From f63aa551997230b40a9779f151561b893d6496ce Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 17:18:28 +0100 Subject: configuration provider case for not found file; stork2 constant addition --- .../main/java/at/gv/egovernment/moa/id/configuration/Constants.java | 4 +++- .../moa/id/configuration/config/ConfigurationProvider.java | 2 +- id/ConfigWebTool/src/main/resources/applicationResources.properties | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index c5ea0acd1..97e763ec6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -40,7 +40,9 @@ public class Constants { public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; - + public static final String MOA_CONFIG_PROTOCOL_STORK2 = "id_stork2"; + + public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index fb468967c..f5121aaf2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -70,7 +70,7 @@ public class ConfigurationProvider { configFileName = System.getProperty(SYSTEM_PROP_CONFIG); if (configFileName == null) { - throw new ConfigurationException("config.01"); + throw new ConfigurationException("config.05"); } // determine the directory of the root config file diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index cad135b95..f343b6700 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -5,6 +5,7 @@ config.01=Configfile is not found. config.02=Configfile is not readable. config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized +config.05=Configuration file not defined error.title=Fehler: error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. -- cgit v1.2.3 From 7e1288797ce2ebc70b083f87b03d263cf5205bb5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Feb 2014 17:40:39 +0100 Subject: quick fix for config interface --- .../gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index da07b10b0..c35bff633 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.logging.Logger; public class OASTORKConfig { @@ -65,6 +66,7 @@ public class OASTORKConfig { // prepare attribute helper list attributes = new ArrayList(); + try { for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { AttributeHelper tmp = null; @@ -76,7 +78,9 @@ public class OASTORKConfig { tmp = new AttributeHelper(current); attributes.add(tmp); - } + } } catch (NullPointerException ex) { + Logger.error("Nullpointerexception encountered in Configurationinterface"); + } } } } -- cgit v1.2.3 From ca6f0622237cf5ca1b330886eea197a554dc71fd Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Feb 2014 19:05:28 +0100 Subject: fixing peps configuration --- id/ConfigWebTool/src/main/webapp/js/common.js | 7 ++++++- id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 384e40509..98f7bdacb 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -210,7 +210,12 @@ function oaOnLoad() { function newPeps() { var target = $(document.getElementById("stork_pepslist").getElementsByTagName("tr")).last()[0]; var clone = target.cloneNode(true); - var lastindex = parseInt(clone.innerHTML.match(/name="storkconfig.cpepslist\[(\d)/)[1]); + try { + var lastindex = parseInt(clone.innerHTML.match(/name="storkconfig.cpepslist\[(\d)/)[1]); + } catch (err) { + + var lastindex = 1; + } var nextindex = lastindex + 1; clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.cpepslist\[\d/g, 'name="storkconfig.cpepslist[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 1bb429afa..604080d21 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -234,14 +234,19 @@ key="webpages.moaconfig.stork.qaa.default" labelposition="left" />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

- +
-
Country ShortcodePEPS URL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ + + + " onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/> + + " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

