getAttribute().isMandatory(); } public AttributeHelper(StorkAttribute attribute) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 42501b4d1..10ebbe112 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -43,11 +43,11 @@ public class OASTORKConfig { // prepare attribute helper list attributes = new ArrayList(); - for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes()) { + for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { AttributeHelper tmp = null; - for(OAStorkAttribute sepp : config.getAttributes()) - if(sepp.getAttribute().equals(current)) + for(OAStorkAttribute sepp : config.getOAAttributes()) + if(sepp.getName().equals(current.getName())) tmp = new AttributeHelper(sepp); if(null == tmp) @@ -77,15 +77,21 @@ public class OASTORKConfig { public List getAttributes() { List result = new ArrayList(); + + if(null == getHelperAttributes()) + return result; + for(AttributeHelper current : getHelperAttributes()) { - if(current.isUsed()) { - OAStorkAttribute tmp = new OAStorkAttribute(); - for(StorkAttribute currentAttribute : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getRequestedAttributes()) - if(currentAttribute.getName().equals(current.getName())) - tmp.setAttribute(currentAttribute); - tmp.setMandatory(current.isMandatory()); - result.add(tmp); - } + for(StorkAttribute currentAttribute : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) + if(currentAttribute.getName().equals(current.getName())) { + if(current.isUsed() || currentAttribute.isMandatory()) { + OAStorkAttribute tmp = new OAStorkAttribute(); + tmp.setName(current.getName()); + tmp.setMandatory(current.isMandatory()); + result.add(tmp); + } + break; + } } return result; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 1de440506..1c0cc5c89 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -398,7 +398,7 @@ public class EditGeneralConfigAction extends ActionSupport oldstork = new STORK(); oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); - oldstork.setRequestedAttributes(storkconfig.getAttributes()); + oldstork.setAttributes(storkconfig.getAttributes()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 59d5f7302..ca027e578 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -968,7 +968,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, // transfer the incoming data to the database model stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); stork.setQaa(storkOA.getQaa()); - stork.setAttributes(storkOA.getAttributes()); + stork.setOAAttributes(storkOA.getAttributes()); try { if (newentry) { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 413298724..b58b997ec 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -322,10 +322,9 @@
verwendetAttributnamemandatory
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- - - - + + +
verwendetAttributnamemandatory
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 6972b031c..3ed7c936a 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -72,8 +72,6 @@ - - @@ -85,7 +83,6 @@ - @@ -853,8 +850,10 @@ - - + + + + @@ -924,7 +923,7 @@ - + @@ -996,8 +995,10 @@ - + + + -- cgit v1.2.3 From d4a8d57e4cd10fc7e427f936983ae7c28aa6eab2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Jan 2014 15:03:56 +0100 Subject: add functionality for global authentication protocol activation/deactivation --- .../id/configuration/data/GeneralMOAIDConfig.java | 64 +++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 19 +++++ .../main/resources/applicationResources.properties | 2 + id/ConfigWebTool/src/main/webapp/css/index.css | 23 ++++-- .../src/main/webapp/jsp/editMOAConfig.jsp | 28 ++++++- .../auth/exception/ProtocolNotActiveException.java | 44 +++++++++++ .../id/config/auth/AuthConfigurationProvider.java | 22 +++++- .../moa/id/config/auth/data/ProtocolAllowed.java | 91 ++++++++++++++++++++++ .../moa/id/entrypoints/DispatcherServlet.java | 18 ++++- .../oauth20/protocol/OAuth20Protocol.java | 9 +++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 10 +++ .../moa/id/protocols/saml1/SAML1Protocol.java | 8 ++ .../resources/properties/id_messages_de.properties | 3 +- .../src/main/resources/config/moaid_config_2.0.xsd | 15 +++- 14 files changed, 339 insertions(+), 17 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 4da4d3907..c6b9b984a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -40,10 +40,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -81,6 +83,10 @@ public class GeneralMOAIDConfig { private String mandateURL = null; + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + private boolean legacy_saml1 = false; private boolean legacy_pvp2 = false; @@ -205,8 +211,23 @@ public class GeneralMOAIDConfig { legacy_pvp2 = true; } + SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + + } + + OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = saml1.isIsActive(); + + } + PVP2 pvp2 = protocols.getPVP2(); if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + pvp2PublicUrlPrefix = pvp2.getPublicURLPrefix(); pvp2IssuerName = pvp2.getIssuerName(); @@ -850,6 +871,49 @@ public class GeneralMOAIDConfig { this.fileUploadFileName = new ArrayList(); this.fileUploadFileName.add(fileUploadFileName); } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index f1a8c8694..362579c9f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -53,10 +53,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -271,11 +273,28 @@ public class EditGeneralConfigAction extends ActionSupport el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); legprot.setProtocolName(el); + SAML1 saml1= dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + OAuth oauth= dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + PVP2 pvp2 = dbprotocols.getPVP2(); if (pvp2 == null) { pvp2 = new PVP2(); dbprotocols.setPVP2(pvp2); } + + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 456c37ff1..454175125 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -124,9 +124,11 @@ webpages.moaconfig.sso.FriendlyName=SSO Service Name webpages.moaconfig.services.sso.Target=SSO Service Target webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren webpages.moaconfig.protocols.legacy.saml1=SAML1 webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 14591f1dc..79f8b4e72 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -1,10 +1,14 @@ @CHARSET "UTF-8"; +body { + font-size: 1em; +} + #header_area { padding-bottom: 10px; background-color: #6FA5D4; display: block; - font-size: 20px; + font-size: 1.2em; /* margin-left: 25px; */ padding-top: 10px; padding-left: 25px; @@ -12,7 +16,7 @@ } #header_area>div { - font-size: 20px; + font-size: 1.2em; margin-left: 25px; padding-top: 8px; } @@ -69,7 +73,7 @@ .menu_element { margin-top: 15px; margin-bottom: 15px; - font-size: 20px; + font-size: 1.2em; display: block; /* background-color: red; */ background-color: #6FA5D4; @@ -96,7 +100,7 @@ } #message_area label { - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -105,7 +109,7 @@ } #error_area label{ - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -220,6 +224,11 @@ margin-left: 10px; } +#moageneral_active_protocol>.wwgrp { + float: left; + clear: none; +} + #moageneral_legacy_protocol>.wwgrp { clear: none; } @@ -318,7 +327,7 @@ div .wwgrp br { border-bottom-style: none; display: table-header-group; font-weight: bold; - font-size: 18px; + font-size: 1.1em; } .listFirst { @@ -371,7 +380,7 @@ div .wwgrp br { padding-left: 30px; position: relative; top: 15px; - font-size: 20px; + font-size: 1.2em; text-align: center; padding-top: 10px; border-radius: 3px; diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..de2548535 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,7 +228,31 @@

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

- + +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.allowed.header", request) %>

+ + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.legacy.header", request) %>

+