-- cgit v1.2.3 From 04f9a5fe5676c343898c443ca5a161915cd7458c Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 21 Feb 2014 19:26:53 +0100 Subject: changes stork config --- .../id/configuration/data/GeneralMOAIDConfig.java | 1 + .../id/configuration/data/GeneralStorkConfig.java | 6 +- .../struts/action/EditGeneralConfigAction.java | 73 ++++++++++++++++------ 3 files changed, 61 insertions(+), 19 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index d81d03780..f56ad4604 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -115,6 +115,7 @@ public class GeneralMOAIDConfig { private static Map chainigmodelist; private String trustedCACerts = null; + private String defaultBKUOnline = ""; private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 980aa4731..8b78c62a3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -31,14 +31,18 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import org.apache.log4j.Logger; public class GeneralStorkConfig { private List cpepslist; private List attributes; private int qaa; + private static final Logger log = Logger.getLogger(GeneralStorkConfig.class); + + public void parse(MOAIDConfiguration config) { + log.error("STARTED STORK CONFIG"); - public void parse(MOAIDConfiguration config) { if (config != null) { AuthComponentGeneral auth = config.getAuthComponentGeneral(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 67750e765..5dccf965d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -23,12 +23,7 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -97,7 +92,8 @@ public class EditGeneralConfigAction extends ActionSupport private String formID; public String loadConfig() { - HttpSession session = request.getSession(); + + HttpSession session = request.getSession(); if (session == null) { log.info("No http Session found."); return Constants.STRUTS_ERROR; @@ -114,8 +110,16 @@ public class EditGeneralConfigAction extends ActionSupport moaconfig.parse(dbconfig); storkconfig = new GeneralStorkConfig(); storkconfig.parse(dbconfig); - - ConfigurationDBUtils.closeSession(); + + if (moaconfig == null) { + log.error("MOA configuration is null"); + } + + if (storkconfig == null) { + log.error("Stork configuration is null"); + } + + ConfigurationDBUtils.closeSession(); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -134,7 +138,7 @@ public class EditGeneralConfigAction extends ActionSupport log.info("No http Session found."); return Constants.STRUTS_ERROR; } - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -162,7 +166,7 @@ public class EditGeneralConfigAction extends ActionSupport errors.addAll(new StorkConfigValidator().validate(storkconfig)); if (errors.size() > 0) { - log.info("General MOA-ID configuration has some erros."); + log.info("General MOA-ID configuration has some errors."); for (String el : errors) addActionError(el); @@ -199,7 +203,24 @@ public class EditGeneralConfigAction extends ActionSupport } private String saveFormToDatabase() { - + + log.debug("Saving form to database"); + log.error("Saving form to db"); + log.info("SV frm db"); + + for (Object obj : Collections.list(request.getParameterNames())) { + log.error(" PARAM: " + obj.toString()); + } + for (Object obj : Collections.list(request.getSession().getAttributeNames())) { + log.error(" SES PARAM: " + obj.toString()); + } + + try { + log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); + } catch (Exception ex) { + ex.printStackTrace(); + } + MOAIDConfiguration oldconfig = ConfigurationDBRead.getMOAIDConfiguration(); AuthComponentGeneral oldauth = null; if (oldconfig != null) { @@ -262,7 +283,8 @@ public class EditGeneralConfigAction extends ActionSupport dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); - + + Protocols dbprotocols = dbauth.getProtocols(); if (dbprotocols == null) { dbprotocols = new Protocols(); @@ -405,6 +427,7 @@ public class EditGeneralConfigAction extends ActionSupport // } DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + if (dbbkus == null) { dbbkus = new DefaultBKUs(); dbconfig.setDefaultBKUs(dbbkus); @@ -468,16 +491,28 @@ public class EditGeneralConfigAction extends ActionSupport //TODO: Set STORK Config!!! if (oldauth != null) { - ForeignIdentities oldforeign = oldauth.getForeignIdentities(); + ForeignIdentities oldforeign = oldauth.getForeignIdentities(); if (oldforeign != null) { STORK oldstork = oldforeign.getSTORK(); - if (oldstork != null) - oldstork = new STORK(); + if (oldstork == null) + oldstork = new STORK(); + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); oldstork.setAttributes(storkconfig.getAttributes()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); + } catch (Exception e) { + e.printStackTrace(); + } + + try{ + log.error("CPEPS LIST: " + storkconfig.getCpepslist().size() ); + log.error("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); + } catch (Exception ex) { + ex.printStackTrace(); + } } } @@ -619,6 +654,7 @@ public class EditGeneralConfigAction extends ActionSupport */ public void setMoaconfig(GeneralMOAIDConfig moaconfig) { this.moaconfig = moaconfig; + log.error("MOA CONFIG SET"); } /** @@ -637,6 +673,7 @@ public class EditGeneralConfigAction extends ActionSupport */ public void setStorkconfig(GeneralStorkConfig storkconfig) { this.storkconfig = storkconfig; + log.error("STORK CONFIG SET"); } /** @@ -652,8 +689,8 @@ public class EditGeneralConfigAction extends ActionSupport public void setFormID(String formID) { this.formID = formID; } - - + + } -- cgit v1.2.3 From 5304a281d530abbe2aa57dc2583bc72d7988c949 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:57:42 +0100 Subject: config gui for vidp mockups --- .../data/oa/AttributeProviderPlugin.java | 24 +++++++++++++++++ .../id/configuration/data/oa/OASTORKConfig.java | 12 +++++++++ .../main/resources/applicationResources.properties | 8 +++++- id/ConfigWebTool/src/main/webapp/js/common.js | 11 ++++++++ .../src/main/webapp/jsp/editOAGeneral.jsp | 30 ++++++++++++++++++++++ 5 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java new file mode 100644 index 000000000..275bc81c4 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import at.gv.egovernment.moa.id.protocols.stork2.StorkAttributeRequestProvider; + +public class AttributeProviderPlugin { + private String url = "demourl"; + private Class plugin = StorkAttributeRequestProvider.class; + + public String getUrl() { + return url; + } + + public void setUrl(String url) { + this.url = url; + } + + public Class getPlugin() { + return plugin; + } + + public void setPlugin(Class plugin) { + this.plugin = plugin; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index da07b10b0..f084115c4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -126,4 +126,16 @@ public class OASTORKConfig { public void setHelperAttributes(List attributes) { this.attributes = attributes; } + + + public List getAttributeProviderPlugins() { + List result = new ArrayList(); + result.add(new AttributeProviderPlugin()); + + return result; + } + + public boolean isVidpEnabled() { + return true; + } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 4a99ab664..313f9f2be 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -198,7 +198,8 @@ webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden webpages.oaconfig.menu.oauth20.show=OAuth 2.0 Konfiguration einblenden webpages.oaconfig.menu.oauth20.hidden=OAuth 2.0 Konfiguration ausblenden - +webpages.oaconfig.menu.vidp.show=VIDP Konfiguration einblenden +webpages.oaconfig.menu.vidp.hidden=VIDP Konfiguration ausblenden webpages.oaconfig.menu.stork=STORK Konfiguration @@ -258,6 +259,11 @@ webpages.oaconfig.oauth20.clientId=Client ID webpages.oaconfig.oauth20.clientSecret=Client Passwort webpages.oaconfig.oauth20.redirectUri=Redirect Uri +webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen +webpages.oaconfig.vidp.ap.remove=Entfernen +webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider + message.title=Meldung: webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 384e40509..d9089243f 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -51,6 +51,17 @@ function oaStork() { $('#stork_block').css('display', "none"); } } +function oaVIDP() { + if ($('#oa_vidp_area').css('display') == "block") { + $('#oa_vidp_area').css('display', "none"); + $('#button_vidp_show').css('display', "block"); + $('#button_vidp_hidden').css('display', "none"); + } else { + $('#oa_vidp_area').css('display', "block"); + $('#button_vidp_show').css('display', "none"); + $('#button_vidp_hidden').css('display', "block"); + } +} function oaSAML1() { if ($('#oa_saml1_area').css('display') == "block") { $('#oa_saml1_area').css('display', "none"); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 4e8dfc259..18d703eae 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -340,6 +340,13 @@ + + +
+ + + + + + +
AP PluginURL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='newAp();' /> + + -- cgit v1.2.3 From ea9d46e1fb39ad31d9bfe6226442b71b8bb11539 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 15:09:55 +0100 Subject: available attribute provider dropdown selection --- .../gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java | 7 +++++++ id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index f084115c4..99d783f4f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -128,6 +128,13 @@ public class OASTORKConfig { } + public List getAvailableAttributeProviderPlugins() { + List result = new ArrayList(); + result.add(new AttributeProviderPlugin().getPlugin().getSimpleName()); + + return result; + } + public List getAttributeProviderPlugins() { List result = new ArrayList(); result.add(new AttributeProviderPlugin()); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 18d703eae..5fce15f5c 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -469,7 +469,7 @@ - + -- cgit v1.2.3 From 2aeec6f82e0e44888d37167cc917d03a076bdbf7 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 15:48:58 +0100 Subject: add new ap configuration entry --- id/ConfigWebTool/src/main/webapp/js/common.js | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index d9089243f..45f40f5b8 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -235,4 +235,13 @@ function newStorkAttribute() { clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.attributes\[\d/g, 'name="storkconfig.attributes[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); +} +function newAp() { + var target = $(document.getElementById("stork_aplist").getElementsByTagName("tr")).last()[0]; + var clone = target.cloneNode(true); + var lastindex = parseInt(clone.innerHTML.match(/name="storkOA.attributeProviderPlugins\[(\d)/)[1]); + var nextindex = lastindex + 1; + clone.innerHTML = clone.innerHTML.replace(/name="storkOA.attributeProviderPlugins\[\d/g, 'name="storkOA.attributeProviderPlugins[' + nextindex); + clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); + target.parentNode.appendChild(clone); } \ No newline at end of file -- cgit v1.2.3 From 44b1f27b00306cac728f6921befd0c1eddb97f81 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 16:23:43 +0100 Subject: drafted config saving --- .../data/oa/AttributeProviderPlugin.java | 8 +++---- .../id/configuration/data/oa/OASTORKConfig.java | 26 +++++++++++++++++----- .../src/main/webapp/jsp/editOAGeneral.jsp | 2 +- 3 files changed, 24 insertions(+), 12 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java index 275bc81c4..00b7b09ce 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java @@ -1,10 +1,8 @@ package at.gv.egovernment.moa.id.configuration.data.oa; -import at.gv.egovernment.moa.id.protocols.stork2.StorkAttributeRequestProvider; - public class AttributeProviderPlugin { private String url = "demourl"; - private Class plugin = StorkAttributeRequestProvider.class; + private String plugin = "demo"; public String getUrl() { return url; @@ -14,11 +12,11 @@ public class AttributeProviderPlugin { this.url = url; } - public Class getPlugin() { + public String getPlugin() { return plugin; } - public void setPlugin(Class plugin) { + public void setPlugin(String plugin) { this.plugin = plugin; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 99d783f4f..23181076a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -77,6 +77,10 @@ public class OASTORKConfig { attributes.add(tmp); } + + // fetch vidp config + attributeProviderPlugins = new ArrayList(); + attributeProviderPlugins.add(new AttributeProviderPlugin()); } } } @@ -126,7 +130,12 @@ public class OASTORKConfig { public void setHelperAttributes(List attributes) { this.attributes = attributes; } - + + /* + * VIDP settings below + */ + private boolean vidpEnabled = false; + private List attributeProviderPlugins; public List getAvailableAttributeProviderPlugins() { List result = new ArrayList(); @@ -136,13 +145,18 @@ public class OASTORKConfig { } public List getAttributeProviderPlugins() { - List result = new ArrayList(); - result.add(new AttributeProviderPlugin()); - - return result; + return attributeProviderPlugins; + } + + public void setAttributeProviderPlugins(List update) { + attributeProviderPlugins = update; } public boolean isVidpEnabled() { - return true; + return vidpEnabled; + } + + public void setVidpEnabled(boolean update) { + vidpEnabled = update; } } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 5fce15f5c..e783d753d 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -469,7 +469,7 @@
AP PluginURL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- + -- cgit v1.2.3 From 42c8940c7b813744933d261e4c414f17762062cd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 16:57:14 +0100 Subject: ap plugins are persisted now --- .../data/oa/AttributeProviderPlugin.java | 22 ---------------------- .../id/configuration/data/oa/OASTORKConfig.java | 12 ++++++++++-- .../configuration/struts/action/EditOAAction.java | 2 ++ .../src/main/resources/config/moaid_config_2.0.xsd | 13 ++++++++++++- 4 files changed, 24 insertions(+), 25 deletions(-) delete mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java deleted file mode 100644 index 00b7b09ce..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java +++ /dev/null @@ -1,22 +0,0 @@ -package at.gv.egovernment.moa.id.configuration.data.oa; - -public class AttributeProviderPlugin { - private String url = "demourl"; - private String plugin = "demo"; - - public String getUrl() { - return url; - } - - public void setUrl(String url) { - this.url = url; - } - - public String getPlugin() { - return plugin; - } - - public void setPlugin(String plugin) { - this.plugin = plugin; - } -} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 23181076a..72fc6e3a1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; @@ -79,8 +80,15 @@ public class OASTORKConfig { } // fetch vidp config - attributeProviderPlugins = new ArrayList(); - attributeProviderPlugins.add(new AttributeProviderPlugin()); + setVidpEnabled(config.isVidpEnabled()); + + attributeProviderPlugins = config.getAttributeProviders(); + // - if no attribute providers are configured, add a dummy + // TODO this is a dirty hack since we have to have one entry to + // clone from in the web form. Happens when time is short. + // Sorry. + if (attributeProviderPlugins.isEmpty()) + attributeProviderPlugins.add(new AttributeProviderPlugin()); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 775443689..c257c76c8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -984,6 +984,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); stork.setQaa(storkOA.getQaa()); stork.setOAAttributes(storkOA.getAttributes()); + stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); try { if (newentry) { diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 33ad5c990..ea78918b6 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -49,7 +49,7 @@ - + possibility to include common austrian primary keys in human readable way, english translation not available @@ -933,6 +933,8 @@ type="xsd:boolean" /> + + @@ -1010,4 +1012,13 @@ + + + + + + + + + -- cgit v1.2.3 From 4c2406224be2df8b09050178630cdcff979c5ebf Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 24 Feb 2014 11:42:44 +0100 Subject: introduced attributeproviderfactory --- .../id/configuration/data/oa/OASTORKConfig.java | 7 +-- .../moa/id/config/auth/OAAuthParameter.java | 6 ++- .../id/protocols/stork2/AttributeCollector.java | 33 ++++++------- .../protocols/stork2/AttributeProviderFactory.java | 57 ++++++++++++++++++++++ .../stork2/DemoNoRedirectAttributeProvider.java | 6 ++- .../stork2/DemoRedirectAttributeProvider.java | 9 ++-- .../stork2/StorkAttributeRequestProvider.java | 9 ++++ .../resources/properties/id_messages_de.properties | 1 + 8 files changed, 98 insertions(+), 30 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 72fc6e3a1..430bafbf5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; import java.util.List; - import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -32,6 +31,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; public class OASTORKConfig { @@ -146,10 +146,7 @@ public class OASTORKConfig { private List attributeProviderPlugins; public List getAvailableAttributeProviderPlugins() { - List result = new ArrayList(); - result.add(new AttributeProviderPlugin().getPlugin().getSimpleName()); - - return result; + return AttributeProviderFactory.getAvailablePlugins(); } public List getAttributeProviderPlugins() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 7a38e2afd..c3943d816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -51,6 +51,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; @@ -66,6 +67,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -342,7 +344,9 @@ public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } - +public List getStorkAPs() { + return oa_auth.getOASTORK().getAttributeProviders(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 8ccaa35de..32a8cb9c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -4,8 +4,11 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -33,32 +36,24 @@ public class AttributeCollector implements IAction { /** The Constant ARTIFACT_ID. */ private static final String ARTIFACT_ID = "artifactId"; - private ArrayList attributeProviders; - /** The return url. */ // TODO find correct return URL // HTTPUtils.getBaseURL(req); private String returnUrl = "findCorrectReturnURL"; - public AttributeCollector() { - // TODO generate from config - attributeProviders = new ArrayList(); - attributeProviders.add(new StorkAttributeRequestProvider()); - attributeProviders.add(new DemoRedirectAttributeProvider()); - attributeProviders.add(new DemoNoRedirectAttributeProvider()); - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // check if we have a STORKAttributeResponse in the request - // - no, how did we get here? - // yes, we got a recent requested attribute - // - find the attribute provider plugin that can handle the response + + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : attributeProviders) + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { newAttributes = current.parse(httpReq); } catch (UnsupportedAttributeException e1) { @@ -89,7 +84,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes - return processRequest(container, httpReq, httpResp); + return processRequest(container, httpReq, httpResp, oaParam); } /** @@ -100,7 +95,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -113,7 +108,7 @@ public class AttributeCollector implements IAction { // for each attribute still missing for(PersonalAttribute currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin - for(AttributeProvider currentProvider : attributeProviders) { + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java new file mode 100644 index 000000000..98d354e8a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + +/** + * A factory for creating AttributeProvider objects. + */ +public class AttributeProviderFactory { + + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + + return result; + } + + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname + * the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + switch (shortname) { + case "StorkAttributeRequestProvider": + return new StorkAttributeRequestProvider(url); + default: + return null; + } + } + + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for(AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index a38cfed96..52ff0a85a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -34,8 +34,12 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ @Override - public void performRedirect(String url, HttpServletResponse response) { + public void performRedirect(String url, String citizenCountyCode, + HttpServletRequest req, HttpServletResponse resp) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index a9e2cf358..6dc0a30cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -34,12 +34,13 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - public void performRedirect(String url, HttpServletResponse response) { - // TODO Auto-generated method stub - + public void performRedirect(String url, String citizenCountyCode, + HttpServletRequest req, HttpServletResponse resp) { + // we should not get here + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 90b1a0180..dd34d0d42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -38,6 +38,15 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The destination. */ private String destination; + + /** + * Instantiates a new stork attribute request provider. + * + * @param apUrl the AP location + */ + public StorkAttributeRequestProvider(String apUrl) { + destination = apUrl; + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index d6995a98e..e5fdb5ca7 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -203,6 +203,7 @@ stork.08=STORK SAML Assertion Validierung fehlgeschlagen stork.09=Fehler beim \u00FCberpr\u00FCfen der STORK B\u00FCrgerInnen Signatur stork.10=Fehler in der Verbindung zum SZR-Gateway stork.11=Fehler beim Sammeln von StorkAttributen +stork.12=Konnte keine VIDP Konfiguration finden pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort -- cgit v1.2.3 From e220daf9bc0eac36c3e20406865f99f4760a30d3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 25 Feb 2014 08:45:04 +0100 Subject: config validators --- .../validation/oa/OASTORKConfigValidation.java | 14 ++++++++++++++ .../src/main/resources/applicationResources.properties | 2 ++ 2 files changed, 16 insertions(+) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index f72999020..25e0d751c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -27,8 +27,11 @@ import java.util.List; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; public class OASTORKConfigValidation { @@ -45,6 +48,17 @@ public class OASTORKConfigValidation { errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {qaa} )); } + + for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { + if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid")); + } + if (MiscUtil.isEmpty(current.getName())) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); + } + } return errors; } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 313f9f2be..c6a88510a 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -392,6 +392,8 @@ validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein +validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url +validation.stork.ap.name.valid=Ung\u00FCltiger AttributProvider Name validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. -- cgit v1.2.3 From f51b28c24ac466b5e25d3047975beac8f14d2c15 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 25 Feb 2014 20:34:44 +0100 Subject: attrcollector --- .../id/configuration/data/oa/OASTORKConfig.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 13 +------- .../protocols/stork2/AttributeProviderFactory.java | 17 ++++++---- .../id/protocols/stork2/AuthenticationRequest.java | 38 ++++++++++++++-------- 4 files changed, 38 insertions(+), 32 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 9f1e9cfd8..5fdbe1f77 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -92,7 +92,7 @@ public class OASTORKConfig { // Sorry. if (attributeProviderPlugins.isEmpty()) attributeProviderPlugins.add(new AttributeProviderPlugin()); - } } catch (NullPointerException ex) { + } catch (NullPointerException ex) { Logger.error("Nullpointerexception encountered in Configurationinterface"); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 08244ab38..cc0f8569e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -155,18 +155,7 @@ public class AttributeCollector implements IAction { //httpSession.setAttribute("CCC", ccc); */ - } - - - //httpResp.setStatus(200); - //VPEPSInboundPostHandler - - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - } catch (Exception e1) { + } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); throw new MOAIDException("stork.11", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 98d354e8a..9a4c1f59b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -31,12 +31,17 @@ public class AttributeProviderFactory { * @return the attribute provider */ public static AttributeProvider create(String shortname, String url) { - switch (shortname) { - case "StorkAttributeRequestProvider": - return new StorkAttributeRequestProvider(url); - default: - return null; - } + //switch (shortname) { + //case "StorkAttributeRequestProvider": + // return new StorkAttributeRequestProvider(url); + //default: + // return null; + //} + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else { + return null; + } } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index d742d72ef..6ef85d7ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -1,8 +1,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -22,10 +25,7 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; @@ -94,6 +94,13 @@ public class AuthenticationRequest implements IAction { */ } + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry("AT"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + //httpResp.setStatus(200); //VPEPSInboundPostHandler @@ -102,20 +109,23 @@ public class AuthenticationRequest implements IAction { DataContainer container = new DataContainer(); // - fill in the request we extracted above - container.setRequest(request); + container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); // - fill in the partial response created above - container.setResponse(response); + container.setResponse(authnResponse); // - memorize the target url were we have to return the result - container.setTarget(target); - + container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + + + + + if (1==1) // test // see if we need to fetch further attributes - return (new AttributeCollector()).processRequest(container); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, oaParam); + - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry("AT"); @@ -163,13 +173,15 @@ public class AuthenticationRequest implements IAction { try { Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // radi + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); } catch (IOException e) { e.printStackTrace(); } + // preparing redirection for the client + try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); @@ -266,7 +278,7 @@ public class AuthenticationRequest implements IAction { // moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); - return authResponse; + return attributeList; } public String getDefaultActionName() { -- cgit v1.2.3 From 6da6e88d2026d2777b54cfba759b4e63f5a391f9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 28 Feb 2014 08:21:43 +0100 Subject: fixed config visible vidp config block glitch --- id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 7887d9d62..696723b9b 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -505,7 +505,7 @@ -
+
AP PluginURL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- + -- cgit v1.2.3 From f57dbf19485e1da5f9a60d65b0c4cc8ce6e4cd9c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 08:35:19 +0100 Subject: config gui fixes --- id/ConfigWebTool/src/main/webapp/js/common.js | 15 +++++++++------ id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 5fbbdafd1..fef368b0a 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -45,21 +45,21 @@ function oaSSOService() { } } function oaStork() { - if ($('#OAuseSTORKLogon').attr('checked') == 'checked') { + if ($('#OAuseSTORKLogon').is(':checked')) { $('#stork_block').css('display', "block"); } else { $('#stork_block').css('display', "none"); } } function oaVIDP() { - if ($('#oa_vidp_area').css('display') == "block") { - $('#oa_vidp_area').css('display', "none"); - $('#button_vidp_show').css('display', "block"); - $('#button_vidp_hidden').css('display', "none"); - } else { + if ($('#oa_vidp_area').css('display') == "none" || $('#OAuseVidp').is(':checked')) { $('#oa_vidp_area').css('display', "block"); $('#button_vidp_show').css('display', "none"); $('#button_vidp_hidden').css('display', "block"); + } else { + $('#oa_vidp_area').css('display', "none"); + $('#button_vidp_show').css('display', "block"); + $('#button_vidp_hidden').css('display', "none"); } } function oaSAML1() { @@ -201,9 +201,12 @@ function oaOnLoad() { oaBusinessService(); oaSSOService(); oaLegacyService(); + oaStork(); AdminTarget(); oaTargetSubSector(); + oaVIDP(); + $(".colorfield").each( function() { $(this).ColorPicker({ diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 1f42bf092..76c347445 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -505,7 +505,7 @@ -
AP PluginURL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- + - + +
AP PluginURL
AP PluginURLAttribute (CSV)
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..de079c960 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -31,11 +31,11 @@ public class AttributeProviderFactory { * the simpleName for the providers class * @return the attribute provider */ - public static AttributeProvider create(String shortname, String url) { + public static AttributeProvider create(String shortname, String url, String attributes) { if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); + return new StorkAttributeRequestProvider(url, attributes); } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); + return new EHvdAttributeProviderPlugin(url, attributes); } else { return null; } @@ -52,7 +52,7 @@ public class AttributeProviderFactory { List result = new ArrayList(); for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index f97d8c804..a36855d33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -44,26 +44,31 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /** The destination. */ private Object destination; + + /** The attributes. */ + private String attributes; /** * Instantiates a new e hvd attribute provider plugin. * * @param url the service url + * @param attributes */ - public EHvdAttributeProviderPlugin(String url) { + public EHvdAttributeProviderPlugin(String url, String supportedAttributes) { destination = url; + attributes = supportedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { // break when we cannot handle the requested attribute - if(!attributes.getName().equals("isHealthCareProfessional")) + if(!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 797695a00..d8becaaf7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -34,14 +34,19 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The destination. */ private String destination; - + + /** The attributes. */ + private String attributes; + /** * Instantiates a new stork attribute request provider. * * @param apUrl the AP location + * @param supportedAttributes the supported attributes as csv */ - public StorkAttributeRequestProvider(String apUrl) { + public StorkAttributeRequestProvider(String apUrl, String supportedAttributes) { destination = apUrl; + attributes = supportedAttributes; } /* (non-Javadoc) @@ -49,6 +54,10 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + + if (!attributes.contains(attribute.getName())) + throw new UnsupportedAttributeException(); + requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); throw new ExternalAttributeRequestRequiredException(this); diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index d20ec1c68..845e4fe1f 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -957,8 +957,9 @@ - - + + + -- cgit v1.2.3 From 58c8a91c173ce699b8014e4f81fa195bfa37d246 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 19:28:25 +0100 Subject: land selection change --- .../moa/id/configuration/Constants.java | 17 +- .../id/configuration/data/oa/OAGeneralConfig.java | 37 +- .../configuration/struts/action/EditOAAction.java | 2619 ++++++++++---------- .../main/resources/applicationResources.properties | 3 + id/ConfigWebTool/src/main/webapp/js/common.js | 25 +- .../src/main/webapp/jsp/editOAGeneral.jsp | 43 +- .../src/main/resources/config/moaid_config_2.0.xsd | 6 +- 7 files changed, 1410 insertions(+), 1340 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index b963890af..79a966b81 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -69,7 +69,8 @@ public class Constants { public static final String BKU_HANDY = "bkuhandy"; public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; - public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; + public static final String MOA_CONFIG_STORKSERVICE = "storkService"; + public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; public static final String MOA_CONFIG_PROTOCOL_STORK2 = "id_stork2"; @@ -82,20 +83,24 @@ public class Constants { public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; - public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; + public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN; public static final String IDENIFICATIONTYPE_BASEID_ZVR = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_ZVR; public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; - - public static final Map BUSINESSSERVICENAMES; + public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + + + public static final Map BUSINESSSERVICENAMES; static { Hashtable tmp = new Hashtable(); tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); - - BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); + tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + + BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index ba58701fc..495444db1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -58,17 +58,19 @@ public class OAGeneralConfig { private String friendlyName = null; private boolean businessService = false; - - private String target = null; + private boolean storkService = false; + + private String target = null; private String target_subsector = null; private String target_admin = null; private static List targetList = null; private String targetFriendlyName = null; private boolean isAdminTarget = false; - + private String identificationNumber = null; private String identificationType = null; private static List identificationTypeList = null; + private String storkSPTargetCountry = null; private String aditionalAuthBlockText = null; @@ -159,8 +161,17 @@ public class OAGeneralConfig { businessService = true; else businessService = false; - - AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_STORKSERVICE)) + storkService = true; + else + storkService = false; + + if (dbOAConfig.getStorkSPTargetCountry() != null) + storkSPTargetCountry = dbOAConfig.getStorkSPTargetCountry(); + + + AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); if (oaauth != null) { BKUURLS bkuurls = oaauth.getBKUURLS(); @@ -301,6 +312,14 @@ public class OAGeneralConfig { return identificationNumber; } + public String getStorkSPTargetCountry() { + return storkSPTargetCountry; + } + + public void setStorkSPTargetCountry(String storkSPTargetCountry) { + this.storkSPTargetCountry = storkSPTargetCountry; + } + public void setIdentificationNumber(String identificationNumber) { this.identificationNumber = identificationNumber; } @@ -341,6 +360,14 @@ public class OAGeneralConfig { return businessService; } + public boolean isStorkService() { + return storkService; + } + + public void setStorkService(boolean storkService) { + this.storkService = storkService; + } + public void setBusinessService(boolean businessService) { this.businessService = businessService; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 99bdfdc9c..4a0bf744a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -22,1337 +22,1330 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import iaik.utils.URLDecoder; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.*; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.*; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.*; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; - import com.opensymphony.xwork2.ActionSupport; +import iaik.utils.URLDecoder; +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.*; +import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.util.*; public class EditOAAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { - - private final Logger log = Logger.getLogger(EditOAAction.class); - - private static final long serialVersionUID = 1L; - - private HttpServletRequest request; - private HttpServletResponse response; - - private AuthenticatedUser authUser; - - private String oaidobj; - private boolean newOA; - private String formID; - - private boolean onlyBusinessService = false; - private boolean subTargetSet = false; - private boolean deaktivededBusinessService = false; - private boolean isMetaDataRefreshRequired = false; - - private String nextPage; - - private OAGeneralConfig generalOA = new OAGeneralConfig(); - private OAPVP2Config pvp2OA = new OAPVP2Config(); - private OASAML1Config saml1OA = new OASAML1Config(); - private OASSOConfig ssoOA = new OASSOConfig(); - private OAOAuth20Config oauth20OA = new OAOAuth20Config(); - private OASTORKConfig storkOA = new OASTORKConfig(); - private FormularCustomization formOA = new FormularCustomization(); - - private InputStream stream; - - private Map sendAssertionForm = new HashMap(); - private Map bkuSelectionForm = new HashMap(); - - // STRUTS actions - public String inital() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - - authUser = (AuthenticatedUser) authUserObj; - - long oaid = -1; - - if (!ValidationHelper.validateOAID(oaidobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - oaid = Long.valueOf(oaidobj); - - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; - - if (authUser.isAdmin()) - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - - else { - userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - // TODO: change to direct Database operation - List oas = userdb.getOnlineApplication(); - for (OnlineApplication oa : oas) { - if (oa.getHjid() == oaid) { - onlineapplication = oa; - break; - } - } - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - generalOA.parse(onlineapplication); - ssoOA.parse(onlineapplication); - saml1OA.parse(onlineapplication); - oauth20OA.parse(onlineapplication); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - storkOA.parse(onlineapplication); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - formOA.parse(onlineapplication, map); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - List errors = pvp2OA.parse(onlineapplication); - - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - session.setAttribute(Constants.SESSION_OAID, oaid); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - newOA = false; - - return Constants.STRUTS_OA_EDIT; - } - - public String newOA() { - log.debug("insert new Online-Application"); - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - session.setAttribute(Constants.SESSION_OAID, null); - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - - authUser = (AuthenticatedUser) authUserObj; - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) { - DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); - if (defaultbkus != null) { - generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); - generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); - generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - - newOA = true; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); - - this.oauth20OA.generateClientSecret(); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - return Constants.STRUTS_OA_EDIT; - } - - public String saveOA() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - OnlineApplication onlineapplication = null; - List errors = new ArrayList(); - - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - - } - catch (Throwable t) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - // valid DBID and check entry - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); - } else { - - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - newOA = true; - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); - } - - } else { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); - } - } - } - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - // check form - OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); - OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); - OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); - OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); - OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); - FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); - OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); - errors.addAll(validatior_pvp2.validate(pvp2OA)); - errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); - errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); - errors.addAll(validator_stork.validate(storkOA)); - errors.addAll(validator_form.validate(formOA)); - errors.addAll(validatior_oauth20.validate(oauth20OA)); - - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() - , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - //validate send-assertion template - templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() - , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); - - else - sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - - // Do not allow SSO in combination with special BKUSelection features - if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { - log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); - } - - if (errors.size() > 0) { - log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - - boolean newentry = false; - - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - newentry = true; - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - if (onlineapplication.getHjid() != null) userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } - catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, newentry); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - //set metadata reload flag if reload is required - if (pvp2OA.getMetaDataURL() != null) { - - try { - if (isMetaDataRefreshRequired - || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) - || pvp2OA.getFileUpload() != null - || pvp2OA.isReLoad()) { - - log.debug("Set PVP2 Metadata refresh flag."); - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } - catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - if (onlineapplication.isIsAdminRequired()) { - int numoas = 0; - int numusers = 0; - - List openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); - if (openOAs != null) numoas = openOAs.size(); - - List openUsers = ConfigurationDBRead.getAllNewUsers(); - if (openUsers != null) numusers = openUsers.size(); - try { - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); - - if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); - - } - catch (ConfigurationException e) { - log.warn("Sending Mail to Admin failed.", e); - } - - } else - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); - - //remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_SUCCESS; - } - - public String cancleAndBackOA() { - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; - } - - public String deleteOA() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - } - - OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - request.getSession().setAttribute(Constants.SESSION_OAID, null); - - try { - if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { - - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } - catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - if (ConfigurationDBUtils.delete(onlineapplication)) { - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - List useroas = user.getOnlineApplication(); - - for (OnlineApplicationType oa : useroas) { - if (oa.getHjid().equals(onlineapplication.getHjid())) { - useroas.remove(oa); - } - } - - try { - ConfigurationDBUtils.saveOrUpdate(user); - - } - catch (MOADatabaseException e) { - log.warn("User information can not be updated in database", e); - addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); - return Constants.STRUTS_ERROR; - } - } - - ConfigurationDBUtils.closeSession(); - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); - - return Constants.STRUTS_SUCCESS; - - } else { - ConfigurationDBUtils.closeSession(); - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; - } - - } - - public String bkuFramePreview() { - - String preview = null; - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } else { - InputStream input = null; - - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(templateURL); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - throw new ConfigurationException("No MOA-ID instance configurated"); - } - - preview = LoginFormBuilder.getTemplate(input); - preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); - - Map map = (Map) mapobj; - - request.setCharacterEncoding("UTF-8"); - - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } - - synchronized (map) { - - if (MiscUtil.isNotEmpty(module)) { - if (map.containsKey("#" + module + "#")) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) - || value.startsWith("#")) - map.put("#" + module + "#", value); - else - map.put("#" + module + "#", "#" + value); - - } else { - map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); - } - } - } - preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true); - } - - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } - - } - catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } - } - - stream = new ByteArrayInputStream(preview.getBytes()); - - return Constants.STRUTS_SUCCESS; - } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); - - dboa.setFriendlyName(generalOA.getFriendlyName()); - dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); - - if (authUser.isAdmin()) - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); - else { - if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); - } - - dboa.setPublicURLPrefix(generalOA.getIdentifier()); - - if (generalOA.isBusinessService() || onlyBusinessService) { - - dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - - authoa.setIdentificationNumber(idnumber); - - } else { - dboa.setType(null); - - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { - dboa.setTarget(generalOA.getTarget_admin()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); - - } else { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - - } else { - - if (MiscUtil.isNotEmpty(generalOA.getTarget())) { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - } - } - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - if (authUser.isAdmin()) { - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); - } - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if(generalOA.isDeleteBKUTemplate()) - templates.setBKUSelectionTemplate(null); - - if (generalOA.isDeleteSendAssertionTemplate()) - templates.setSendAssertionTemplate(null); - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } - } - - - //store BKU-selection customization - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); - } - - Mandates mandates = new Mandates(); - if (generalOA.isUseMandates()) { - mandates.setProfiles(generalOA.getMandateProfiles()); - - } else { - mandates.setProfiles(new String()); - } - - authoa.setMandates(mandates); - bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); - bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); - - if (authUser.isAdmin()) { - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - - List template = templates.getTemplate(); - if (generalOA.isLegacy()) { - - if (template == null) - template = new ArrayList(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - }else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); - }else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(formOA.getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(formOA.getFontType()); - - bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); - bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); - - } - - // set default transformation if it is empty - List transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required - - } - - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } - - pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); - try { - - if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); - - } - catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); - } - catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(saml1OA.isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); - saml1.setProvideCertificate(saml1OA.isProvideCertificate()); - saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); - saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); - saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); - saml1.setUseCondition(saml1OA.isUseCondition()); - saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(ssoOA.isUseSSO()); - - if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); - - sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); - - if (oauth20OA != null) { - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); - } - - oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); - log.debug("client id: " + oauth20OA.getClientId()); - log.debug("client secret: " + oauth20OA.getClientSecret()); - log.debug("redirect uri:" + oauth20OA.getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - } - - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); - } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); - stork.setQaa(storkOA.getQaa()); - stork.setOAAttributes(storkOA.getAttributes()); - stork.setVidpEnabled(storkOA.isVidpEnabled()); - stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); - - try { - if (newentry) { - ConfigurationDBUtils.save(dboa); - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - List useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList(); - - useroas.add(dboa); - ConfigurationDBUtils.saveOrUpdate(user); - } - } - - else - ConfigurationDBUtils.saveOrUpdate(dboa); - - } - catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store"); - } - - return null; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; - } - - private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - String bpk = userdb.getBpk(); - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) { - - onlyBusinessService = true; - generalOA.setBusinessService(true); - - } - - deaktivededBusinessService = true; - String[] split = bpk.split("\\+"); - generalOA.setIdentificationType(split[1].substring(1)); - - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) - generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); - else - generalOA.setIdentificationNumber(split[2]); - - } - - } - - public String setGeneralOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSAML1OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setPVP2OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSSOOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSTORKOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - // Getter and Setter - public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; - - } - - public void setServletRequest(HttpServletRequest arg0) { - this.request = arg0; - - } - - public HttpServletRequest getRequest() { - return request; - } - - public void setRequest(HttpServletRequest request) { - this.request = request; - } - - public HttpServletResponse getResponse() { - return response; - } - - public void setResponse(HttpServletResponse response) { - this.response = response; - } - - public OAGeneralConfig getGeneralOA() { - return generalOA; - } - - public void setGeneralOA(OAGeneralConfig generalOA) { - this.generalOA = generalOA; - } - - public OAPVP2Config getPvp2OA() { - return pvp2OA; - } - - public void setPvp2OA(OAPVP2Config pvp2oa) { - pvp2OA = pvp2oa; - } - - public OASAML1Config getSaml1OA() { - return saml1OA; - } - - public void setSaml1OA(OASAML1Config saml1oa) { - saml1OA = saml1oa; - } - - public OASSOConfig getSsoOA() { - return ssoOA; - } - - public void setSsoOA(OASSOConfig ssoOA) { - this.ssoOA = ssoOA; - } - - public OASTORKConfig getStorkOA() { - return storkOA; - } - - public void setStorkOA(OASTORKConfig storkOA) { - this.storkOA = storkOA; - } - - /** - * @param oaidobj - * the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the authUser - */ - public AuthenticatedUser getAuthUser() { - return authUser; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - - /** - * @param newOA - * the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID - * the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the onlyBusinessService - */ - public boolean isOnlyBusinessService() { - return onlyBusinessService; - } - - /** - * @param onlyBusinessService - * the onlyBusinessService to set - */ - public void setOnlyBusinessService(boolean onlyBusinessService) { - this.onlyBusinessService = onlyBusinessService; - } - - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } - - /** - * @param subTargetSet - * the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } - - /** - * @param deaktivededBusinessService - * the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return formOA; - } - - /** - * @param formOA - * the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - this.formOA = formOA; - } - - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } - - public OAOAuth20Config getOauth20OA() { - return oauth20OA; - } - - public void setOauth20OA(OAOAuth20Config oauth20OA) { - this.oauth20OA = oauth20OA; - } - + + private final Logger log = Logger.getLogger(EditOAAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private String oaidobj; + private boolean newOA; + private String formID; + + private boolean onlyBusinessService = false; + private boolean onlyStorkService = false; + private boolean subTargetSet = false; + private boolean deaktivededBusinessService = false; + private boolean deactivatedStorkService = false; + private boolean isMetaDataRefreshRequired = false; + + private String nextPage; + + private OAGeneralConfig generalOA = new OAGeneralConfig(); + private OAPVP2Config pvp2OA = new OAPVP2Config(); + private OASAML1Config saml1OA = new OASAML1Config(); + private OASSOConfig ssoOA = new OASSOConfig(); + private OAOAuth20Config oauth20OA = new OAOAuth20Config(); + private OASTORKConfig storkOA = new OASTORKConfig(); + private FormularCustomization formOA = new FormularCustomization(); + + private InputStream stream; + + private Map sendAssertionForm = new HashMap(); + private Map bkuSelectionForm = new HashMap(); + + // STRUTS actions + public String inital() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + long oaid = -1; + + if (!ValidationHelper.validateOAID(oaidobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + + else { + userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + // TODO: change to direct Database operation + List oas = userdb.getOnlineApplication(); + for (OnlineApplication oa : oas) { + if (oa.getHjid() == oaid) { + onlineapplication = oa; + break; + } + } + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + generalOA.parse(onlineapplication); + ssoOA.parse(onlineapplication); + saml1OA.parse(onlineapplication); + oauth20OA.parse(onlineapplication); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + storkOA.parse(onlineapplication); + + Map map = new HashMap(); + map.putAll(FormBuildUtils.getDefaultMap()); + formOA.parse(onlineapplication, map); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + List errors = pvp2OA.parse(onlineapplication); + + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + ConfigurationDBUtils.closeSession(); + session.setAttribute(Constants.SESSION_OAID, oaid); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + newOA = false; + + return Constants.STRUTS_OA_EDIT; + } + + public String newOA() { + log.debug("insert new Online-Application"); + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_OAID, null); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) { + DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); + if (defaultbkus != null) { + generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); + generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); + generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); + } + } + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + ConfigurationDBUtils.closeSession(); + + newOA = true; + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + + this.oauth20OA.generateClientSecret(); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + return Constants.STRUTS_OA_EDIT; + } + + public String saveOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + OnlineApplication onlineapplication = null; + List errors = new ArrayList(); + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + + } catch (Throwable t) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + // valid DBID and check entry + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + newOA = true; + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + } + } + } + } + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + // check form + OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); + OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); + OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); + OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); + OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); + FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); + OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); + errors.addAll(validatior_pvp2.validate(pvp2OA)); + errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); + errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); + errors.addAll(validator_stork.validate(storkOA)); + errors.addAll(validator_form.validate(formOA)); + errors.addAll(validatior_oauth20.validate(oauth20OA)); + + //validate BKU-selection template + List templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() + , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + + else + bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate send-assertion template + templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() + , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + + else + sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + + // Do not allow SSO in combination with special BKUSelection features + if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); + } + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + + boolean newentry = false; + + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + newentry = true; + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else + isMetaDataRefreshRequired = true; + + } else { + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ((onlineapplication.isIsAdminRequired() == null) + || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + if (onlineapplication.getHjid() != null) + userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); + } + } + } + + //save OA configuration + String error = saveOAConfigToDatabase(onlineapplication, newentry); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + //set metadata reload flag if reload is required + if (pvp2OA.getMetaDataURL() != null) { + + try { + if (isMetaDataRefreshRequired + || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) + || pvp2OA.getFileUpload() != null + || pvp2OA.isReLoad()) { + + log.debug("Set PVP2 Metadata refresh flag."); + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + } + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + List openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) numoas = openOAs.size(); + + List openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) numusers = openUsers.size(); + try { + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); + + } catch (ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + + //remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + + public String cancleAndBackOA() { + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + if (ConfigurationDBUtils.delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List useroas = user.getOnlineApplication(); + + for (OnlineApplicationType oa : useroas) { + if (oa.getHjid().equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + ConfigurationDBUtils.saveOrUpdate(user); + + } catch (MOADatabaseException e) { + log.warn("User information can not be updated in database", e); + addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + } + + } + + public String bkuFramePreview() { + + String preview = null; + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } else { + InputStream input = null; + + try { + Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map) { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; + + File file = new File(templateURL); + input = new FileInputStream(file); + + String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + throw new ConfigurationException("No MOA-ID instance configurated"); + } + + preview = LoginFormBuilder.getTemplate(input); + preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); + + Map map = (Map) mapobj; + + request.setCharacterEncoding("UTF-8"); + + String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); + } + + synchronized (map) { + + if (MiscUtil.isNotEmpty(module)) { + if (map.containsKey("#" + module + "#")) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) + || value.startsWith("#")) + map.put("#" + module + "#", value); + else + map.put("#" + module + "#", "#" + value); + + } else { + map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); + } + } + } + preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true); + } + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } + + } catch (Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } + } + + stream = new ByteArrayInputStream(preview.getBytes()); + + return Constants.STRUTS_SUCCESS; + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); + + dboa.setFriendlyName(generalOA.getFriendlyName()); + dboa.setCalculateHPI(generalOA.isCalculateHPI()); + dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); + + if (authUser.isAdmin()) + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + else { + if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + + dboa.setPublicURLPrefix(generalOA.getIdentifier()); + + if (generalOA.isStorkService() || onlyStorkService) { + dboa.setType(Constants.MOA_CONFIG_STORKSERVICE); + dboa.setStorkSPTargetCountry(generalOA.getStorkSPTargetCountry()); + + + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_STORK)) + num = num.substring(Constants.IDENIFICATIONTYPE_STORK.length()); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getIdentificationType() + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); + + authoa.setIdentificationNumber(idnumber); + + } else if (generalOA.isBusinessService() || onlyBusinessService) { + + dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + + // num = StringUtils.leftPad(num, 7, '0'); + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); + + authoa.setIdentificationNumber(idnumber); + + } else { + dboa.setType(null); + + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { + dboa.setTarget(generalOA.getTarget_admin()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } else { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + + } else { + + if (MiscUtil.isNotEmpty(generalOA.getTarget())) { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + } + } + + //store BKU-URLs + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + if (authUser.isAdmin()) { + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + } + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + + //store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (generalOA.isDeleteBKUTemplate()) + templates.setBKUSelectionTemplate(null); + + if (generalOA.isDeleteSendAssertionTemplate()) + templates.setSendAssertionTemplate(null); + + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } + } + + + //store BKU-selection customization + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + Mandates mandates = new Mandates(); + if (generalOA.isUseMandates()) { + mandates.setProfiles(generalOA.getMandateProfiles()); + + } else { + mandates.setProfiles(new String()); + } + + authoa.setMandates(mandates); + bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); + bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); + + if (authUser.isAdmin()) { + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + + List template = templates.getTemplate(); + if (generalOA.isLegacy()) { + + if (template == null) + template = new ArrayList(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL1()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL2()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL3()); + template.add(el); + } else + template.add(new TemplateType()); + + } else { + if (template != null && template.size() > 0) template.clear(); + } + + bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); + + bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(formOA.getHeader_text()); + + bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); + + if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) + bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); + + bkuselectioncustom.setFontType(formOA.getFontType()); + + bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); + bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); + + } + + // set default transformation if it is empty + List transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); + try { + + if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(saml1OA.isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); + saml1.setProvideCertificate(saml1OA.isProvideCertificate()); + saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); + saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); + saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); + saml1.setUseCondition(saml1OA.isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(ssoOA.isUseSSO()); + + if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); + + sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); + + if (oauth20OA != null) { + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); + log.debug("client id: " + oauth20OA.getClientId()); + log.debug("client secret: " + oauth20OA.getClientSecret()); + log.debug("redirect uri:" + oauth20OA.getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + } + + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); + stork.setQaa(storkOA.getQaa()); + stork.setOAAttributes(storkOA.getAttributes()); + stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); + + try { + if (newentry) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + List useroas = user.getOnlineApplication(); + if (useroas == null) useroas = new ArrayList(); + + useroas.add(dboa); + ConfigurationDBUtils.saveOrUpdate(user); + } + } else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store"); + } + + return null; + } + + private String parseColor(String color) { + String value = ""; + + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) + value = "#" + color; + else + value = color; + } + return value; + } + + private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + String bpk = userdb.getBpk(); + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) { + onlyBusinessService = true; + generalOA.setBusinessService(true); + } else if (bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { + onlyStorkService = true; + generalOA.setStorkService(true); + } + + deaktivededBusinessService = true; + deactivatedStorkService = true; + String[] split = bpk.split("\\+"); + generalOA.setIdentificationType(split[1].substring(1)); + + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) + generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); + else + generalOA.setIdentificationNumber(split[2]); + + } + + } + + public String setGeneralOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSAML1OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setPVP2OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSSOOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSTORKOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + // Getter and Setter + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + + } + + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + + } + + public HttpServletRequest getRequest() { + return request; + } + + public void setRequest(HttpServletRequest request) { + this.request = request; + } + + public HttpServletResponse getResponse() { + return response; + } + + public void setResponse(HttpServletResponse response) { + this.response = response; + } + + public OAGeneralConfig getGeneralOA() { + return generalOA; + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + this.generalOA = generalOA; + } + + public OAPVP2Config getPvp2OA() { + return pvp2OA; + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + pvp2OA = pvp2oa; + } + + public OASAML1Config getSaml1OA() { + return saml1OA; + } + + public void setSaml1OA(OASAML1Config saml1oa) { + saml1OA = saml1oa; + } + + public OASSOConfig getSsoOA() { + return ssoOA; + } + + public void setSsoOA(OASSOConfig ssoOA) { + this.ssoOA = ssoOA; + } + + public OASTORKConfig getStorkOA() { + return storkOA; + } + + public void setStorkOA(OASTORKConfig storkOA) { + this.storkOA = storkOA; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the onlyBusinessService + */ + public boolean isOnlyBusinessService() { + return onlyBusinessService; + } + + /** + * @param onlyStorkService the onlyStorkService to set + */ + public void setOnlyStorkService(boolean onlyStorkService) { + this.onlyStorkService = onlyStorkService; + } + + /** + * @return the onlyStorkService + */ + public boolean isOnlyStorkService() { + return onlyStorkService; + } + + /** + * @param onlyBusinessService the onlyBusinessService to set + */ + public void setOnlyBusinessService(boolean onlyBusinessService) { + this.onlyBusinessService = onlyBusinessService; + } + + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @return the deactivatedStorkService + */ + public boolean isDeactivatedStorkService() { + return deactivatedStorkService; + } + + /** + * @param deactivatedStorkService the deactivatedStorkService to set + */ + + public void setDeactivatedStorkService(boolean deactivatedStorkService) { + + this.deactivatedStorkService = deactivatedStorkService; + } + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return formOA; + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + this.formOA = formOA; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + public OAOAuth20Config getOauth20OA() { + return oauth20OA; + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + this.oauth20OA = oauth20OA; + } + } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index a033205ed..5859ce477 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -185,7 +185,10 @@ webpages.oaconfig.general.mandate.profiles=Profile webpages.oaconfig.general.mandate.usemandate=Vollmachten (ja/nein) webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation +webpages.oaconfig.general.isstorkservice=Stork Applikation webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.stork.header=STORK Bereich +webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar) diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 5fbbdafd1..7e42eaf30 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -22,17 +22,33 @@ *******************************************************************************/ function oaBusinessService() { if ($('#OAisbusinessservice').attr('checked') == 'checked') { - - $('#oa_config_businessservice').css('display', "block"); + $('#OAisstorkservice').attr('checked',false); + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "block"); $('#oa_config_publicservice').css('display', "none"); } else { - - $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "none"); $('#oa_config_publicservice').css('display', "block"); } } +function oaStorkService() { + if ($('#OAisstorkservice').attr('checked') == 'checked') { + $('#OAisbusinessservice').attr('checked',false); + $('#oa_config_storkservice').css('display', "block"); + $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_publicservice').css('display', "none"); + + } else { + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_publicservice').css('display', "block"); + + } +} + function oaSSOService() { if ($('#OAuseSSO').attr('checked') == 'checked') { @@ -199,6 +215,7 @@ function userOnLoad() { } function oaOnLoad() { oaBusinessService(); + oaStorkService(); oaSSOService(); oaLegacyService(); AdminTarget(); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 1f42bf092..cf8626ae3 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -59,16 +59,28 @@ key="webpages.oaconfig.general.friendlyname" cssClass="textfield_long"> - - - + + + + + + + +
@@ -89,6 +101,17 @@ disabled="%{isDeaktivededBusinessService()}">
+ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.stork.header", request) %>