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java new file mode 100644 index 000000000..fe2bcedca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class ProtocolNotActiveException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 1832697083163940710L; + + /** + * @param messageId + * @param parameters + */ + public ProtocolNotActiveException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 69a73215a..d1872b2bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -105,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; @@ -190,6 +191,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static String alternativesourceid = null; private static List legacyallowedprotocols = new ArrayList(); + private static ProtocolAllowed allowedProtcols = null; private static VerifyAuthBlock verifyidl = null; @@ -246,6 +248,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return instance; } + /** * Constructor for AuthConfigurationProvider. * @param fileName @@ -515,8 +518,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //set PVP2 general config Protocols protocols = auth.getProtocols(); if (protocols != null) { + + allowedProtcols = new ProtocolAllowed(); + + if (protocols.getSAML1() != null) { + allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + } + + if (protocols.getOAuth() != null) { + allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); + } + if (protocols.getPVP2() != null) { - PVP2 el = protocols.getPVP2();; + PVP2 el = protocols.getPVP2(); + + allowedProtcols.setPVP21Active(el.isIsActive()); + pvp2general = new PVP2(); pvp2general.setIssuerName(el.getIssuerName()); pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); @@ -730,6 +747,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return this.getGeneralProperiesConfig("protocols.oauth20."); } + public ProtocolAllowed getAllowedProtocols() { + return this.allowedProtcols; + } public PVP2 getGeneralPVP2DBConfig() { return pvp2general; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java new file mode 100644 index 000000000..a04fb1626 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java @@ -0,0 +1,91 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +/** + * @author tlenz + * + */ +public class ProtocolAllowed { + + private boolean isSAML1Active = false; + private boolean isPVP21Active = true; + private boolean isOAUTHActive = true; + + /** + * + */ + public ProtocolAllowed() { + + } + + /** + * + */ + public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { + this.isOAUTHActive = oauth; + this.isPVP21Active = pvp21; + this.isSAML1Active = saml1; + + } + + /** + * @return the isSAML1Active + */ + public boolean isSAML1Active() { + return isSAML1Active; + } + /** + * @param isSAML1Active the isSAML1Active to set + */ + public void setSAML1Active(boolean isSAML1Active) { + this.isSAML1Active = isSAML1Active; + } + /** + * @return the isPVP21Active + */ + public boolean isPVP21Active() { + return isPVP21Active; + } + /** + * @param isPVP21Active the isPVP21Active to set + */ + public void setPVP21Active(boolean isPVP21Active) { + this.isPVP21Active = isPVP21Active; + } + /** + * @return the isOAUTHActive + */ + public boolean isOAUTHActive() { + return isOAUTHActive; + } + /** + * @param isOAUTHActive the isOAUTHActive to set + */ + public void setOAUTHActive(boolean isOAUTHActive) { + this.isOAUTHActive = isOAUTHActive; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 260a4fd79..1f526caca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -28,6 +28,7 @@ import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; import java.io.IOException; +import java.io.PrintWriter; import java.security.Security; import java.util.Iterator; import java.util.Map; @@ -45,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -317,20 +319,28 @@ public class DispatcherServlet extends AuthServlet{ } } } + + } catch (ProtocolNotActiveException e) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + return; + + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } if (protocolRequest == null) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 1fb67a0b2..7ef5a2068 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -77,6 +79,13 @@ public class OAuth20Protocol implements IModulInfo { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isOAUTHActive()) { + Logger.info("OAuth is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); Logger.debug("Created: " + res); return res; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 82a620f6b..84c0138a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -47,6 +47,8 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -129,6 +131,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + if(METADATA.equals(action)) { return new PVPTargetConfiguration(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 1c57c841e..e587ef0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; @@ -81,6 +82,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { RequestImpl config = new RequestImpl(); + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { + Logger.info("SAML1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + String oaURL = (String) request.getParameter(PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3151aa657..dc698782a 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -40,6 +40,7 @@ auth.18=Keine MOASessionID vorhanden auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden. auth.20=No valid MOA session found. Authentification process is abourted. auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. +auth.22=Das Protokoll {0} ist deaktiviert. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar @@ -227,5 +228,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt oauth20.05=Der angegebene Benutzer ist nicht berechtigt oauth20.06=Die angegebene OA kann nicht verwendet werden oauth20.07=Angeforderter grant_type ist nicht erlaubt -oauth20.08=Nicht berechtigt für Token-Request +oauth20.08=Nicht berechtigt fïż½r Token-Request oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}" diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 481f12091..e93cb5cc8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -281,7 +281,11 @@ - + + + + + @@ -298,6 +302,12 @@ + + + + + + @@ -873,7 +883,6 @@ - @@ -900,7 +909,7 @@ - + -- cgit v1.2.3 From ef35deb727190363d17d693d10f27171787cc92c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 3 Feb 2014 15:38:24 +0100 Subject: Solve some merge problems --- .../id/configuration/auth/pvp2/Authenticate.java | 2 + .../src/main/webapp/jsp/editOAGeneral.jsp | 2 +- id/oa/pom.xml | 2 +- .../moa/id/demoOA/servlet/pvp2/Authenticate.java | 2 + id/server/idserverlib/pom.xml | 43 +- .../moa/id/auth/AuthenticationServer.java | 7 +- .../moa/id/auth/data/AuthenticationSession.java | 31 +- .../moa/id/auth/servlet/GetForeignIDServlet.java | 4 + .../id/auth/servlet/GetMISSessionIDServlet.java | 4 + .../moa/id/auth/servlet/PEPSConnectorServlet.java | 14 + .../moa/id/auth/stork/CredentialProvider.java | 72 -- .../id/auth/stork/KeyStoreCredentialProvider.java | 148 ---- .../auth/stork/PEPSConnectorAssertionVerifier.java | 263 ------- .../auth/stork/PEPSConnectorResponseVerifier.java | 182 ----- .../moa/id/auth/stork/ResponseVerifier.java | 66 -- .../id/auth/stork/STORKAuthnRequestProcessor.java | 187 ----- .../id/config/auth/AuthConfigurationProvider.java | 7 +- .../moa/id/config/auth/OAAuthParameter.java | 14 +- .../moa/id/protocols/pvp2x/PVPConstants.java | 1 + .../protocols/pvp2x/binding/RedirectBinding.java | 1 - .../builder/assertion/PVP2AssertionBuilder.java | 81 ++- .../attributes/BirthdateAttributeBuilder.java | 17 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 10 - .../protocols/pvp2x/signer/CredentialProvider.java | 1 - .../verification/MetadataSignatureFilter.java | 6 +- .../pvp2x/verification/TrustEngineFactory.java | 50 +- .../java/at/gv/util/wsdl/szrgw/SZRGWService.java | 18 +- .../main/java/at/gv/util/wsdl/szrgw/SZRGWType.java | 2 +- .../gv/util/xsd/persondata/AbstractPersonType.java | 10 +- .../xsd/persondata/CompactCorporateBodyType.java | 2 +- .../util/xsd/persondata/CompactPersonDataType.java | 18 +- .../xsd/persondata/CompactPhysicalPersonType.java | 2 +- .../gv/util/xsd/persondata/CorporateBodyType.java | 2 +- .../gv/util/xsd/persondata/IdentificationType.java | 2 +- .../util/xsd/persondata/InternetAddressType.java | 2 +- .../at/gv/util/xsd/persondata/NationalityType.java | 10 +- .../at/gv/util/xsd/persondata/PersonDataType.java | 18 +- .../gv/util/xsd/persondata/PhysicalPersonType.java | 2 +- .../util/xsd/persondata/TelephoneAddressType.java | 2 +- .../xsd/persondata/TypedPostalAddressType.java | 2 +- .../at/gv/util/xsd/saml/assertion/AdviceType.java | 6 +- .../at/gv/util/xsd/saml/assertion/SubjectType.java | 4 +- .../java/at/gv/util/xsd/xmldsig/KeyInfoType.java | 22 +- .../java/at/gv/util/xsd/xmldsig/KeyValueType.java | 8 +- .../java/at/gv/util/xsd/xmldsig/ObjectFactory.java | 76 +- .../java/at/gv/util/xsd/xmldsig/PGPDataType.java | 8 +- .../java/at/gv/util/xsd/xmldsig/SPKIDataType.java | 2 +- .../gv/util/xsd/xmldsig/SignatureMethodType.java | 4 +- .../java/at/gv/util/xsd/xmldsig/TransformType.java | 4 +- .../java/at/gv/util/xsd/xmldsig/X509DataType.java | 16 +- .../resources/properties/id_messages_de.properties | 1 + .../resources/templates/loginFormFull.html | 789 ++++++++++----------- id/server/pom.xml | 2 +- .../proxy/src/main/webapp/META-INF/MANIFEST.MF | 1 - id/server/stork2-saml-engine/pom.xml | 6 + 55 files changed, 698 insertions(+), 1560 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java (limited to 'id/ConfigWebTool/src/main/webapp/jsp') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java index 5fa6f3531..abcfd67e9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -211,6 +211,8 @@ public class Authenticate extends HttpServlet { engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); engine.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); engine.init(); HTTPPostEncoder encoder = new HTTPPostEncoder(engine, diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index b58b997ec..4e8dfc259 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -585,7 +585,7 @@
diff --git a/id/oa/pom.xml b/id/oa/pom.xml index c5664c281..621c428bd 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -46,7 +46,7 @@ org.opensaml opensaml - 2.5.3 + 2.6.0 org.opensaml diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 917493848..5bf9c4970 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -197,6 +197,8 @@ public class Authenticate extends HttpServlet { engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); engine.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); engine.init(); HTTPPostEncoder encoder = new HTTPPostEncoder(engine, diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index e5670f9a7..81213f721 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -25,16 +25,17 @@ - - eu.stork - SamlEngine - 1.1.0 - - - eu.stork - oasis-dss-api - 1.0.0-SNAPSHOT - + + eu.stork + SamlEngine + 1.1.0 + + + eu.stork + oasis-dss-api + 1.0.0-SNAPSHOT + + MOA.id.server moa-id-commons @@ -60,7 +61,7 @@ axis - + javax.mail @@ -162,7 +163,7 @@ - + + + + org.opensaml + opensaml + 2.6.0 + + + + org.opensaml + xmltooling + 1.4.0 regexp @@ -228,8 +241,8 @@ org.apache.maven.plugins maven-compiler-plugin - 1.5 - 1.5 + 1.6 + 1.6 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e9c8dbc75..06d5b01bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; @@ -1269,7 +1270,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + String oldsessionID = session.getSessionID(); //Session is implicte stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 767172823..896feed9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -231,6 +231,8 @@ public class AuthenticationSession implements Serializable { private boolean ssoRequested = false; + private String QAALevel = null; + // private OAuth20SessionObject oAuth20SessionObject; // /** @@ -1005,20 +1007,21 @@ public class AuthenticationSession implements Serializable { public IPersonalAttributeList getStorkAttributes() { return this.storkAttributes; } - + /** -// * @return the oAuth20SessionObject -// */ -// public OAuth20SessionObject getoAuth20SessionObject() { -// return oAuth20SessionObject; -// } -// -// /** -// * @param oAuth20SessionObject -// * the oAuth20SessionObject to set -// */ -// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { -// this.oAuth20SessionObject = oAuth20SessionObject; -// } + * @return the qAALevel + */ + public String getQAALevel() { + return QAALevel; + } + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 7908578ef..f4212cc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -73,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -197,6 +198,9 @@ public class GetForeignIDServlet extends AuthServlet { IdentityLink identitylink = ilParser.parseIdentityLink(); session.setIdentityLink(identitylink); + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + String samlArtifactBase64 = AuthenticationServer.getInstance().getForeignAuthenticationData(session); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index b2224e10c..8bf437cca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -218,6 +219,9 @@ public class GetMISSessionIDServlet extends AuthServlet { session.setAuthenticatedUsed(false); session.setAuthenticated(true); + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + String oldsessionID = session.getSessionID(); //Session is implicite stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 23eb138d9..b356c6f35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -54,9 +54,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; @@ -327,6 +329,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step moaSession.setAuthenticated(true); + //TODO: found better solution, but QAA Level in response could be not supported yet + try { + moasession.setQAALevel(authnResponse.getAssertions().get(0). + getAuthnStatements().get(0).getAuthnContext(). + getAuthnContextClassRef().getAuthnContextClassRef()); + + } catch (Throwable e) { + Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); + moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); + + } + //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java deleted file mode 100644 index 80089a423..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java +++ /dev/null @@ -1,72 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import org.opensaml.xml.security.credential.Credential; - -import eu.stork.vidp.messages.exception.SAMLException; - -/** - * Interface supporting different kinds of Credentials - * - * @author bzwattendorfer - * - */ -public interface CredentialProvider { - - /** - * Gets appropriate credentials - * @return Credential object - * @throws SAMLException - */ - public Credential getCredential() throws SAMLException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java deleted file mode 100644 index cf167ba84..