+ + +
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index d20ec1c68..b2c9eb58c 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -11,14 +11,16 @@ - + + - + + -- cgit v1.2.3 From 19e164874ea92d51f9df12f56047d77db9683091 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 20:57:05 +0100 Subject: storkid derivation pro country --- id/ConfigWebTool/ConfigurationInterface.iml | 2 +- .../id/configuration/data/oa/OAGeneralConfig.java | 8 +- .../configuration/struts/action/EditOAAction.java | 7 +- id/server/auth/moa-id-auth.iml | 2 +- id/server/idserverlib/moa-id-lib.iml | 2 +- .../moa/id/auth/AuthenticationServer.java | 3928 ++++++++++---------- .../id/auth/builder/InfoboxReadRequestBuilder.java | 197 +- .../gv/egovernment/moa/id/config/OAParameter.java | 20 +- id/server/moa-id-commons/moa-id-commons.iml | 2 +- id/server/moa-id.iml | 1 + id/server/proxy/moa-id-proxy.iml | 2 +- pom.xml | 6 + .../clients/api/moa-spss-handbook-apiClient.iml | 2 +- .../handbook/clients/moa-spss-handbook-clients.iml | 5 +- .../moa-spss-handbook-referencedData.iml | 5 +- .../moa-spss-handbook-webserviceClient.iml | 2 +- spss/handbook/moa-spss-handbook.iml | 5 +- spss/server/moa-spss.iml | 5 +- spss/server/serverlib/moa-spss-lib.iml | 3 +- spss/server/serverws/moa-spss-ws.iml | 1 + spss/server/tools/moa-spss-tools.iml | 5 +- 21 files changed, 2104 insertions(+), 2106 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 742f8df89..f6325d7c7 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -63,6 +63,7 @@ + @@ -77,7 +78,6 @@ - diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 495444db1..c9f5fdde9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -120,7 +120,8 @@ public class OAGeneralConfig { identificationTypeList = Arrays.asList( Constants.IDENIFICATIONTYPE_FN, Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB); + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK); } @@ -216,7 +217,10 @@ public class OAGeneralConfig { if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { identificationType = split[1]; identificationNumber = split[2]; - } + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; // setting at as iden category ? + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 4a0bf744a..370923ca1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -746,13 +746,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, dboa.setStorkSPTargetCountry(generalOA.getStorkSPTargetCountry()); - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_STORK)) - num = num.substring(Constants.IDENIFICATIONTYPE_STORK.length()); - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getIdentificationType() + num); + idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getStorkSPTargetCountry()); idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); authoa.setIdentificationNumber(idnumber); diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 043374bc0..bf76e8805 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -58,6 +58,7 @@ + @@ -96,7 +97,6 @@ - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index d995f23af..91b3617ad 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -40,7 +40,7 @@ - + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6f6d9611a..01a2e5485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,74 +1,9 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.util.logging.Log; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.util.ArrayList; -//import java.security.cert.CertificateFactory; -import java.util.Calendar; -import java.util.Date; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Vector; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.*; +import at.gv.egovernment.moa.id.auth.data.*; +import at.gv.egovernment.moa.id.auth.exception.*; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -81,13 +16,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -109,13 +40,7 @@ import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.*; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; @@ -123,12 +48,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.*; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; import eu.stork.oasisdss.profile.SignRequest; @@ -138,6 +59,42 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import iaik.asn1.ObjectID; +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.*; +import org.xml.sax.SAXException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.cert.CertificateException; +import java.util.*; + +//import java.security.cert.CertificateFactory; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -149,148 +106,147 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; */ public class AuthenticationServer implements MOAIDAuthConstants { - /** single instance */ - private static AuthenticationServer instance; - - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes - private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data - * store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of AuthenticationServer. - * - * @return the single instance of AuthenticationServer - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - - - /** - * Processes the beginning of an authentication session. - *
    - *
  • Starts an authentication session
    • - *
  • Creates an <InfoboxReadRequest>
    • - *
  • Creates an HTML form for querying the identity link from the security - * layer implementation.
    - * Form parameters include - *
      - *
    • the <InfoboxReadRequest>
      • - *
    • the data URL where the security layer implementation sends it - * response to
      • - *
    - *
- * - * @param authURL - * URL of the servlet to be used as data URL - * @param target - * "Geschäftsbereich" of the online application requested - * @param targetFriendlyName - * Friendly name of the target if the target is configured via - * configuration - * @param oaURL - * online application URL requested - * @param bkuURL - * URL of the "Bürgerkartenumgebung" to be used; may be - * null; in this case, the default location will be - * used - * @param useMandate - * Indicates if mandate is used or not - * @param templateURL - * URL providing an HTML template for the HTML form generated - * @param templateMandteURL - * URL providing an HTML template for the HTML form generated - * (for signing in mandates mode) - * @param req - * determines the protocol used - * @param sourceID - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, - AuthenticationException, ConfigurationException, BuildException { - - if (session == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //load OnlineApplication configuration - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - - //load Template - String template = null; - if (session.getTemplateURL() != null) { - try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - session.getTemplateURL(), ex.toString() }, ex); - } - } - - String infoboxReadRequest = ""; - - String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { - //load identityLink with SSO Target - boolean isbuisness = false; - - if (domainIdentifier.startsWith(PREFIX_WPBK)) { - - isbuisness = true; - - } else { - isbuisness = false; - - } - - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - isbuisness, domainIdentifier); - - } else { - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getBusinessService(), oaParam - .getIdentityLinkDomainIdentifier()); - } - - - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); - - //removed in MOAID 2.0 - String pushInfobox = ""; + /** + * single instance + */ + private static AuthenticationServer instance; + + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + + + /** + * Processes the beginning of an authentication session. + *
    + *
  • Starts an authentication session
    • + *
  • Creates an <InfoboxReadRequest>
    • + *
  • Creates an HTML form for querying the identity link from the security + * layer implementation.
    + * Form parameters include + *
      + *
    • the <InfoboxReadRequest>
      • + *
    • the data URL where the security layer implementation sends it + * response to
      • + *
    + *
+ * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via + * configuration + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; may be + * null; in this case, the default location will be + * used + * @param useMandate Indicates if mandate is used or not + * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated + * (for signing in mandates mode) + * @param req determines the protocol used + * @param sourceID + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + AuthenticationException, ConfigurationException, BuildException { + + if (session == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[]{ + session.getTemplateURL(), ex.toString()}, ex); + } + } + + String infoboxReadRequest = ""; + + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = true; + + } else { + isbuisness = false; + + } + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + isbuisness, domainIdentifier); + + } else { + + if (oaParam.getStorkService()) + // build stork request + infoboxReadRequest = new InfoboxReadRequestBuilder().buildStorkReadRequest( + oaParam.getIdentityLinkDomainIdentifier()); + else + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.getBusinessService(), oaParam + .getIdentityLinkDomainIdentifier()); + } + + + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session + .getSessionID()); + + //removed in MOAID 2.0 + String pushInfobox = ""; // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); @@ -299,1787 +255,1743 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setPushInfobox(pushInfobox); // } - //build CertInfo request - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(); - String certInfoDataURL = new DataURLBuilder() - .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - session.getSessionID()); - - //get Applet Parameters - String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); - String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); - appletheigth = StringEscapeUtils.escapeHtml(appletheigth); - appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - * @throws BKUException - */ - public String verifyIdentityLink(AuthenticationSession session, - Map infoboxReadResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); - - String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // check if an identity link was found - // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform - // (SL1.2)) - // CharSequence se = "ErrorCode>2911".substring(0); - // boolean b = xmlInfoboxReadResponse.contains(se); - String se = "ErrorCode>2911"; - int b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // no identity link found - Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); - return null; - } - // spezifikationsgemaess (SL1.2) Errorcode - se = "ErrorCode>4002"; - // b = xmlInfoboxReadResponse.contains(se); - b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // Unbekannter Infoboxbezeichner - Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); - return null; - } - - // parses the - IdentityLink identityLink = new InfoboxReadResponseParser( - xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true - : false; - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - ignoreManifestValidationResult); - - session.setIdentityLink(identityLink); - // now validate the extended infoboxes - - //Removed in MOA-ID 2.0 - //verifyInfoboxes(session, infoboxReadResponseParameters, false); - - return "found!"; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, MOAIDException{ - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - // check if person is a Organwalter - // if true - don't show bPK in AUTH Block - try { - for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { - if (certificate.getExtension(OWid) != null) { - session.setOW(true); - } - - } - - } catch (X509ExtensionInitException e) { - Logger.warn("Certificate extension is not readable."); - session.setOW(false); - } - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - return returnvalue; - } - - /** - * Processes an Mandate sent by the MIS.
- *
    - *
  • Validates given Mandate
    • - *
  • Verifies Mandate by calling the MOA SP component
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - GET_MIS_SESSIONID, PARAM_SESSIONID }); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - try { - // sets the extended SAML attributes for OID (Organwalter) - setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam - .getBusinessService()); - - validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - - } - - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); - - // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos); - return createXMLSignatureRequest; - } - - /** - * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
- *
    - *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param cert - * The certificate from the user - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, - X509Certificate cert) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - Principal subject = cert.getSubjectDN(); - - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); - return createXMLSignatureRequest; - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param createXMLSignatureResponseParameters - * The parameters from the response returned from the BKU - * including the <CreateXMLSignatureResponse> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_SESSIONID }); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // parses the - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param readInfoboxResponseParameters - * The parameters from the response returned from the BKU - * including the <ReadInfoboxResponse> - * @throws BKUException - */ - public X509Certificate getCertificate(String sessionID, - Map readInfoboxResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlReadInfoboxResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE }); - - // parses the - InfoboxReadResponseParser p = new InfoboxReadResponseParser( - xmlReadInfoboxResponse); - X509Certificate cert = p.parseCertificate(); - - return cert; - - } - - /** - * Builds an authentication block <saml:Assertion> from - * given session data. - * - * @param session - * authentication session - * - * @return <saml:Assertion> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - - String identificationValue = null; - String identificationType = null; - - //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { - identificationType = ""; - identificationValue = ""; - - } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - if (oaParam.getBusinessService()) { - - String bpkBase64 = new BPKBuilder().buildWBPK(identityLink - .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); - identificationValue = bpkBase64; - - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) - identificationType = oaParam.getIdentityLinkDomainIdentifier(); - else - identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - - } else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); - } - - - } else { - identificationValue = identityLink.getIdentificationValue(); - identificationType = identityLink.getIdentificationType(); - - } - - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - - if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); - - } catch (ConfigurationException e) { - } - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - } - } - - - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void validateExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, - boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - mandate, business, false); - - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - verifySAMLAttribute(samlAttribute, i, "MISService", - "MISService"); - - } - } - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void setExtendedSAMLAttributeForMandatesOID( - AuthenticationSession session, MISMandate mandate, boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( - mandate, business); - - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); - - } - - /** - * Adds given SAML Attributes to the current session. They will be appended - * to the final SAML Assertion or the AUTH block. If the attributes are - * already in the list, they will be replaced. - * - * @param session - * The current session - * @param extendedSAMLAttributes - * The SAML attributes to add - * @param identifier - * The infobox identifier for debug purposes - * @param friendlyNam - * The friendly name of the infobox for debug purposes - */ - private static void AddAdditionalSAMLAttributes( - AuthenticationSession session, - ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, - String friendlyName) throws ValidateException { - if (extendedSAMLAttributes == null) - return; - List oaAttributes = session.getExtendedSAMLAttributesOA(); - if (oaAttributes == null) - oaAttributes = new Vector(); - List authAttributes = session.getExtendedSAMLAttributesAUTH(); - if (authAttributes == null) - authAttributes = new Vector(); - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - Object value = verifySAMLAttribute(samlAttribute, i, identifier, - friendlyName); - - if ((value instanceof String) || (value instanceof Element)) { - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - default: - Logger - .info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() - + ") in SAML attribute number " - + (i + 1) - + " for infobox " + identifier); - throw new ValidateException("validator.47", new Object[] { - friendlyName, String.valueOf((i + 1)) }); - } - } else { - Logger - .info("The type of SAML-Attribute number " - + (i + 1) - + " returned from " - + identifier - + "-infobox validator is not valid. Must be either \"java.Lang.String\"" - + " or \"org.w3c.dom.Element\""); - throw new ValidateException("validator.46", new Object[] { - identifier, String.valueOf((i + 1)) }); - } - } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - - protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( - MISMandate mandate, boolean business, boolean provideStammzahl) - throws SAXException, IOException, ParserConfigurationException, - TransformerException { - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // Name - Element domMandate = mandateToElement(mandate); - Element nameSpaceNode = domMandate.getOwnerDocument().createElement( - "NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, - Constants.PD_NS_URI); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, - SZRGWConstants.MANDATE_NS); - - Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, - "//md:Mandate/md:Mandator", nameSpaceNode); - - // Mandate - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_RAW, domMandate, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)) { - String idType = ParepUtils - .extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) - && idType.startsWith(Constants.URN_PREFIX_BASEID)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_CB_BASE_ID, - ParepUtils.getRegisterString(idType) + ": " + wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (business) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_WBPK, wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( - MISMandate mandate, boolean business) throws SAXException, - IOException, ParserConfigurationException, TransformerException { - - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // RepresentationType - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_REPRESENTATIONTYPE, - EXT_SAML_MANDATE_REPRESENTATIONTEXT, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - String oid = mandate.getProfRep(); - - if (oid != null) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OID, oid, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - String oidDescription = mandate.getTextualDescriptionOfOID(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - oidDescription, SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * - * @param mandate - * @return - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private static Element mandateToElement(MISMandate mandate) - throws SAXException, IOException, ParserConfigurationException { - ByteArrayInputStream bais = new ByteArrayInputStream(mandate - .getMandate()); - Document doc = DOMUtils.parseDocumentSimple(bais); - return doc.getDocumentElement(); - } - - protected static void replaceExtendedSAMLAttribute(List attributes, - ExtendedSAMLAttribute samlAttribute) { - if (null == attributes) { - attributes = new Vector(); - } else { - String id = samlAttribute.getName(); - int length = attributes.size(); - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes - .get(i); - if (id.equals(att.getName())) { - // replace attribute - attributes.set(i, samlAttribute); - return; - } - } - attributes.add(samlAttribute); - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - * @throws BKUException - */ - public String verifyAuthenticationBlock(AuthenticationSession session, - String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - // parses - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureReadResponse).parseResponse(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp - .getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } - // validates - if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); - else - new CreateXMLSignatureResponseValidator().validate(csresp, session); - - // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, - vtids, tpid); - // debug output - - // invokes the call - Element domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); - // debug output - - // parses the - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( - domVsresp).parseData(); - - if (Logger.isTraceEnabled()) { - if (domVsresp != null) { - try { - String xmlVerifyXMLSignatureResponse = DOMUtils - .serializeNode(domVsresp, true); - Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); - Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); - } catch (Throwable t) { - t.printStackTrace(); - Logger.info(new LogMsg(t.getStackTrace())); - } - } - } - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - false); - - // Compare AuthBlock Data with information stored in session, especially - // date and time - CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, session.getIdentityLink()); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(false); - - if (session.getUseMandate()) { - // mandate mode - return null; - - } else { - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - - String oldsessionID = session.getSessionID(); - - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - return newMOASessionID; - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - - protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { - Element identificationBpK = mandatePerson.getOwnerDocument() - .createElementNS(Constants.PD_NS_URI, "Identification"); - Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Value"); - - String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); - valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - bpkBase64)); - Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Type"); - typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - "urn:publicid:gv.at:cdid+bpk")); - identificationBpK.appendChild(valueBpK); - identificationBpK.appendChild(typeBpK); - - return identificationBpK; - - } - - protected String getBaseId(Element mandatePerson) - throws TransformerException, IOException { - NodeList list = mandatePerson.getElementsByTagNameNS( - Constants.PD_NS_URI, "Identification"); - for (int i = 0; i < list.getLength(); i++) { - Element identification = (Element) list.item(i); - Element type = (Element) identification.getElementsByTagNameNS( - Constants.PD_NS_URI, "Type").item(0); - if (type.getTextContent().compareToIgnoreCase( - "urn:publicid:gv.at:baseid") == 0) { - Element value = (Element) identification - .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") - .item(0); - return value.getTextContent(); - } - } - return null; - - } - - /** - * Gets the foreign authentication data.
- *
    - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - public String getForeignAuthenticationData(AuthenticationSession session) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getSignerCertificate(); - vsresp.setX509certificate(cert); - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(true); - - //TODO: regenerate MOASession ID! - return "new Session"; - } - - /** - * Builds the AuthenticationData object together with the corresponding - * <saml:Assertion> - * - * @param session - * authentication session - * @param verifyXMLSigResp - * VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException - * while accessing configuration data - * @throws BuildException - * while building the <saml:Assertion> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - if (session.getUseMandate() && session.isOW()) { - MISMandate mandate = session.getMISMandate(); - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - - /** - * Retrieves a session from the session store. - * - * @param id - * session ID - * @return AuthenticationSession stored with given session ID, - * null if session ID unknown - */ - public static AuthenticationSession getSession(String id) - throws AuthenticationException { - - AuthenticationSession session; - try { - session = AuthenticationSessionStoreage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("parser.04", new Object[] { id }); - } - } - - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - - //clean AuthenticationSessionStore - - AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - - //clean AssertionStore - AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore - DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); - exstore.clean(now, authDataTimeOut); - - } - - /** - * Sets the sessionTimeOut. - * - * @param seconds - * Time out of the session in seconds - */ - public void setSecondsSessionTimeOutCreated(long seconds) { - sessionTimeOutCreated = seconds * 1000; - } - - public void setSecondsSessionTimeOutUpdated(long seconds) { - sessionTimeOutUpdated = seconds * 1000; - } - - /** - * Sets the authDataTimeOut. - * - * @param seconds - * Time out for signing AuthData in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = seconds * 1000; - } - - /** - * Checks a parameter. - * - * @param param - * parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Checks the correctness of SAML attributes and returns its value. - * - * @param param - * samlAttribute - * @param i - * the number of the verified attribute for messages - * @param identifier - * the infobox identifier for messages - * @param friendlyname - * the friendly name of the infobox for messages - * @return the SAML attribute value (Element or String) - */ - protected static Object verifySAMLAttribute( - ExtendedSAMLAttribute samlAttribute, int i, String identifier, - String friendlyName) throws ValidateException { - String name = samlAttribute.getName(); - - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "null" }); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is empty."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "leer" }); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", - new Object[] { friendlyName, "Namespace", - String.valueOf((i + 1)), "null" }); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Wert", String.valueOf((i + 1)), "null" }); - } - - return value; - } - - /** - * Does the request to the SZR-GW - * @param oaFriendlyName - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException - */ - - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - - SZRGWClient client = new SZRGWClient(connectionParameters); - - - CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(citizenSignature.getBytes()); - - PEPSData data = new PEPSData(); - data.setDateOfBirth(PEPSDateOfBirth); - data.setFamilyname(PEPSFamilyname); - data.setFirstname(PEPSFirstname); - data.setIdentifier(PEPSIdentifier); - - data.setRepresentative(representative); - data.setRepresented(represented); - data.setMandateContent(mandateContent); - - data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); - data.setLegalPersonTranslatableType(organizationType); - - if(null != mandateContent) { - MISType mis = new MISType(); - - Target targetObject = new Target(); - targetObject.setType(targetType); - targetObject.setValue(targetValue); - mis.setTarget(targetObject); - - mis.setOAFriendlyName(oaFriendlyName); - - Filters filterObject = new Filters(); - MandateIdentifiers mandateIds = new MandateIdentifiers(); - for(String current : filters.split(",")) - mandateIds.getMandateIdentifier().add(current.trim()); - filterObject.setMandateIdentifiers(mandateIds); - mis.setFilters(filterObject); - - request.setMIS(mis); - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); - return response; - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } - - return null; - - } - - /** - * Does the request to the SZR-GW. - * - * @param signature the signature - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); - } - - /** - * Does the request to the SZR-GW. - * - * @param PEPSIdentifier the pEPS identifier - * @param PEPSFirstname the pEPS firstname - * @param PEPSFamilyname the pEPS familyname - * @param PEPSDateOfBirth the pEPS date of birth - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); - } - - /** - * Gets the identity link. - * - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @param organizationAddress the organization address - * @param organizationType the organization type - * @return the identity link - * @throws SZRGWClientException - */ - public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, - String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, - citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * SZR-GW Client interface. - * - * @param eIdentifier the e identifier - * @param givenName the given name - * @param lastName the last name - * @param dateOfBirth the date of birth - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - */ - public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, String gender, - String citizenSignature, String representative, String represented, - String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, - citizenSignature, representative, represented, mandate, null, - null, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * Starts a MOA-ID authentication process using STORK - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public static void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - String providerName= oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - List attributesFromConfig = oaParam.getRequestedAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for(OAStorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if(current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = currentGlobalAttribute.isMandatory(); - break; - } - - newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", - moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (OAStorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL); - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setStorkAuthnRequest(authnRequest); - HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - httpSession.invalidate(); - throw new MOAIDException("stork.02", new Object[] { destination }); - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - } - - private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes()); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } - - /** - * Extracts an X509 Certificate out of an XML signagture element - * @param signedXML XML signature element - * @return X509Certificate - * @throws CertificateException - */ - public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - - NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - - String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { - String msg = "XML does not contain a X509Certificate element."; - Logger.error(msg); - throw new CertificateException(msg); - } - - InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - X509Certificate cert; - try { - cert = new X509Certificate(is); - return cert; - - } catch (Throwable e) { - throw new CertificateException(e); - } - } + //build CertInfo request + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() + .build(); + String certInfoDataURL = new DataURLBuilder() + .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, + session.getSessionID()); + + //get Applet Parameters + String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); + String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); + appletheigth = StringEscapeUtils.escapeHtml(appletheigth); + appletwidth = StringEscapeUtils.escapeHtml(appletwidth); + + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, + certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + * @throws BKUException + */ + public String verifyIdentityLink(AuthenticationSession session, + Map infoboxReadResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform + // (SL1.2)) + // CharSequence se = "ErrorCode>2911".substring(0); + // boolean b = xmlInfoboxReadResponse.contains(se); + String se = "ErrorCode>2911"; + int b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // no identity link found + Logger + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); + return null; + } + // spezifikationsgemaess (SL1.2) Errorcode + se = "ErrorCode>4002"; + // b = xmlInfoboxReadResponse.contains(se); + b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // Unbekannter Infoboxbezeichner + Logger + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); + return null; + } + + // parses the + IdentityLink identityLink = new InfoboxReadResponseParser( + xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(identityLink, authConf + .getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has + // to be ignored + boolean ignoreManifestValidationResult = (oaParam.getBusinessService() || oaParam.getStorkService()) ? true + : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + + //Removed in MOA-ID 2.0 + //verifyInfoboxes(session, infoboxReadResponseParameters, false); + + return "found!"; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String verifyCertificate(AuthenticationSession session, + X509Certificate certificate) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, MOAIDException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + // check if person is a Organwalter + // if true - don't show bPK in AUTH Block + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; + } + + /** + * Processes an Mandate sent by the MIS.
+ *
    + *
  • Validates given Mandate
    • + *
  • Verifies Mandate by calling the MOA SP component
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public void verifyMandate(AuthenticationSession session, MISMandate mandate) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + GET_MIS_SESSIONID, PARAM_SESSIONID}); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + try { + // sets the extended SAML attributes for OID (Organwalter) + setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam + .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } + + } + + /** + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ + public String getCreateXMLSignatureRequestAuthBlockOrRedirect( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam) throws ConfigurationException, + BuildException, ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session, oaParam); + + // builds the + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .build(authBlock, oaParam.getKeyBoxIdentifier(), + transformsInfos); + return createXMLSignatureRequest; + } + + /** + * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
+ *
    + *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param cert The certificate from the user + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String createXMLSignatureRequestForeignID(AuthenticationSession session, + X509Certificate cert) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, + cert); + } + + public String getCreateXMLSignatureRequestForeigID( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam, X509Certificate cert) + throws ConfigurationException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + Principal subject = cert.getSubjectDN(); + + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .buildForeignID(subject.toString(), oaParam, session); + return createXMLSignatureRequest; + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU + * including the <CreateXMLSignatureResponse> + * @throws BKUException + */ + public X509Certificate verifyXMLSignature(String sessionID, + Map createXMLSignatureResponseParameters) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p + .parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .buildDsig(createXMLSignatureResponse, authConf + .getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from the BKU + * including the <ReadInfoboxResponse> + * @throws BKUException + */ + public X509Certificate getCertificate(String sessionID, + Map readInfoboxResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser( + xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + + /** + * Builds an authentication block <saml:Assertion> from + * given session data. + * + * @param session authentication session + * @return <saml:Assertion> as a String + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + + String identificationValue = null; + String identificationType = null; + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested + if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + identificationType = ""; + identificationValue = ""; + + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (oaParam.getBusinessService()) { + + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink + .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); + identificationValue = bpkBase64; + + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = oaParam.getIdentityLinkDomainIdentifier(); + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); + + // Bug #485 + // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + // String oaURL = session.getPublicOAURLPrefix(); + + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + + + if (session.isSsoRequested()) { + String oaURL = new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + } + + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void validateExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, + boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandatesOID( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( + mandate, business); + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, + "MISService", "MISService"); + + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes( + AuthenticationSession session, + ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, + String friendlyName) throws ValidateException { + if (extendedSAMLAttributes == null) + return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes == null) + oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes == null) + authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[]{ + friendlyName, String.valueOf((i + 1))}); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[]{ + identifier, String.valueOf((i + 1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + MISMandate mandate, boolean business, boolean provideStammzahl) + throws SAXException, IOException, ParserConfigurationException, + TransformerException { + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // Name + Element domMandate = mandateToElement(mandate); + Element nameSpaceNode = domMandate.getOwnerDocument().createElement( + "NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, + Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, + SZRGWConstants.MANDATE_NS); + + Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, + "//md:Mandate/md:Mandator", nameSpaceNode); + + // Mandate + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_RAW, domMandate, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)) { + String idType = ParepUtils + .extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) + && idType.startsWith(Constants.URN_PREFIX_BASEID)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_CB_BASE_ID, + ParepUtils.getRegisterString(idType) + ": " + wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (business) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_WBPK, wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( + MISMandate mandate, boolean business) throws SAXException, + IOException, ParserConfigurationException, TransformerException { + + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // RepresentationType + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String oid = mandate.getProfRep(); + + if (oid != null) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + String oidDescription = mandate.getTextualDescriptionOfOID(); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * @param mandate + * @return + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private static Element mandateToElement(MISMandate mandate) + throws SAXException, IOException, ParserConfigurationException { + ByteArrayInputStream bais = new ByteArrayInputStream(mandate + .getMandate()); + Document doc = DOMUtils.parseDocumentSimple(bais); + return doc.getDocumentElement(); + } + + protected static void replaceExtendedSAMLAttribute(List attributes, + ExtendedSAMLAttribute samlAttribute) { + if (null == attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes + .get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + * @throws BKUException + */ + public String verifyAuthenticationBlock(AuthenticationSession session, + String xmlCreateXMLSignatureReadResponse) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + // parses + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureReadResponse).parseResponse(); + + try { + String serializedAssertion = DOMUtils.serializeNode(csresp + .getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + + // builds a for a MOA-SPSS call + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, + vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker() + .verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( + domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp != null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils + .serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + // Compare AuthBlock Data with information stored in session, especially + // date and time + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, session.getIdentityLink()); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp + .getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + + if (session.getUseMandate()) { + // mandate mode + return null; + + } else { + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + + protected Element createIdentificationBPK(Element mandatePerson, + String baseid, String target) throws BuildException { + Element identificationBpK = mandatePerson.getOwnerDocument() + .createElementNS(Constants.PD_NS_URI, "Identification"); + Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Value"); + + String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); + valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + bpkBase64)); + Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Type"); + typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + "urn:publicid:gv.at:cdid+bpk")); + identificationBpK.appendChild(valueBpK); + identificationBpK.appendChild(typeBpK); + + return identificationBpK; + + } + + protected String getBaseId(Element mandatePerson) + throws TransformerException, IOException { + NodeList list = mandatePerson.getElementsByTagNameNS( + Constants.PD_NS_URI, "Identification"); + for (int i = 0; i < list.getLength(); i++) { + Element identification = (Element) list.item(i); + Element type = (Element) identification.getElementsByTagNameNS( + Constants.PD_NS_URI, "Type").item(0); + if (type.getTextContent().compareToIgnoreCase( + "urn:publicid:gv.at:baseid") == 0) { + Element value = (Element) identification + .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") + .item(0); + return value.getTextContent(); + } + } + return null; + + } + + /** + * Gets the foreign authentication data.
+ *
    + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + public String getForeignAuthenticationData(AuthenticationSession session) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session + .getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getSignerCertificate(); + vsresp.setX509certificate(cert); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //TODO: regenerate MOASession ID! + return "new Session"; + } + + /** + * Builds the AuthenticationData object together with the corresponding + * <saml:Assertion> + * + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance())); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + try { + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + authData.setIdentityLink(identityLink); + + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + return authData; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + } + + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) + throws AuthenticationException { + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + if (session == null) + throw new AuthenticationException("auth.02", new Object[]{id}); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[]{id}); + } + } + + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + + //clean AuthenticationSessionStore + + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); + + //clean ExeptionStore + DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); + exstore.clean(now, authDataTimeOut); + + } + + /** + * Sets the sessionTimeOut. + * + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; + } + + /** + * Sets the authDataTimeOut. + * + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = seconds * 1000; + } + + /** + * Checks a parameter. + * + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + /** + * Checks the correctness of SAML attributes and returns its value. + * + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + protected static Object verifySAMLAttribute( + ExtendedSAMLAttribute samlAttribute, int i, String identifier, + String friendlyName) throws ValidateException { + String name = samlAttribute.getName(); + + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is empty."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", + new Object[]{friendlyName, "Namespace", + String.valueOf((i + 1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Wert", String.valueOf((i + 1)), "null"}); + } + + return value; + } + + /** + * Does the request to the SZR-GW + * + * @param oaFriendlyName + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + SZRGWClient client = new SZRGWClient(connectionParameters); + + + CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); + request.setSignature(citizenSignature.getBytes()); + + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); + + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); + + if (null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setType(targetType); + targetObject.setValue(targetValue); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for (String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); + return response; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null)); + } + + return null; + + } + + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); + } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, String gender, + String citizenSignature, String representative, String represented, + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * Starts a MOA-ID authentication process using STORK + * + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); + + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName = oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + // prepare collection of required attributes + // - attributes for online application + List attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for (OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + + boolean globallyMandatory = false; + for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if (current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); + attributeList.add(newAttribute); + } + + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List value = new ArrayList(); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); + } + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode(moasession.getCcc()); + + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + try { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moasession.setStorkAuthnRequest(authnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[]{destination}); + } + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + } + + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + DocumentType doc = new DocumentType(); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); + + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (IOException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index 828fc78ab..ba347c9e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -51,82 +51,143 @@ import at.gv.egovernment.moa.util.Constants; /** * Builder for the <InfoboxReadRequest> structure * used for requesting the identity link from the security layer implementation. - * + * * @author Paul Ivancsics * @version $Id$ */ public class InfoboxReadRequestBuilder implements Constants { - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - - - /** - * Builds an <InfoboxReadRequest>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe null if the OA - * is a public service; must not be null - * if the OA is a business service - * - * @return <InfoboxReadRequest> as String - */ - public String build(boolean businessService, String identityLinkDomainIdentifier) { - - String slPrefix; - String slNsDeclaration; - + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + */ + public String build(boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + // if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; // } else { // slPrefix = SL10_PREFIX; // slNsDeclaration = SL10_NS_URI; // } - - StringBuffer sb = new StringBuffer(""); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>IdentityLink"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); - if (businessService) { - sb.append("<"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":IdentityLinkDomainIdentifier>"); - sb.append(identityLinkDomainIdentifier); - sb.append(""); - sb.append(""); + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + * + */ + public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + + // append box parameters - necessary for stork? + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + // end appending box parameters + + sb.append(""); + + return sb.toString(); + } - sb.append(""); - - return sb.toString(); - - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 7e21c6667..2d0a0e367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,7 +55,12 @@ public class OAParameter { this.businessService = true; else this.businessService = false; - + + if (this.oaType.equals("storkService")) + this.storkService = true; + else + this.storkService = false; + this.publicURLPrefix = oa.getPublicURLPrefix(); this.friendlyName = oa.getFriendlyName(); @@ -81,8 +86,15 @@ public class OAParameter { * if value of {@link #oaType} is "businessService" */ private boolean businessService; - - /** + + /** + * specifies whether the online application is a stork application or not (true + * if value of {@link #oaType} is "storkService" + */ + private boolean storkService; + + + /** * public URL prefix of the online application */ private String publicURLPrefix; @@ -139,5 +151,7 @@ public class OAParameter { public OAOAUTH20 getoAuth20Config() { return oAuth20Config; } + + public boolean getStorkService() { return storkService; } } diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index ef994abd3..aeb4ad88c 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -61,6 +61,7 @@ + @@ -75,7 +76,6 @@ - diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml index c418d6693..6e02e5944 100644 --- a/id/server/moa-id.iml +++ b/id/server/moa-id.iml @@ -8,6 +8,7 @@ + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index e61d841ce..279d544b1 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -55,6 +55,7 @@ + @@ -93,7 +94,6 @@ - diff --git a/pom.xml b/pom.xml index d87ab8a4e..c4126fbfb 100644 --- a/pom.xml +++ b/pom.xml @@ -469,6 +469,12 @@ dll runtime + + commons-io + commons-io + 1.3.2 + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index 3dda938d9..6e02e5944 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index 678776d19..07392b36c 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -13,13 +13,14 @@ - - + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index deed935ed..0b49fc962 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -10,13 +10,14 @@ - - + + + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index 567359474..6e02e5944 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 93d7e676f..d1832bd65 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,8 +55,6 @@ - - @@ -91,6 +89,7 @@ + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index ae8f03a70..0714500d5 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -56,6 +56,7 @@ + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index a880f50ab..25d80b1dd 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,8 +1,8 @@ - - + + @@ -17,6 +17,7 @@ + -- cgit v1.2.3 From bfbafd2a1fd8dc9e8f36b1cf7ea665e7385b47bf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Mar 2014 12:56:43 +0100 Subject: Fix NullPointer exception --- id/ConfigWebTool/pom.xml | 2 +- .../java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java | 2 +- .../java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 9d99fb343..287b0b096 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -45,7 +45,7 @@ MOA.id.server moa-id-commons - 1.9.98-SNAPSHOT + 2.0-RC1 MOA.id.server diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 6f1112e2e..37135439e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -69,7 +69,7 @@ public class MailHelper { String template = readTemplateFromURL(templateurl); - if (userdb.isIsMandateUser()) { + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); template = template.replace(PATTERN_FAMILYNAME, ""); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c9fc07b70..34366b790 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -491,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{ } } catch (Throwable e) { - Logger.info("An authentication error occous: " + e.getMessage());; + Logger.warn("An authentication error occous: ", e);; // Try handle module specific, if not possible rethrow if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { throw e; -- cgit v1.2.3 From f5576c318bb35ba7e0c59b6b1a590bf52422bf1c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Mar 2014 13:24:17 +0100 Subject: fix Database update problem --- .../java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 37135439e..0aeed8cb5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -174,7 +174,7 @@ public class MailHelper { String template = readTemplateFromURL(templateurl); - if (userdb.isIsMandateUser()) { + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); template = template.replace(PATTERN_FAMILYNAME, ""); -- cgit v1.2.3 From ef72bd803121c3383ca9c8f0dd1c308c04963330 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Mar 2014 13:58:05 +0100 Subject: check if InResponseTo match requestID --- .../configuration/struts/action/IndexAction.java | 43 +++++++++++----------- 1 file changed, 21 insertions(+), 22 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index a51709e04..8004ab520 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -278,6 +278,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, Response samlResponse = (Response) messageContext.getInboundMessage(); + //ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + if (!authID.equals(samlResponse.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + Signature sign = samlResponse.getSignature(); if (sign == null) { log.info("Only http POST Requests can be used"); @@ -352,29 +364,9 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, saml2assertions = samlResponse.getAssertions(); } - - - if (MiscUtil.isEmpty(authID)) { - log.info("NO AuthRequestID"); - return Constants.STRUTS_ERROR; - } - + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - Subject subject = saml2assertion.getSubject(); - List subjectconformlist = subject.getSubjectConfirmations(); - for (SubjectConfirmation el : subjectconformlist) { - if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) { - SubjectConfirmationData date = el.getSubjectConfirmationData(); - - if (!authID.equals(date.getInResponseTo())) { - log.warn("PVPRequestID does not match PVP2 Assertion ID!"); - return Constants.STRUTS_ERROR; - - } - } - } - + Conditions conditions = saml2assertion.getConditions(); DateTime notbefore = conditions.getNotBefore(); DateTime notafter = conditions.getNotOnOrAfter(); @@ -383,6 +375,13 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, return Constants.STRUTS_ERROR; } + + Subject subject = saml2assertion.getSubject(); + if (subject == null) { + log.warn("Assertion has no Subject element"); + return Constants.STRUTS_ERROR; + + } NameID nameID = subject.getNameID(); if (nameID == null) { -- cgit v1.2.3 From 5b31c460806ae2e1900a3df323e7fecfdb798e32 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 10 Mar 2014 08:42:49 +0100 Subject: update ConfigTool and Handbook --- .../src/main/resources/applicationResources.properties | 2 +- id/server/doc/handbook/config/config.html | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 914c4cd62..830a638a1 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -107,7 +107,7 @@ webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates webpages.moaconfig.certificates.chainingmode=ChainingMode webpages.moaconfig.timeout.header=Session TimeOuts -webpages.moaconfig.timeout.assertion=Assertion [sec] +webpages.moaconfig.timeout.assertion=Anmeldedaten [sec] webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] webpages.moaconfig.moasp.header=MOA-SP Konfiguration diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index b41389798..4d8976776 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -960,9 +960,14 @@ Checking Beschreibung - Assertion + Anmeldedaten 300 - Gibt die Zeitspanne in Sekunden an, für die die Anmeldedaten in der Authentisierungskomponente (MOA-ID-Auth) zum Abholen durch die eine nachfolgende Applikation bereitstehen. Nach Ablauf dieser Zeitspanne werden die Anmeldedaten gelöscht. +