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java +++ /dev/null @@ -1,148 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.stork; - -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; - -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.x509.BasicX509Credential; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.vidp.messages.exception.SAMLException; - -/** - * Provides credentials from a KeyStore - * @author bzwattendorfer - * - */ -public class KeyStoreCredentialProvider implements CredentialProvider { - - private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class); - - /** KeyStore Path */ - private String keyStorePath; - - /** KeyStore Password */ - private String keyStorePassword; - - /** Specific Key Name as Credential */ - private String keyName; - - /** Key password */ - private String keyPassword; - - /** - * Creates a KeyStoreCredentialProvider object - * @param keyStorePath KeyStore Path - * @param keyStorePassword KeyStore Password - * @param keyName KeyName of the key to be retrieved - * @param keyPassword Password for the Key - */ - public KeyStoreCredentialProvider(String keyStorePath, - String keyStorePassword, String keyName, String keyPassword) { - super(); - this.keyStorePath = keyStorePath; - this.keyStorePassword = keyStorePassword; - this.keyName = keyName; - this.keyPassword = keyPassword; - } - - - /** - * Gets the credential object from the KeyStore - */ - public Credential getCredential() throws SAMLException { - log.trace("Retrieving credentials for signing SAML Response."); - - if (StringUtils.isEmpty(this.keyStorePath)) - throw new SAMLException("No keyStorePath specified"); - - //KeyStorePassword optional - //if (StringUtils.isEmpty(this.keyStorePassword)) - // throw new SAMLException("No keyStorePassword specified"); - - if (StringUtils.isEmpty(this.keyName)) - throw new SAMLException("No keyName specified"); - - //KeyStorePassword optional - //if (StringUtils.isEmpty(this.keyPassword)) - // throw new SAMLException("No keyPassword specified"); - - KeyStore ks; - try { - ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword); - } catch (Exception e) { - log.error("Failed to load keystore information", e); - throw new SAMLException(e); - } - - //return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray()); - BasicX509Credential credential = null; - try { - java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName); - PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray()); - credential = new BasicX509Credential(); - credential.setEntityCertificate(certificate); - credential.setPrivateKey(privateKey); - - } catch (Exception e) { - log.error("Error retrieving signing credentials.", e); - throw new SAMLException(e); - } - - return credential; - - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java deleted file mode 100644 index dcd1a8a1a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java +++ /dev/null @@ -1,263 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import java.util.List; - -import org.joda.time.DateTime; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.Audience; -import org.opensaml.saml2.core.AudienceRestriction; -import org.opensaml.saml2.core.Conditions; -import org.opensaml.saml2.core.SubjectConfirmation; -import org.opensaml.saml2.core.SubjectConfirmationData; -import org.opensaml.saml2.metadata.RequestedAttribute; - -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.vidp.messages.saml.STORKAttribute; -import eu.stork.vidp.messages.util.SAMLUtil; - -/** - * Verifies the SAML assertion according to the STORK specification - * @author bzwattendorfer - * - */ -public class PEPSConnectorAssertionVerifier implements AssertionVerifier { - - private static final int CLOCK_SKEW_MINUTES = 5; - - private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false; - - /* (non-Javadoc) - * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String) - */ - public void verify(Assertion assertion, String reqIPAddress, - String authnRequestID, String recipient, String audience, List reqAttrList) throws SecurityException { - - //SAML assertion need not to be signed, skipping signature validation - - verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient); - - Logger.debug("SubjectConfirmationData successfully verified"); - - verifyConditions(assertion, audience); - - Logger.debug("Conditions successfully verified"); - } - - - private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException { - for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) { - verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient); - } - - } - - private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException { - //NotBefore not allowed in SSO profile - verifyNotOnOrAfter(scData.getNotOnOrAfter()); - - Logger.trace("NotOnOrAfter successfully verified"); - - if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) { - verifyClientAddress(scData, reqAddress); - Logger.trace("User's client IP address successfully verified."); - } else { - Logger.warn("User's client IP address will not be verified."); - } - - verifyRecipient(scData, recipient); - Logger.trace("Recipient successfully verified"); - - verifyInResponseTo(scData, requestID); - Logger.trace("InResponseTo successfully verified"); - - } - - private void verifyNotBefore(DateTime notBefore) throws SecurityException { - if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) { - String msg = "Subject/Assertion not yet valid, Timestamp: "; - Logger.error(msg + notBefore); - throw new SecurityException(msg); - } - - Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore); - - } - - private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException { - if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) { - String msg = "Subject/Assertion no longer valid."; - Logger.error(msg); - throw new SecurityException(msg); - } - - Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter); - } - - private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException { - if (!reqAddress.equals(scData.getAddress())) { - String msg = "Response coming from wrong Client-Address"; - Logger.error("Response coming from wrong Client-Address " + reqAddress + ", expected " + scData.getAddress()); - throw new SecurityException(msg); - } - - } - - private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException { - if (!scData.getInResponseTo().equals(requestID)) { - String msg = "Assertion issued for wrong request"; - Logger.error(msg); - throw new SecurityException(msg); - } - } - - private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException { - if (!scData.getRecipient().equals(reqRecipient)) { - String msg = "Assertion intended for another recipient"; - Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient); - throw new SecurityException(msg); - } - - } - - private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException { - for (Audience audience : audienceRestriction.getAudiences()) { - if (audience.getAudienceURI().equals(reqAudience)) - return; - } - String msg = "Assertion sent to wrong audience"; - Logger.error("Assertion intended for wrong audience, expected " + reqAudience); - throw new SecurityException(msg); - } - - private void verifyOneTimeUse(String assertionID) { - //not necessarily required to check since notBefore and notOnOrAfter are verified - //check response Store for already existing assertion - - } - - private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException { - Conditions conditions = assertion.getConditions(); - - verifyNotBefore(conditions.getNotBefore()); - Logger.trace("NotBefore successfully verified"); - - verifyNotOnOrAfter(conditions.getNotOnOrAfter()); - Logger.trace("NotOnOrAfter successfully verified"); - - verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience); - - Logger.trace("Audience successfully verified"); - - } - - public static void validateRequiredAttributes( - List reqAttrList, - List attrList) - throws STORKException { - - Logger.debug("Starting required attribute validation"); - - if (reqAttrList == null || reqAttrList.isEmpty()) { - Logger.error("Requested Attributes list is empty."); - throw new STORKException("No attributes have been requested"); - } - - if (attrList == null || attrList.isEmpty()) { - Logger.error("STORK AttributeStatement is empty."); - throw new STORKException("No attributes have been received"); - } - - Logger.trace("These attributes have been requested and received: "); - int count = 0; - for (RequestedAttribute reqAttr : reqAttrList) { - Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired()); - for(Attribute attr : attrList) { - if (verifyRequestedAttribute(reqAttr, attr)) - count++; - } - } - - int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList); - Logger.trace("Number of requested required attributes: " + numRequiredReqAttr); - Logger.trace("Number of received required attributes: " + count); - - if (count != numRequiredReqAttr) { - Logger.error("Not all required attributes have been received"); - throw new STORKException("Not all required attributes have been received"); - } - Logger.debug("Received all required attributes!"); - - } - - private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) { - - if ((reqAttr.getName()).equals(attr.getName())) { - if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) { - Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr)); - return true; - } - } - return false; - } - - private static int getNumberOfRequiredAttributes(List reqAttrList) { - int count = 0; - for (RequestedAttribute reqAttr : reqAttrList) - if (reqAttr.isRequired()) count++; - - return count; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java deleted file mode 100644 index f9589950f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ /dev/null @@ -1,182 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import org.opensaml.xml.validation.ValidationException; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.XMLUtil; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKResponse; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.util.SAMLUtil; - -/** - * Verifies the SMAL response according to the STORK specification - * @author bzwattendorfer - * - */ -public class PEPSConnectorResponseVerifier implements ResponseVerifier { - - - /* (non-Javadoc) - * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response) - */ - public void verify(STORKResponse response) throws SecurityException { - - verifySignature(response); - Logger.debug("Signature of SAML response valid."); - - verifyStandardValidation(response); - - Logger.debug("SAML response format valid."); - - } - - - private void verifySignature(STORKResponse response) throws SecurityException { - //validate Signature - try { - if (response.isSigned()) { - - String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID(); - - Logger.trace("Starting validation of Signature references"); - try { - SAMLUtil.validateSignatureReferences(response); - } catch (ValidationException e) { - Logger.error("Validation of XML Signature refrences failed: " + e.getMessage()); - throw new SecurityException(e); - } - Logger.debug("XML Signature references are OK."); - - Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID); - - Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); - - Logger.trace("Calling MOA-SP"); - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { - String msg = "Signature of SAMLResponse not valid"; - Logger.error(msg); - throw new SecurityException(msg); - } - - Logger.debug("Signature of SAML response successfully verified"); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String msg = "Certificate of SAMLResponse not valid"; - Logger.error(msg); - throw new SecurityException(msg); - } - - Logger.debug("Signing certificate of SAML response succesfully verified"); - - } else { - String msg = "SAML Response is not signed."; - throw new SecurityException(msg); - } - - } catch (ConfigurationException e) { - String msg = "Unable to load STORK configuration for STORK SAML Response signature verification."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (ParseException e) { - String msg = "Unable to parse VerifyXMLSignature Request or Response."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (BuildException e) { - String msg = "Unable to parse VerifyXMLSignature Request or Response."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (ServiceException e) { - String msg = "Unable to invoke MOA-SP."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } - - } - - private void verifyStandardValidation(STORKResponse response) throws SecurityException { - try { - SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator"); - } catch (SAMLValidationException e) { - String msg ="SAML Response received not valid."; - throw new SecurityException(msg, e); - } - - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java deleted file mode 100644 index ea3d4101b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.stork; - -import eu.stork.mw.messages.saml.STORKResponse; - -/** - * Interface to be implemented for SAML response verification - * @author bzwattendorfer - * - */ -public interface ResponseVerifier { - - /** - * Verifies a STORK response - * @param response STORK response - * @throws SecurityException - */ - public void verify(STORKResponse response) throws SecurityException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index 5dc615b6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,187 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.security.credential.Credential; - -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; - -/** - * Class handling all necessary functionality for STORK AuthnRequest processing - * - * @author bzwattendorfer - * - */ -public class STORKAuthnRequestProcessor { - - /** - * Creates a STORK AuthnRequest - * @param destination Destination URL - * @param acsURL Assertion Consumer Service URL - * @param providerName SP Provider Name - * @param issuerValue Issuer Name - * @param qaaLevel STORK QAALevel to be requested - * @param requestedAttributes Requested Attributes to be requested - * @param spSector Sp Sector - * @param spInstitution SP Institution - * @param spApplication SP Application - * @param spCountry SP Country - * @param textToBeSigned text to be included in signedDoc element - * @param mimeType mimeType for the text to be signed in signedDoc - * @return STORK AuthnRequest - */ - public static STORKAuthnRequest generateSTORKAuthnRequest( - String destination, - String acsURL, - String providerName, - String issuerValue, - QualityAuthenticationAssuranceLevel qaaLevel, - RequestedAttributes requestedAttributes, - String spSector, - String spInstitution, - String spApplication, - String spCountry, - String textToBeSigned, - String mimeType) { - - - STORKAuthnRequest storkAuthnRequest = - STORKMessagesBuilder.buildSTORKAuthnRequest( - destination, - acsURL, - providerName, - issuerValue, - qaaLevel, - requestedAttributes, - spSector, - spInstitution, - spApplication, - spCountry); - - STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true); - - Logger.debug("Added signedDoc attribute to STORK AuthnRequest"); - - return storkAuthnRequest; - - } - - /** - * Signs a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthRequest to sign - * @param keyStorePath KeyStorePath to the signing key - * @param keyStorePassword KeyStore Password - * @param keyName Signing key name - * @param keyPassword Signing key password - * @return Signed STORK AuthnRequest - * @throws SAMLException - */ - public static STORKAuthnRequest signSTORKAuthnRequest( - STORKAuthnRequest storkAuthnRequest, - String keyStorePath, - String keyStorePassword, - String keyName, - String keyPassword) throws SAMLException { - - Logger.trace("Building Credential Provider for signing process"); - - CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword); - - Credential credential = credentialProvider.getCredential(); - - Logger.trace("Credentials found"); - - SAMLUtil.signSAMLObject(storkAuthnRequest, credential); - - return storkAuthnRequest; - } - - /** - * Validates a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthnRequest to validate - * @throws SAMLValidationException - */ - public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException { - - SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator"); - - } - - /** - * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest) - * @param request HttpServletRequest - * @param response HttpServletResponse - * @param