Gibt die Zeitspanne in Sekunden an, für die Anmeldedaten, temporäre Sessiondaten oder Assertions in der Authentisierungskomponente (MOA-ID-Auth) vorrätig gehalten werden. Nach Ablauf dieser Zeitspanne werden diese Daten gelöscht oder der Anmeldevorgang abgebrochen. Dieser Parameter hat Einfluss auf folgende Funktionen:

+
    +
  • maximale Zeitspanne eines Anmeldevorgangs vom Authentification Request bis zur Authentification Response gerechnet.
    • +
  • maximale Zeitspanne welche einer Online-Applikation zum Abholen der Anmeldedaten zur Verfügung steht. (SAML mit Artifact Binding und OpenID Connect)
    • +
  • maximale Zeitspanne zum Abholen zusätzlicher STORK2 Attribute (Zeitdauer je Attribut)
    • +
SSO Session authentifiziert @@ -1418,11 +1423,11 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der     X - Definiert ob eine Online-Applikation ausschließlich Anmeldungen mittels Online-Vollmachten unterstützt. Wenn ja, wird in während der BKU-Auswahl die Option in Vertretung für eine Anmeldung in Vertretung standardmäßig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht geändert werden.. + Definiert ob eine Online-Applikation ausschließlich Anmeldungen mittels Online-Vollmachten unterstützt. Wenn ja, wird in während der BKU-Auswahl die Option in Vertretung für eine Anmeldung in Vertretung standardmäßig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht geändert werden.