storkAuthnRequest STORK AuthnRequest to send - * @throws Exception - */ - public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception { - - Logger.trace("Create endpoint..."); - Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME); - endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - endpoint.setLocation(storkAuthnRequest.getDestination()); - - - Logger.trace("Prepare SAMLMessageContext..."); - HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure()); - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setOutboundMessageTransport(outTransport); - samlMessageContext.setPeerEntityEndpoint(endpoint); - - Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext..."); - samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest); - - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - -// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm"); - HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm"); - - Logger.trace("HTTP-Post encode SAMLMessageContext..."); - encoder.encode(samlMessageContext); - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1fa7e5eb2..1804b5fd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -63,6 +63,7 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; +import org.opensaml.DefaultBootstrap; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -363,9 +364,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// STORKBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); + Logger.info("Starting initialization of OpenSAML..."); + DefaultBootstrap.bootstrap(); + Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 998e28f6a..7a38e2afd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -273,7 +273,12 @@ public boolean isOnlyMandateAllowed() { * @return true, if is we should show stork login */ public boolean isShowStorkLogin() { - return oa_auth.getOASTORK().isStorkLogonEnabled(); + try { + return oa_auth.getOASTORK().isStorkLogonEnabled(); + + } catch (NullPointerException e) { + return false; + } } public Map getFormCustomizaten() { @@ -322,7 +327,12 @@ public Map getFormCustomizaten() { } public Integer getQaaLevel() { - return oa_auth.getOASTORK().getQaa(); + + if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null) + return oa_auth.getOASTORK().getQaa(); + + else + return 4; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 5b4843752..0172cce2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; public interface PVPConstants { + public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/"; public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 28299871c..7c9cc6259 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 17f76d35a..bc90da8df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.util.QAALevelVerifier; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } else { + } - boolean stork_qaa_1_4_found = false; + boolean stork_qaa_1_4_found = false; + + List reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); - List reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs(); + if (reqAuthnContextClassRefIt.size() == 0) { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_1_4); - if (reqAuthnContextClassRefIt.size() == 0) { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - - } else { - for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { - - if (authSession.isForeigner()) { - //TODO: insert QAA check - - stork_qaa_1_4_found = false; - - } else { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } - break; + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_PREFIX + oaParam.getQaaLevel()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + + } else { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + qaa_uri.trim()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + } + break; } } - - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); } // reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() @@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants { * null, true); } } */ - // TODO: LOAD oaParam from request and not from MOASession in case of - // SSO - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - peerEntity.getEntityID()); - AuthenticationData authData = AuthenticationServer .buildAuthenticationData(authSession, oaParam, oaParam.getTarget()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index 523063c6e..f3d815e7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil; public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { @@ -44,11 +45,19 @@ public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { IAttributeGenerator g) throws AttributeException { try { DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(date); - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) { + Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + + } else { + //build empty attribute if no Birthday date is found (STORK2) + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); + + } //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index d318792f1..f4b48ece3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -22,14 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.io.IOException; import java.util.ArrayList; -import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.joda.time.DateTime; import org.opensaml.Configuration; @@ -40,12 +37,10 @@ import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder; import org.opensaml.saml2.encryption.Encrypter; import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.security.MetadataCriteria; @@ -54,17 +49,13 @@ import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.encryption.EncryptionException; import org.opensaml.xml.encryption.EncryptionParameters; import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.KeyInfo; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -80,7 +71,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index 1963115da..e3e25b1a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index d398ca533..f0ae6f446 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -113,10 +113,12 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Root element of metadata file has to be signed", null); } processEntitiesDescriptor(entitiesDescriptor); - } /*else if (metadata instanceof EntityDescriptor) { + + } else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - } */else { + + } else { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java index e48c7bb98..67a91f6e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -34,36 +34,36 @@ import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; +//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; +//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; public class TrustEngineFactory { - public static SignatureTrustEngine getSignatureTrustEngine() { - try { - MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( - MOAMetadataProvider.getInstance()); - - List keyInfoProvider = new ArrayList(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( - mdResolver, keyInfoResolver); - - return engine; - - } catch (Exception e) { - e.printStackTrace(); - return null; - } - } +// public static SignatureTrustEngine getSignatureTrustEngine() { +// try { +// MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( +// MOAMetadataProvider.getInstance()); +// +// List keyInfoProvider = new ArrayList(); +// keyInfoProvider.add(new DSAKeyValueProvider()); +// keyInfoProvider.add(new RSAKeyValueProvider()); +// keyInfoProvider.add(new InlineX509DataProvider()); +// +// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +// keyInfoProvider); +// +// PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( +// mdResolver, keyInfoResolver); +// +// return engine; +// +// } catch (Exception e) { +// e.printStackTrace(); +// return null; +// } +// } public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() { MetadataCredentialResolver resolver; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java