 

-

Hinweis: Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe Abschnitt 3.2.2) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung.

+

Hinweis: Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe Abschnitt 3.2.2) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung. Die Funktionalität der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.

3.2.4 Single Sign-On (SSO)

Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On

-- cgit v1.2.3 From 4ade7db6124eec07aebf087721d3d478f92bdaad Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:59:19 +0100 Subject: added consent-checkbox to config ui --- .../moa/id/configuration/data/oa/OASTORKConfig.java | 10 ++++++++++ .../moa/id/configuration/struts/action/EditOAAction.java | 1 + .../src/main/resources/applicationResources.properties | 1 + id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 6 ++++++ .../gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 5 ++++- .../moa/id/protocols/stork2/AttributeCollector.java | 7 ++++++- .../src/main/resources/config/moaid_config_2.0.xsd | 13 +++++++++---- 7 files changed, 37 insertions(+), 6 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 929a3673c..d9f2a4d85 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -84,6 +84,7 @@ public class OASTORKConfig { // fetch vidp config setVidpEnabled(config.isVidpEnabled()); + setRequireConsent(config.isRequireConsent()); attributeProviderPlugins = config.getAttributeProviders(); // - if no attribute providers are configured, add a dummy @@ -150,6 +151,7 @@ public class OASTORKConfig { */ private boolean vidpEnabled = false; private List attributeProviderPlugins = new ArrayList(); + private boolean requireConsent; public List getAvailableAttributeProviderPlugins() { return AttributeProviderFactory.getAvailablePlugins(); @@ -170,4 +172,12 @@ public class OASTORKConfig { public void setVidpEnabled(boolean update) { vidpEnabled = update; } + + public boolean isRequireConsent() { + return requireConsent; + } + + public void setRequireConsent(boolean update) { + requireConsent = update; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 370923ca1..f8a12e58b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -1036,6 +1036,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, stork.setQaa(storkOA.getQaa()); stork.setOAAttributes(storkOA.getAttributes()); stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setRequireConsent(storkOA.isRequireConsent()); stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); try { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index ef52892b3..18d19c06b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -278,6 +278,7 @@ webpages.oaconfig.oauth20.clientSecret=Client Passwort webpages.oaconfig.oauth20.redirectUri=Redirect Uri webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.requireconsent=Zustimmung f\u00FCr das Ausliefern der Attribute vom Benutzer einholen? webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen webpages.oaconfig.vidp.ap.remove=Entfernen webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 78ad500ef..6749b5131 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -537,6 +537,12 @@ key="webpages.oaconfig.vidp.enabled" cssClass="checkbox" id="OAuseVidp" />

+

<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d1de20c4d..31ba64be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -67,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; -import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -350,6 +349,10 @@ public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } +public boolean isRequireConsentForStorkAttributes() { + return oa_auth.getOASTORK().isRequireConsent(); +} + public List getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 5d972ba00..7dbbb5734 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -148,7 +148,12 @@ public class AttributeCollector implements IAction { // else, update any existing attributes addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } - new ConsentEvaluatorSepp().requestConsent(container, response, oaParam); + + // ask for consent if necessary + if(oaParam.isRequireConsentForStorkAttributes()) + new ConsentEvaluator().requestConsent(container, response, oaParam); + else + new ConsentEvaluator().generateSTORKResponse(response, container); return "12345"; // AssertionId diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index b7e8f6ff3..936363169 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -883,11 +883,16 @@ - - - + + + - + + + -- cgit v1.2.3 From 65b593ec0e2603330ef977db531a6bdac8651994 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Mar 2014 10:42:01 +0100 Subject: solve formID problem --- .../struts/action/ImportExportAction.java | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index 3bc2d4ac5..655ce7a59 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -198,6 +198,10 @@ implements ServletRequestAware, ServletResponseAware { ConfigurationDBUtils.closeSession(); } + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + log.info("Legacy Configuration load is completed."); addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); return Constants.STRUTS_SUCCESS; @@ -285,6 +289,11 @@ implements ServletRequestAware, ServletResponseAware { ConfigurationDBUtils.closeSession(); } + + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; } else { log.info("No access to Import/Export for User with ID" + authUser.getUserID()); @@ -317,15 +326,20 @@ implements ServletRequestAware, ServletResponseAware { + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); return Constants.STRUTS_ERROR; } + session.setAttribute(Constants.SESSION_FORMID, null); if (authUser.isAdmin()) { if (fileUpload == null) { addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; } - + log.info("Load configuration from MOA-ID 2.x XML configuration"); try { @@ -367,6 +381,10 @@ implements ServletRequestAware, ServletResponseAware { ConfigurationDBUtils.closeSession(); } + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + log.info("XML Configuration load is completed."); addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); return Constants.STRUTS_SUCCESS; -- cgit v1.2.3 From 191bd90971b488bff16a5e08d0c1b2306da5876f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Mar 2014 12:52:35 +0100 Subject: bugfix possible NullPointerException in STORK config --- .../id/configuration/data/GeneralMOAIDConfig.java | 8 ++++- .../struts/action/EditGeneralConfigAction.java | 19 ++++++++++-- .../moa/id/config/stork/STORKConfig.java | 36 ++++++++++++---------- 3 files changed, 42 insertions(+), 21 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index d6ede8fbf..a052f403b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.util.MiscUtil; @@ -305,7 +306,12 @@ public class GeneralMOAIDConfig { if (modes != null) { ChainingModeType defaultmode = modes.getSystemDefaultMode(); if (defaultmode != null) { - defaultchainigmode = defaultmode.value(); + + if (ConfigurationBuilder.CM_CHAINING.equals(defaultmode.value())) + defaultchainigmode = ChainingModeType.CHAIN.value(); + + else + defaultchainigmode = defaultmode.value(); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 5df12a7a5..75e07a1a0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -41,6 +41,7 @@ import org.apache.struts2.interceptor.ServletResponseAware; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; @@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; @@ -483,12 +485,23 @@ public class EditGeneralConfigAction extends ActionSupport ForeignIdentities oldforeign = oldauth.getForeignIdentities(); if (oldforeign != null) { STORK oldstork = oldforeign.getSTORK(); - if (oldstork != null) + if (oldstork == null) oldstork = new STORK(); oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); - oldstork.setAttributes(storkconfig.getAttributes()); - oldstork.setCPEPS(storkconfig.getCpepslist()); + + if (storkconfig.getAttributes() != null) + oldstork.setAttributes(storkconfig.getAttributes()); + + else + oldstork.setAttributes((List) (new ArrayList())); + + if (storkconfig.getCpepslist() != null) + oldstork.setCPEPS(storkconfig.getCpepslist()); + + else + oldstork.setCPEPS((List) (new ArrayList())); + dbforeign.setSTORK(oldstork); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index ff481b825..b3a4cca78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -58,30 +58,32 @@ public class STORKConfig { this.basedirectory = basedirectory; this.props = props; - //create CPEPS map - List cpeps = stork.getCPEPS(); - cpepsMap = new HashMap(); + attr = new ArrayList(); + + if (stork != null) { + //create CPEPS map + List cpeps = stork.getCPEPS(); + + if (cpeps != null) { + for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { - if (cpeps != null) { - for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { - - try { - CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); + try { + CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); - cpepsMap.put(cpep.getCountryCode(), moacpep); + cpepsMap.put(cpep.getCountryCode(), moacpep); - } catch (MalformedURLException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid URL and is ignored."); + } catch (MalformedURLException e) { + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + + cpep.getCountryCode() + " has an invalid URL and is ignored."); + } } } - } - attr = new ArrayList(); - if (stork.getAttributes() != null) { - for(StorkAttribute current : stork.getAttributes()) { - attr.add(current); + if (stork.getAttributes() != null) { + for(StorkAttribute current : stork.getAttributes()) { + attr.add(current); + } } } -- cgit v1.2.3 From 76dd4489a0b0b93ff08c7c684ca229df6f29c0cb Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Mar 2014 13:39:50 +0100 Subject: Revert "change PKIX chaining mode constant" This reverts commit 6c9e452d5ab984c1ef221c4a2e746454aa41e014. --- .../moa/id/configuration/data/GeneralMOAIDConfig.java | 6 +----- .../moa/id/config/legacy/BuildFromLegacyConfig.java | 13 +++++++++++-- .../moa/id/config/legacy/ConfigurationBuilder.java | 5 +---- .../src/main/resources/config/moaid_config_2.0.xsd | 2 +- 4 files changed, 14 insertions(+), 12 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index a052f403b..773dd8e7c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -307,11 +307,7 @@ public class GeneralMOAIDConfig { ChainingModeType defaultmode = modes.getSystemDefaultMode(); if (defaultmode != null) { - if (ConfigurationBuilder.CM_CHAINING.equals(defaultmode.value())) - defaultchainigmode = ChainingModeType.CHAIN.value(); - - else - defaultchainigmode = defaultmode.value(); + defaultchainigmode = defaultmode.value(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 9d105f151..7039bdb7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -446,8 +446,17 @@ public class BuildFromLegacyConfig { //set chaining modes ChainingModes moa_chainingModes = new ChainingModes(); moaIDConfig.setChainingModes(moa_chainingModes); - - ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode()); + + + + String defaultmode = builder.getDefaultChainingMode(); + ChainingModeType type; + if (defaultmode.equals(iaik.pki.pathvalidation.ChainingModes.CHAIN_MODE)) + type = ChainingModeType.CHAINING; + else + type = ChainingModeType.PKIX; + + moa_chainingModes.setSystemDefaultMode(type); Map chainingModes = builder.buildChainingModes(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 682b00702..6ad45d8c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -113,7 +113,7 @@ public class ConfigurationBuilder { // chaining mode constants appearing in the configuration file // /** an XPATH-Expression */ - public static final String CM_CHAINING = "chaining"; + protected static final String CM_CHAINING = "chaining"; /** an XPATH-Expression */ protected static final String CM_PKIX = "pkix"; /** an XPATH-Expression */ @@ -939,13 +939,10 @@ public List getTrustedTemplateURLs() { protected String translateChainingMode(String chainingMode) { if (chainingMode.equals(CM_CHAINING)) { return ChainingModes.CHAIN_MODE; - } else if (chainingMode.equals(CM_PKIX)) { return ChainingModes.PKIX_MODE; - } else { return ChainingModes.CHAIN_MODE; - } } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 269da4cd6..e6705dbb8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -569,7 +569,7 @@ - + -- cgit v1.2.3 From ab9c1d3b201ca110f33831133a85ea2da353e5d8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 17 Mar 2014 11:35:59 +0100 Subject: change mandate profile configuration --- .../id/configuration/data/oa/OAGeneralConfig.java | 30 +++++++++++++++++----- .../configuration/struts/action/EditOAAction.java | 19 ++++++++++++-- .../servlet/VerifyAuthenticationBlockServlet.java | 13 +++++----- .../moa/id/auth/stork/STORKResponseProcessor.java | 2 +- .../moa/id/config/auth/OAAuthParameter.java | 28 +++++++++++++++++--- .../id/config/legacy/BuildFromLegacyConfig.java | 21 +++++++++++++-- .../id/util/client/mis/simple/MISSimpleClient.java | 8 +++--- .../src/main/resources/config/moaid_config_2.0.xsd | 3 ++- 8 files changed, 98 insertions(+), 26 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index ba58701fc..990227738 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; @@ -212,15 +213,32 @@ public class OAGeneralConfig { Mandates mandates = oaauth.getMandates(); if (mandates != null) { - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - mandateProfiles = mandates.getProfiles(); - useMandates = true; + mandateProfiles = null; + + List profileList = mandates.getProfileNameItems(); + for (MandatesProfileNameItem el : profileList) { + if (mandateProfiles == null) + mandateProfiles = el.getItem(); - } else { - mandateProfiles = new String(); - useMandates = false; + else + mandateProfiles += "," + el.getItem(); } + //TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) + mandateProfiles = mandates.getProfiles(); + + else + mandateProfiles += "," + mandates.getProfiles(); + + } + + if (mandateProfiles != null) + useMandates = true; + + else + useMandates = false; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index fd4030937..131a27935 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -45,6 +45,7 @@ import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import org.bouncycastle.asn1.InMemoryRepresentable; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; @@ -57,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; @@ -909,10 +911,23 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, Mandates mandates = new Mandates(); if (generalOA.isUseMandates()) { - mandates.setProfiles(generalOA.getMandateProfiles()); + if (MiscUtil.isNotEmpty(generalOA.getMandateProfiles())) { + List profileList = new ArrayList(); + String[] inputList = generalOA.getMandateProfiles().split(","); + for (int i=0; i profiles = oaParam.getMandateProfiles(); if (profiles == null) { Logger.error("No Mandate/Profile for OA configured."); throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); } - String profilesArray[] = profiles.split(","); - for(int i = 0; i < profilesArray.length; i++) { - profilesArray[i] = profilesArray[i].trim(); - } +// String profilesArray[] = profiles.split(","); +// for(int i = 0; i < profilesArray.length; i++) { +// profilesArray[i] = profilesArray[i].trim(); +// } String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); @@ -249,7 +250,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profiles, targetType, sslFactory); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index c5f0dbd49..fd0d2298a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -125,7 +125,7 @@ public class STORKResponseProcessor { * @return Identity Link * @throws STORKException the sTORK exception */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, String filters) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List filters) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 8e7ca0779..50b870c98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -56,6 +56,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; @@ -221,13 +222,32 @@ public List getTransformsInfos() { /** * @return the mandateProfiles */ -public String getMandateProfiles() { +public List getMandateProfiles() { Mandates mandates = oa_auth.getMandates(); - if (mandates != null) - return mandates.getProfiles(); - else + List list = new ArrayList(); + + if (mandates != null) { + String oldProfilList = mandates.getProfiles(); + + List profileList = mandates.getProfileNameItems(); + for (MandatesProfileNameItem el : profileList) { + list.add(el.getItem()); + + } + + //only for RC1 + if (MiscUtil.isNotEmpty(oldProfilList)) { + String profilesArray[] = oldProfilList.split(","); + for(int i = 0; i < profilesArray.length; i++) { + list.add(profilesArray[i].trim()); + } + } + + return list; + + } else return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 7039bdb7f..68d934036 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -28,6 +28,8 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; +import java.net.URL; +import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; @@ -83,6 +86,7 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class BuildFromLegacyConfig { @@ -237,7 +241,9 @@ public class BuildFromLegacyConfig { for (int i=0; i profileList = new ArrayList(); + + String oldProfiles = oa.getMandateProfiles(); + if (MiscUtil.isNotEmpty(oldProfiles)) { + String[] oldprofileList = oldProfiles.split(","); + for (int i=0; i mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { if (webServiceURL == null) { throw new NullPointerException("Argument webServiceURL must not be null."); } @@ -205,12 +205,12 @@ public class MISSimpleClient { referenceValueElement.appendChild(doc.createTextNode(referenceValue)); mirElement.appendChild(referenceValueElement); - if (mandateIdentifier != null && mandateIdentifier.length > 0) { + if (mandateIdentifier != null && mandateIdentifier.size() > 0) { Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); - for (int i=0; i - + + -- cgit v1.2.3 From b44d4288bb2911b573ec12dd00d7c601e5d7a825 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 18 Mar 2014 13:47:32 +0100 Subject: fix add PEPS or attribute error if PEPS list or attribute list is empty --- .../moa/id/configuration/data/GeneralStorkConfig.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 980aa4731..56c3cb654 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -48,22 +48,23 @@ public class GeneralStorkConfig { if (foreign != null) { STORK stork = foreign.getSTORK(); + cpepslist = new ArrayList(); + attributes = new ArrayList(); + if (stork != null) { // deep clone all the things // to foreclose lazyloading session timeouts - cpepslist = new ArrayList(); + for(CPEPS current : stork.getCPEPS()) { cpepslist.add(current); } - + List tmp = stork.getAttributes(); if(null != tmp) { - attributes = new ArrayList(); + for(StorkAttribute current : tmp) attributes.add(current); } - if(attributes.isEmpty()) - attributes.add(new StorkAttribute()); try { qaa = stork.getQualityAuthenticationAssuranceLevel(); @@ -71,6 +72,12 @@ public class GeneralStorkConfig { qaa = 4; } } + + if (cpepslist.isEmpty()) + cpepslist.add(new CPEPS()); + + if(attributes.isEmpty()) + attributes.add(new StorkAttribute()); } } } -- cgit v1.2.3 From 7eedd2db839b71744b9bfacfc892b1a93fc55dbc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 18 Mar 2014 13:58:25 +0100 Subject: use UTF-8 encoding for some parameters --- .../moa/id/configuration/helper/StringHelper.java | 12 ++++++++++++ .../struts/action/EditGeneralConfigAction.java | 21 ++++++++++++++------- .../configuration/struts/action/EditOAAction.java | 4 +++- 3 files changed, 29 insertions(+), 8 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java index 43fc78821..53afa59a0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; +import java.io.UnsupportedEncodingException; + public class StringHelper { public static String formatText(String strGivenText) @@ -47,4 +49,14 @@ public class StringHelper { } return sbFormattedText.toString(); } + + public static String getUTF8String(String input) { + try { + return new String(input.getBytes(), "UTF-8"); + + } catch (UnsupportedEncodingException e) { + e.printStackTrace(); + return input; + } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 75e07a1a0..dfc9b8801 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; @@ -332,9 +333,10 @@ public class EditGeneralConfigAction extends ActionSupport pvp2.setOrganization(pvp2org); } if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) - pvp2org.setDisplayName(moaconfig.getPvp2OrgDisplayName()); + pvp2org.setDisplayName(StringHelper.getUTF8String( + moaconfig.getPvp2OrgDisplayName())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) - pvp2org.setName(moaconfig.getPvp2OrgName()); + pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) pvp2org.setURL(moaconfig.getPvp2OrgURL()); @@ -351,10 +353,12 @@ public class EditGeneralConfigAction extends ActionSupport Contact cont = pvp2cont.get(0); if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) - cont.setCompany(moaconfig.getPvp2Contact().getCompany()); + cont.setCompany(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getCompany())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) - cont.setGivenName(moaconfig.getPvp2Contact().getGivenname()); + cont.setGivenName(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getGivenname())); //TODO: change to list if required if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getMail())) @@ -363,7 +367,8 @@ public class EditGeneralConfigAction extends ActionSupport cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getSurname())) - cont.setSurName(moaconfig.getPvp2Contact().getSurname()); + cont.setSurName(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getSurname())); if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) cont.setType(moaconfig.getPvp2Contact().getType()); @@ -374,9 +379,11 @@ public class EditGeneralConfigAction extends ActionSupport } if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(moaconfig.getSsoFriendlyName()); + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(moaconfig.getSsoSpecialText()); + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 131a27935..19006ea22 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; @@ -935,7 +936,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); if (authUser.isAdmin()) { - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + templates.setAditionalAuthBlockText(StringHelper.getUTF8String( + generalOA.getAditionalAuthBlockText())); List template = templates.getTemplate(); if (generalOA.isLegacy()) { -- cgit v1.2.3 From 2a9896057ee6e42a6a07bcf2ec3eae13c582e290 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 15:01:17 +0100 Subject: correcting the error when defining new stork applicaiton --- id/ConfigWebTool/ConfigurationInterface.iml | 149 +++++++++++++++++---- .../validation/oa/OAGeneralConfigValidation.java | 14 +- .../main/resources/applicationResources.properties | 2 +- id/server/auth/moa-id-auth.iml | 44 +++--- id/server/idserverlib/moa-id-lib.iml | 60 ++++----- id/server/proxy/moa-id-proxy.iml | 44 +++--- 6 files changed, 210 insertions(+), 103 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index af31724ca..10f5ffc26 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -39,54 +39,153 @@ - - - - - - - - - - + + + + + + + + + + + + + - - - - - - + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + - - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index d3a2241d3..4297492e8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -172,14 +172,22 @@ public class OAGeneralConfigValidation { boolean businessservice = form.isBusinessService(); - - if (businessservice) { + boolean storkservice = form.isStorkService(); + + if (storkservice) { + check = form.getStorkSPTargetCountry(); + if (check.length() < 1) { + log.warn("Stork target country is not known"); + errors.add(LanguageHelper.getErrorString("")); + } + + } else if (businessservice) { //check identification type check = form.getIdentificationType(); if (!form.getIdentificationTypeList().contains(check)) { log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget")); } //check identification number diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 18d19c06b..1c455b287 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -406,7 +406,7 @@ validation.general.identificationnumber.fn.valid=Die Firmenbuchnummer hat kein g validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben. validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. - +validation.general.stork.sptarget=Der STORK SP-Target ist leer. validation.general.bkuselection.filename.valid=Der Dateiname des BKU-Selektion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.bkuselection.file.valid=Das BKU-Selektion Templates konnte nicht geladen werden. validation.general.bkuselection.file.selected=Es kann nur EIN BKU-Selektion Template angegeben werden. diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index a82e8089d..67a88ff74 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + @@ -77,26 +77,6 @@ - - - - - - - - - - - - - - - - - - - - @@ -114,6 +94,7 @@ + @@ -150,6 +131,25 @@ + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index 7d8f0ec07..893a98579 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - + + @@ -13,37 +13,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + @@ -63,7 +38,13 @@ + + + + + + @@ -101,6 +82,25 @@ + + + + + + + + + + + + + + + + + + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index f22728405..a1bb63801 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + @@ -74,26 +74,6 @@ - - - - - - - - - - - - - - - - - - - - @@ -111,6 +91,7 @@ + @@ -147,6 +128,25 @@ + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From a112ca8f0c8cd4a0620c55e430004b28b9fe1dfb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 15:04:41 +0100 Subject: correcting the error when defining new stork applicaiton --- .../validation/oa/OAGeneralConfigValidation.java | 11 +++++++++-- .../src/main/resources/applicationResources.properties | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index 4297492e8..637500c1e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -176,11 +176,18 @@ public class OAGeneralConfigValidation { if (storkservice) { check = form.getStorkSPTargetCountry(); - if (check.length() < 1) { + if ((check==null)||(check.length() < 1)) { log.warn("Stork target country is not known"); - errors.add(LanguageHelper.getErrorString("")); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget")); } + if (check.length() > 10) { + log.warn("Incorrect size of Stork target country, too many characters"); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptargetsize")); + } + + + } else if (businessservice) { //check identification type diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 1c455b287..1560db2f0 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -407,6 +407,7 @@ validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00 validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. validation.general.stork.sptarget=Der STORK SP-Target ist leer. +validation.general.stork.sptargetsize=Die Definition von STORK SP-Target ist nicht korrekt: zu viele Buchstaben. validation.general.bkuselection.filename.valid=Der Dateiname des BKU-Selektion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.bkuselection.file.valid=Das BKU-Selektion Templates konnte nicht geladen werden. validation.general.bkuselection.file.selected=Es kann nur EIN BKU-Selektion Template angegeben werden. -- cgit v1.2.3 From 3920c2fcb879320dff1c20de125e62b41bd750b3 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 15:49:19 +0100 Subject: initial language changes for gui and errors --- .../config/ConfigurationProvider.java | 8 + .../id/configuration/helper/LanguageHelper.java | 52 ++- .../resources/applicationResources_en.properties | 454 +++++++++++++++++++++ 3 files changed, 507 insertions(+), 7 deletions(-) create mode 100644 id/ConfigWebTool/src/main/resources/applicationResources_en.properties (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index fdd566888..2dce3534f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -377,6 +377,14 @@ public class ConfigurationProvider { public String getMailOAActivationSubject() { return props.getProperty("general.mail.createOArequest.isactive.subject"); } + + public String getDefaultLanguage() { + try { + return props.getProperty("general.defaultlanguage").toLowerCase(); + } catch (Exception ex) { + return "de"; + } + } public String getMailOAActivationTemplate() throws ConfigurationException { String url = props.getProperty("general.mail.createOArequest.isactive.template"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index a2f0628eb..73b2708ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -23,6 +23,10 @@ package at.gv.egovernment.moa.id.configuration.helper; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; + import java.text.MessageFormat; import java.util.Locale; import java.util.ResourceBundle; @@ -34,9 +38,44 @@ public class LanguageHelper { private static ResourceBundle errorRes_DE = ResourceBundle.getBundle("applicationResources", Locale.GERMAN); private static ResourceBundle guiRes_DE = ResourceBundle.getBundle("applicationResources", Locale.GERMAN); - - public static String getGUIString(String code, HttpServletRequest request) { - return guiRes_DE.getString(code); + + private static ResourceBundle errorRes_EN = ResourceBundle.getBundle("applicationResources_en", Locale.ENGLISH); + private static ResourceBundle guiRes_EN = ResourceBundle.getBundle("applicationResources_en", Locale.ENGLISH); + + private static ResourceBundle errorLanguage() { + Logger.setHierarchy("moa.id.configuration"); + try { + ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + if (configurationProvider.getDefaultLanguage().equals("en")) { + return errorRes_EN; + } else { + return errorRes_DE; + } + } catch (ConfigurationException e) { + Logger.error("Configuration exception while getting ConfigurationProvider instance"); + e.printStackTrace(); + return errorRes_DE; + } + } + + private static ResourceBundle guiLanguage() { + Logger.setHierarchy("moa.id.configuration"); + try { + ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + if (configurationProvider.getDefaultLanguage().equals("en")) { + return guiRes_EN; + } else { + return guiRes_DE; + } + } catch (ConfigurationException