index 77969010f..9562d1c42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java @@ -14,7 +14,7 @@ import javax.xml.ws.WebServiceFeature; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1 * */ @WebServiceClient(name = "SZRGWService", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", wsdlLocation = "file:/D:/Projekte/svn/online-vollmachten/egovutils/src/main/resources/wsdl/szrgw/szrgw.wsdl") @@ -42,26 +42,10 @@ public class SZRGWService super(__getWsdlLocation(), SZRGWSERVICE_QNAME); } - public SZRGWService(WebServiceFeature... features) { - super(__getWsdlLocation(), SZRGWSERVICE_QNAME, features); - } - - public SZRGWService(URL wsdlLocation) { - super(wsdlLocation, SZRGWSERVICE_QNAME); - } - - public SZRGWService(URL wsdlLocation, WebServiceFeature... features) { - super(wsdlLocation, SZRGWSERVICE_QNAME, features); - } - public SZRGWService(URL wsdlLocation, QName serviceName) { super(wsdlLocation, serviceName); } - public SZRGWService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { - super(wsdlLocation, serviceName, features); - } - /** * * @return diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java index 01ca437c9..9f0a8bd6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java @@ -14,7 +14,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1 * */ @WebService(name = "SZRGWType", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl") diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java index eb9ff0739..ebcee3d1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java @@ -62,7 +62,7 @@ public class AbstractPersonType { @XmlElement(name = "Identification") protected List identification; - @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List> abstractSimpleIdentification; @XmlAttribute(name = "Id") @XmlJavaTypeAdapter(CollapsedStringAdapter.class) @@ -120,14 +120,14 @@ public class AbstractPersonType { *

* Objects of the following type(s) are allowed in the list * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >} - * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} + * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} + * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >} + * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >} + * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java index 0a542e073..bd7d32493 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java @@ -188,8 +188,8 @@ public class CompactCorporateBodyType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java index 1aa6acbf4..aad9fa004 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java @@ -63,7 +63,7 @@ public class CompactPersonDataType @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected JAXBElement person; - @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List> address; @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") protected List signature; @@ -75,11 +75,11 @@ public class CompactPersonDataType * * @return * possible object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public JAXBElement getPerson() { @@ -91,11 +91,11 @@ public class CompactPersonDataType * * @param value * allowed object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public void setPerson(JAXBElement value) { @@ -120,12 +120,12 @@ public class CompactPersonDataType * *

* Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >} * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java index 94e97ea12..1e37799b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java @@ -240,8 +240,8 @@ public class CompactPhysicalPersonType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java index 19d957d80..6596ae3ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java @@ -256,8 +256,8 @@ public class CorporateBodyType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java index f22d6858a..df20e777f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java @@ -172,8 +172,8 @@ public class IdentificationType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java index 2afa51544..90dfd4110 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java @@ -121,8 +121,8 @@ public class InternetAddressType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java index 4a426fc93..ebc563acb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java @@ -52,10 +52,10 @@ import org.w3c.dom.Element; public class NationalityType { @XmlElementRefs({ - @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), - @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), @XmlElementRef(name = "CountryNameFR", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), - @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) + @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -79,13 +79,13 @@ public class NationalityType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} - * {@link Object } * {@link String } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java index cefaa3bbd..699519798 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java @@ -63,7 +63,7 @@ public class PersonDataType @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected JAXBElement person; - @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List> address; @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") protected List signature; @@ -75,11 +75,11 @@ public class PersonDataType * * @return * possible object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public JAXBElement getPerson() { @@ -91,11 +91,11 @@ public class PersonDataType * * @param value * allowed object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public void setPerson(JAXBElement value) { @@ -120,12 +120,12 @@ public class PersonDataType * *

* Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >} * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java index f2727635e..4c5a5e34f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java @@ -484,8 +484,8 @@ public class PhysicalPersonType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java index eb7640237..2e8e7e6e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java @@ -125,8 +125,8 @@ public class TelephoneAddressType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java index c85e2ec69..0b53e5e6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java @@ -120,8 +120,8 @@ public class TypedPostalAddressType * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java index e8ec84ccf..fb556ea95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java @@ -41,8 +41,8 @@ import org.w3c.dom.Element; public class AdviceType { @XmlElementRefs({ - @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), - @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), + @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List assertionIDReferenceOrAssertionOrAny; @@ -65,10 +65,10 @@ public class AdviceType { * *

* Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link Element } * {@link JAXBElement }{@code <}{@link AssertionType }{@code >} * {@link Object } - * {@link JAXBElement }{@code <}{@link String }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java index 6845e807a..89b61c35c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java @@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType; public class SubjectType { @XmlElementRefs({ - @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), - @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) + @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), + @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class) }) protected List> content; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java index 1f980f6df..c6845af5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java @@ -53,13 +53,13 @@ import org.w3c.dom.Element; public class KeyInfoType { @XmlElementRefs({ - @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -88,16 +88,16 @@ public class KeyInfoType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >} * {@link JAXBElement }{@code <}{@link X509DataType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >} - * {@link Object } - * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >} * {@link String } * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >} + * {@link Element } + * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java index 55001162c..68693eace 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java @@ -42,8 +42,8 @@ import org.w3c.dom.Element; public class KeyValueType { @XmlElementRefs({ - @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -68,10 +68,10 @@ public class KeyValueType { *