e) { + Logger.error("Configuration exception while getting ConfigurationProvider instance"); + e.printStackTrace(); + return guiRes_DE; + } + } + + public static String getGUIString(String code, HttpServletRequest request) { + return guiRes_DE.getString(code); } public static String getGUIString(String code) { @@ -44,16 +83,15 @@ public class LanguageHelper { } public static String getErrorString(String code, HttpServletRequest request) { - return errorRes_DE.getString(code); + return errorLanguage().getString(code); } public static String getErrorString(String code) { - return errorRes_DE.getString(code); + return errorLanguage().getString(code); } public static String getGUIString(String code, String parameter, HttpServletRequest request) { - - return MessageFormat.format(getGUIString(code, request), parameter); + return MessageFormat.format(getGUIString(code, request), parameter); } public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties new file mode 100644 index 000000000..ab945b0a0 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -0,0 +1,454 @@ +title=MOA-ID 2.x Configuration Tool + + +config.01=Configfile is not found. +config.02=Configfile is not readable. +config.03=Hibernate Database connector can not be initialized +config.04=OpenSAML (PVP2 Login) can not be initialized +config.05=Configuration file not defined + +error.title=Fehler: +error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. +errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. +errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. +errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. +error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden. +error.db.oa.store=Die Konfiguration konnte nicht in der Datenbank gespeichert werden. +errors.notallowed=Sie besitzen nicht die n\u00F6tigen Rechte um diese Funktion zu benutzen. +errors.importexport.nofile=Es wurde keine Datei angegeben. +errors.importexport.legacyimport=Der Importvorgang der Legacy-Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export=Die MOA-ID 2.x Konfiguration konnte nicht in ein XML File exportiert werden. (Fehler={0}) +errors.importexport.import=Der Importvorgang der XML Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export.noconfig=Die Konfiguration kann nicht exportiert werden da keine MOA-ID Konfiguration vorhanden ist. +errors.edit.user.userid=Es wurde keine g\u00FCtige User ID \u00FCbergeben. +errors.edit.user.save=Der Benutzer konnte nicht in die Datenbank eingetragen werden. +errors.edit.user.notallowed=Das Bearbeiten fremder Benutzereinstellungen ist nur dem Admin erlaubt. +error.login=Der Anmeldevorgang wurde abgebrochen. Bitte Versuchen sie es noch einmal. +error.mail.send=An die angegebene Mailadresse konnte keine Nachticht versendet werden. +error.mail.verification=Der Verifikationsvorgang wurde durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal. +error.editoa.mailverification=Die Verwaltung von Online-Applikationen ist vor\u00FCbergehend deaktiviert, da die Mailadresse des Benutzeraccounts noch nicht verifiziert wurde. +error.bkuformpreview.notpossible="Die Vorschau konnte nicht generiert werden da ein interner Fehler auftreten ist." +error.oa.oauth.redirecturi=Redirect URL ist keine richtige URL +error.oa.oauth.clientSecret=Client-Secret darf nicht leer sein +error.oa.oauth.keyname=Key-Name darf nicht leer sein +error.oa.oauth.keystore=Keystore darf nicht leer sein und muss eine richtige URL sein. + +mail.userrequest.subject=Accountanforderung MOA-ID 2.x Konfigurationstool + + +webpages.error.header=Es ist ein Fehler aufgetreten +webpages.index.header=Welcome to MOA-ID 2.x Configuration +webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen. +webpages.index.login=Login +webpages.index.logout=Logout +webpages.index.login.pvp2=Anmeldung mit B\u00FCrgerkarte oder Handy-Signature +webpages.index.login.notallowed=Entweder sind Benutzername oder Passwort sind nicht korrekt oder der Account wurde noch nicht aktiviert. +webpages.index.username.unkown=Der Benutzer ist nicht bekannt. +webpages.index.username.notactive=Der Benutzer wurde durch den Administrator noch nicht freigeschalten. +webpages.index.password.false=Das Passwort stimmt nicht. + +webpages.inportexport.header=Konfiguration Importieren/Exportieren +webpages.inportexport.success=Die Konfiguration konnte erfolgreich importiert werden. +webpages.inportexport.legacyimport.header=Legacy Konfiguration importieren (MOA-ID < 2.0) +webpages.inportexport.legacyimport.upload=Legacy Konfiguration +webpages.edit.import=Importieren +webpages.edit.export=Exportieren +webpages.inportexport.import.header=MOA-ID 2.x Konfiguration +webpages.inportexport.import.upload=Konfiguration importieren +webpages.inportexport.import.download=Konfiguration exportieren +webpages.inportexport.descripten=ACHTUNG\: Die importierte Konfiguration ersetzt eine aktuell vorhandene Konfiguration vollst\u00E4ndig\! + +webpages.usermanagement.newuser=Neuen Benutzer erstellen +webpages.usermanagement.header=Benutzerverwaltung +webpages.listUsers.list.header=Liste aller vorhandenen Benutzer +webpages.listUsers.list.first=Familien-/Firmenname +webpages.listUsers.list.second=Vorname +webpages.listUsers.list.third=Benutzername +webpages.edituser.header=Benutzerdaten +webpages.edituser.givenname=Vorname +webpages.edituser.familyName=Familienname +webpages.edituser.institut=Organisation +webpages.edituser.phone=Telefonnummer +webpages.edituser.mail=EMail Adresse +webpages.edituser.access.header=Zugangsdaten +webpages.edituser.username=Username +webpages.edituser.password=Password +webpages.edituser.password_second=Kennwort wiederholen +webpages.edituser.bpk=BPK +webpages.edituser.role.header=Rechte und Role +webpages.edituser.active=Benutzer ist aktiviert +webpages.edituser.admin=Benutzer ist Admin +webpages.edit.delete.user=Benutzer l\u00F6schen +webpages.edit.newUser=Neuen Benutzer anfordern +webpages.edituser.isusernamepasswordallowed=Benutzername/Passwort erlauben +webpages.edituser.changemailaddress.verify=Bevor Sie Online-Applikationen verwalten k\u00F6nnen muss Ihre Mailadresse verifzieren werden. Eine entsprechende Mail wurde bereits an Ihr angegebenes Postfach versendet. +webpages.edituser.verify.mail.button=Mailadresse pr\u00FCfen +webpages.edituser.verify.mail.message=Es wurde eine Verifikationsmail an Ihr Postfach versendet + +webpages.mainpage.menu.oa.insert=Neue Applikation anlegen +webpages.mainpage.menu.oa.display=Meine Applikationen +webpages.mainpage.menu.oa.search=Applikation suchen +webpages.mainpage.menu.general.user=Meine Daten +webpages.mainpage.menu.general.importexport=Importieren/Exportieren +webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration +webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung +webpages.mainpage.menu.general.adminrequests=Offene Anfragen + +webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. +webpages.moaconfig.header=Allgemeine Konfiguration +webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.defaultbkus.header=Default BKUs +webpages.moaconfig.slrequesttemplates.header=SecurtiyLayer Request Templates +webpages.moaconfig.slrequesttemplates.local=Locale BKU +webpages.moaconfig.slrequesttemplates.handy=Handy BKU +webpages.moaconfig.slrequesttemplates.online=Online BKU +webpages.moaconfig.certificates.header=Zertifikatspr\u00FCfung +webpages.moaconfig.certificates.certstore=CertStoreDirecorty +webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking +webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates +webpages.moaconfig.certificates.chainingmode=ChainingMode +webpages.moaconfig.timeout.header=Session TimeOuts +webpages.moaconfig.timeout.assertion=Assertion [sec] +webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] +webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] +webpages.moaconfig.moasp.header=MOA-SP Konfiguration +webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil +webpages.moaconfig.moasp.authtrustprofile=Authentfizierungsblock Trustprofil +webpages.moaconfig.moasp.authblocktransform=Authentfizierungsblock Transformationen +webpages.moaconfig.moasp.url=URL zum MOA-SP Service +webpages.moaconfig.identitylinksigners=IdentityLinkSigners +webpages.moaconfig.services.header=Externe Services +webpages.moaconfig.services.mandates=Online-Vollmachten Service URL +webpages.moaconfig.services.szrgw=SZR Gateway Service URL +webpages.moaconfig.sso.header=Single Sign-On +webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix +webpages.moaconfig.sso.FriendlyName=SSO Service Name +webpages.moaconfig.services.sso.Target=SSO Service Target +webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText +webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren +webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren +webpages.moaconfig.protocols.legacy.saml1=SAML1 +webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect +webpages.moaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.moaconfig.protocols.saml1.sourceID=SourceID +webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration +webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix +webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name +webpages.moaconfig.protocols.pvp2.org.header=Organisation +webpages.moaconfig.protocols.pvp2.org.name=Kurzbezeichnung +webpages.moaconfig.protocols.pvp2.org.displayname=Vollst\u00E4ndiger Name +webpages.moaconfig.protocols.pvp2.org.url=URL der Organisation +webpages.moaconfig.protocols.pvp2.contact.header=Kontaktdaten +webpages.moaconfig.protocols.pvp2.contact.surename=Familienname +webpages.moaconfig.protocols.pvp2.contact.givenname=Vorname +webpages.moaconfig.protocols.pvp2.contact.email=Mailadresse +webpages.moaconfig.protocols.pvp2.contact.company=Unternehmen +webpages.moaconfig.protocols.pvp2.contact.phone=Telefonnummer +webpages.moaconfig.protocols.pvp2.contact.type=Type des Kontakts +webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen +webpages.moaconfig.sl.transormations.filename=Dateiname +webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen + +webpages.listOAs.list.first=Eindeutige Kennung +webpages.listOAs.list.second=Name der Online-Applikation + +webpages.searchoa.header=Online-Applikation suchen +webpages.searchoa.search.friendlyname=Name der Online-Applikation +webpages.searchoa.butten.search=Suchen + +webpages.oaconfig.header=Konfiguration der Onlineapplikation +webpages.oaconfig.general.isActive=Online-Applikation ist aktiviert +webpages.oaconfig.general.bku.header=BKU Konfiguration +webpages.oaconfig.general.bku.local=Locale BKU +webpages.oaconfig.general.bku.online=Online BKU +webpages.oaconfig.general.bku.handy=Handy BKU +webpages.oaconfig.general.bku.slversion=SecurityLayer Version +webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier +webpages.oaconfig.general.bku.legacy=SecurityLayerTemplates (Legacy Request) +webpages.oaconfig.general.bku.sltemplate.first=SecurityLayer Template +webpages.oaconfig.general.bku.sltemplate.second=SecurityLayer Template (WhiteList) +webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList) + +webpages.oaconfig.general.bku.delete=L\u00F6schen +webpages.oaconfig.general.bku.bkuselection.header=BKU-Selection Template +webpages.oaconfig.general.bku.bkuselection.filename=Dateiname +webpages.oaconfig.general.bku.bkuselection.upload=Neues Template hochladen +webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template +webpages.oaconfig.general.bku.sendassertion.filename=Dateiname +webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen + +webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) +webpages.oaconfig.general.mandate.header=Vollmachten +webpages.oaconfig.general.mandate.profiles=Profile +webpages.oaconfig.general.mandate.usemandate=Vollmachten (ja/nein) +webpages.oaconfig.general.friendlyname=Name der Online-Applikation +webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation +webpages.oaconfig.general.isstorkservice=Stork Applikation +webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.stork.header=STORK Bereich +webpages.oaconfig.general.stork.countrycode=Landesvorwahl +webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren +webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.friendlyname.disabled=Bezeichnung des Bereichs (vom Administrator eingestellt) +webpages.oaconfig.general.target.admin.disabled=Bereich (vom Administrator eingestellt) +webpages.oaconfig.general.target=Bereich (Target) +webpages.oaconfig.general.target.subsector=Sub-Bereich +webpages.oaconfig.general.target.subsector.checkbox=Target verfeinern +webpages.oaconfig.general.business.header=Privatwirtschaftlicher Bereich +webpages.oaconfig.general.business.value=Identifikationsnummer +webpages.oaconfig.general.business.type=Type der Identifikationsnummer +webpages.oaconfig.general.aditional.header=Zusätzliche allgemeine Einstellungen +webpages.oaconfig.general.aditional.authblocktext=AuthblockText +webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame +webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden +webpages.oaconfig.general.aditional.calculateHPI="TODO!" +webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden + +webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden +webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden +webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden +webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden +webpages.oaconfig.menu.oauth20.show=OAuth 2.0 Konfiguration einblenden +webpages.oaconfig.menu.oauth20.hidden=OAuth 2.0 Konfiguration ausblenden +webpages.oaconfig.menu.vidp.show=VIDP Konfiguration einblenden +webpages.oaconfig.menu.vidp.hidden=VIDP Konfiguration ausblenden + +webpages.oaconfig.menu.stork=STORK Konfiguration + +webpages.oaconfig.protocols.header=Authentifizierungsprotokolle + +webpages.oaconfig.general.BKUSelection.button.show=Login-Fenster Konfiguration einblenden +webpages.oaconfig.general.BKUSelection.button.hidden=Login-Fenster Konfiguration ausblenden +webpages.oaconfig.general.BKUSelection.header=Formularkonfiguration +webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed=Nur Vollmachtenanmeldung erlauben +webpages.oaconfig.general.BKUSelection.backgroundcolor=Hintergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.frontcolor=Vordergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.header.backgroundcolor=Hintergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.frontcolor=Vordergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.text=\u00DCberschriftstext +webpages.oaconfig.general.BKUSelection.header.button.background=Hintergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.header.button.background.focus=Hintergrundfarbe der Schaltfl\u00E4chen (Focus) +webpages.oaconfig.general.BKUSelection.header.button.front=Vordergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.redirectTarget=Targetparameter +webpages.oaconfig.general.BKUSelection.fonttype=Formularschrifttyp +webpages.oaconfig.general.BKUSelection.fonttype.list=Formularschrifttypen +webpages.oaconfig.general.BKUSelection.header.applet.height=Appleth\u00F6he +webpages.oaconfig.general.BKUSelection.header.applet.width=Appletbreite + +webpages.oaconfig.sso.header=Single Sign-On +webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL +webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage +webpages.oaconfig.sso.usesso=Single Sign-On verwenden + +webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed +webpages.oaconfig.stork.usestork=STORK Logon aktivieren +webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration +webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren +webpages.moaconfig.stork.removepeps=l\u00F6schen +webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen +webpages.moaconfig.stork.attributes.heading=Attributkonfiguration +webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen +webpages.moaconfig.stork.attributes.heading.name=Attributname +webpages.moaconfig.stork.attributes.heading.mandatory=zwingend +webpages.moaconfig.stork.attributes.remove=l\u00F6schen +webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen + +webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.oaconfig.saml1.isActice=SAML1 aktivieren +webpages.oaconfig.saml1.provideStammZahl=Stammzahl \u00FCbertragen +webpages.oaconfig.saml1.provideAuthBlock=Authentifizierungsblock \u00FCbertragen +webpages.oaconfig.saml1.provideIdentityLink=Personenbindung \u00FCbertragen +webpages.oaconfig.saml1.provideCertificate=Zertifikat \u00FCbertragen +webpages.oaconfig.saml1.provideFullMandateData=Vollst\u00E4ndige Vollmacht \u00FCbertragen +webpages.oaconfig.saml1.useCondition=Usecondition +webpages.oaconfig.saml1.conditionLength=ConditionLength + +webpages.oaconfig.protocols.pvp2.header=PVP2.x Konfiguration +webpages.oaconfig.pvp2.reload=PVP2.x konfiguration neu laden +webpages.oaconfig.pvp2.metaDataURL=URL zu den Metadaten +webpages.oaconfig.pvp2.certifcate=Zertifikat hochladen +webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat + +webpages.oaconfig.protocols.oauth20.header=OAuth 2.0 Konfiguration +webpages.oaconfig.oauth20.clientId=Client ID +webpages.oaconfig.oauth20.clientSecret=Client Passwort +webpages.oaconfig.oauth20.redirectUri=Redirect Uri + +webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.requireconsent=Zustimmung f\u00FCr das Ausliefern der Attribute vom Benutzer einholen? +webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen +webpages.oaconfig.vidp.ap.remove=Entfernen +webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider + + +message.title=Meldung: +webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. +webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich. +webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. + +webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. +webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. + +webpages.edit.save=\u00C4nderungen Speichern +webpages.edit.back=Zur\u00FCck und \u00C4nderungen verwerfen +webpages.edit.delete=Online-Applikation l\u00F6schen + +webpages.header.info=Sie sind angemeldet als: +webpages.header.lastlogin=Letzte Anmeldung am: + +webpages.openadminrequests.header=Offene Antr\u00E4ge +webpages.openadminrequests.users.header=Benutzeraccounts +webpages.openadminrequests.oas.header=Online-Applikationen + + +validation.newuser.mailaddress=Die Validierung der Mailadresse konnte erfolgreich durchgef\u00FChrt werden. + +validation.edituser.familyname.empty=Der Familienname ist leer. +validation.edituser.familyname.valid=Der Familienname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.givenname.empty=Der Vorname ist leer. +validation.edituser.givenname.valid=Der Vorname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.institut.empty=Die Organisation ist leer. +validation.edituser.institut.valid=Die Organisation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.mail.empty=Die EMail Adresse ist leer. +validation.edituser.mail.valid=Die EMail Adresse hat kein g\u00FCltiges Format. +validation.edituser.phone.empty=Die Telefonnummer ist leer. +validation.edituser.phone.valid=Die Telefonnummer hat kein g\u00FCltiges Form +validation.edituser.username.empty=Der Benutzername ist leer. +validation.edituser.username.valid=Der Benutzername enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.username.duplicate=Der Benutzername ist bereits vergeben +validation.edituser.password.empty=Das Passwort ist leer. +validation.edituser.password.valid=Das Passwort konnte nicht in einen g\u00FCltigen Schl\u00FCssel transferiert werden. +validation.edituser.password.equal=Die Passw\u00F6rter sind nicht identisch. +validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} + +validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. +validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00F6ltiges Format. +validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. +validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. +validation.general.Defaultchainigmode.valid=Der DefaultChainingMode enth\u00E4lt einen ung\u00F6ltigen Wert. +validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner angegeben +validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.mandateservice.valid=Die URL zum Online-Vollmachten Service hat kein g\u00F6ltiges Format. +validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer. +validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer. +validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung der Personenbindung ist leer. +validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung der Personenbindung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.issuername.valid=PVP2\: Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation\: Vollst\u00E4ndiger Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.name.valid=PVP2 Organisation\: Kurzbezeichnung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.url.valid=PVP2 Organisation\: URL hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.serviceurl.valid=PVP2\: Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.contact.company.valid=PVP2 Kontaktdaten\: Der Firmenname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.givenname.valid=PVP2 Kontaktdaten\: Der Familienname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.surename.valid=PVP2 Kontaktdaten\: Der Vorname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.type.valid=PVP2 Kontaktdaten: Der angegebene Kontakttyp existiert nicht. +validation.general.protocol.pvp2.contact.mail.valid=PVP2 Kontaktdaten\: Die EMail Adresse ist nicht g\u00FCltig. +validation.general.protocol.pvp2.contact.phone.valid=PVP2 Kontaktdaten\: Die Telefonnummer ist nicht g\u00FCltig. +validation.general.timeouts.assertion.valid=Das Feld Assertion TimeOut hat keinen g\u00F6ltigen Wert. +validation.general.timeouts.moasessioncreated.valid=Das Feld MOASessionCreated TimeOut hat keinen g\u00FCltigen Wert. +validation.general.timeouts.moasessionupdated.valid=Das Feld MOASessionUpdated TimeOut hat keinen g\u00FCltigen Wert. + +validation.general.slrequest.handy.empty=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU ist leer. +validation.general.slrequest.handy.valid=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.local.empty=Die URL zum SecurityLayer Template f\u00F6r die locale BKU ist leer. +validation.general.slrequest.local.valid=Die URL zum SecurityLayer Template f\u00F6r die locale BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.online.empty=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU ist leer. +validation.general.slrequest.online.valid=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU hat kein g\u00F6ltiges Format. +validation.general.sso.friendlyname.valid=Der SSO Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.identificationnumber.valid=Die SSO IdentificationNumber enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.publicurl.valid=Der SSO Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.sso.specialauthtext.valid=Der SSO AuthBlockText enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.target.empty=Das SSO Target Feld ist leer. +validation.general.sso.target.valid=Das SSO Target Feld enth\u00E4lt ein ung\u00FCltiges Target. +validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltiges Format. +validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer. +validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden. + +validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer. +validation.general.bku.handy.valid=Die URL f\u00FCr die Handy-BKU hat kein g\u00FCltiges Format. +validation.general.bku.local.empty=Die URL f\u00FCr die lokale BKU ist leer. +validation.general.bku.local.valid=Die URL f\u00FCr die locale BKU hat kein g\u00FCltiges Format. +validation.general.bku.online.empty=Die URL f\u00FCr die Online-BKU ist leer. +validation.general.bku.online.valid=Die URL f\u00FCr die Online-BKU hat kein g\u00FCltiges Format. +validation.general.oafriendlyname.empty=Es wurde kein Name f\u00FCr die Online-Applikation angegeben. +validation.general.oafriendlyname.valid=Der Name der Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.keyboxidentifier.empty=Es wurde kein KeyBoxIdentifier ausgew\u00E4hlt. +validation.general.keyboxidentifier.valid=Der KeyBoxIdentifier hat ein ung\u00FCltiges Format. +validation.general.sltemplates.empty=Wenn der Legacymodus verwendet werden soll muss zumindest ein SecurityLayer Template angegeben werden. +validation.general.sltemplate1.valid=Die erste SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate2.valid=Die zweite SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate3.valid=Die dritte SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.mandate.usemandate=Die Konfiguration von Vollmachtsprofile ist nur mit aktivierten Vollmachten m\u00F6glich. +validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer. +validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.subsector.valid=Der Target-Subsektor hat kein g\u00FCltiges Format. +validation.general.target.admin.valid=Der Admin-Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.publicserviceurl=Die Domain des eindeutigen Identifiers f\u00FCr die Online-Applikation erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. +validation.general.slversion=Die SecurtiyLayer Version ist kein Zahlenformat. +validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert. +validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationtype.valid=Der Identifikationstype wird nicht unterst\u00FCtzt. +validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich. +validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationnumber.fn.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format. +validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben. +validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. +validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. +validation.general.stork.sptarget=Der STORK SP-Target ist leer. +validation.general.stork.sptargetsize=Die Definition von STORK SP-Target ist nicht korrekt: zu viele Buchstaben. +validation.general.bkuselection.filename.valid=Der Dateiname des BKU-Selektion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.bkuselection.file.valid=Das BKU-Selektion Templates konnte nicht geladen werden. +validation.general.bkuselection.file.selected=Es kann nur EIN BKU-Selektion Template angegeben werden. +validation.general.sendassertion.filename.valid=Der Dateiname des Send-Assertion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte nicht geladen werden. +validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden. + + +validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 +validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig +validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 +validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 +validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein +validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url +validation.stork.ap.name.valid=Ung\u00FCltiger AttributProvider Name +validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00FCr ein