* Objects of the following type(s) are allowed in the list * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >} - * {@link Element } + * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >} * {@link String } + * {@link Element } * {@link Object } - * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java index a32d3badc..167a019bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java @@ -25,6 +25,7 @@ import javax.xml.namespace.QName; @XmlRegistry public class ObjectFactory { + private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData"); private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData"); private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod"); @@ -49,16 +50,15 @@ public class ObjectFactory { private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform"); private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue"); private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue"); - private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); + private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); + private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); + private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial"); private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate"); private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI"); private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName"); private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL"); - private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); - private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); - private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); - private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); + private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); /** * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.util.xsd.xmldsig @@ -243,6 +243,15 @@ public class ObjectFactory { return new X509IssuerSerialType(); } + /** + * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) + public JAXBElement createSignatureMethodTypeHMACOutputLength(BigInteger value) { + return new JAXBElement(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); + } + /** * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}} * @@ -463,9 +472,27 @@ public class ObjectFactory { * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} * */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) - public JAXBElement createTransformTypeXPath(String value) { - return new JAXBElement(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) + public JAXBElement createPGPDataTypePGPKeyID(String value) { + return new JAXBElement(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) + public JAXBElement createPGPDataTypePGPKeyPacket(String value) { + return new JAXBElement(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) + public JAXBElement createSPKIDataTypeSPKISexp(String value) { + return new JAXBElement(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); } /** @@ -513,40 +540,13 @@ public class ObjectFactory { return new JAXBElement(_X509DataTypeX509CRL_QNAME, String.class, X509DataType.class, value); } - /** - * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) - public JAXBElement createSignatureMethodTypeHMACOutputLength(BigInteger value) { - return new JAXBElement(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); - } - - /** - * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) - public JAXBElement createSPKIDataTypeSPKISexp(String value) { - return new JAXBElement(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); - } - /** * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} * */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) - public JAXBElement createPGPDataTypePGPKeyID(String value) { - return new JAXBElement(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); - } - - /** - * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) - public JAXBElement createPGPDataTypePGPKeyPacket(String value) { - return new JAXBElement(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) + public JAXBElement createTransformTypeXPath(String value) { + return new JAXBElement(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java index e45501db6..add2d8886 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java @@ -47,8 +47,8 @@ import org.w3c.dom.Element; public class PGPDataType { @XmlElementRefs({ - @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List content; @@ -81,10 +81,10 @@ public class PGPDataType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link Object } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java index f829d355d..e6a187e9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java @@ -60,8 +60,8 @@ public class SPKIDataType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } * {@link Object } * * diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java index 70695afdf..1a463591b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java @@ -42,7 +42,7 @@ import javax.xml.bind.annotation.XmlType; }) public class SignatureMethodType { - @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) @XmlMixed @XmlAnyElement(lax = true) protected List content; @@ -68,9 +68,9 @@ public class SignatureMethodType { * *

* Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link BigInteger }{@code >} * {@link String } * {@link Object } - * {@link JAXBElement }{@code <}{@link BigInteger }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java index 2b96c553e..e92465a4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java @@ -42,7 +42,7 @@ import org.w3c.dom.Element; }) public class TransformType { - @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) @XmlMixed @XmlAnyElement(lax = true) protected List content; @@ -68,9 +68,9 @@ public class TransformType { * *

* Objects of the following type(s) are allowed in the list + * {@link String } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link Element } - * {@link String } * {@link Object } * * diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java index e3148b2d0..c70b72293 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java @@ -46,11 +46,11 @@ import org.w3c.dom.Element; public class X509DataType { @XmlElementRefs({ - @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List x509IssuerSerialOrX509SKIOrX509SubjectName; @@ -73,13 +73,13 @@ public class X509DataType { * *

* Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} - * {@link Object } + * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index dc698782a..a6c0601e4 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -220,6 +220,7 @@ pvp2.13=Interner Server Fehler pvp2.14=SAML Anfrage verweigert pvp2.15=Keine Metadateninformation gefunden pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion +pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1} oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 3eff06daf..9d6ad4085 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -3,333 +3,318 @@ - - +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: #BUTTON_COLOR#; */ + border: 0px; + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + text-decoration: underline; + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + +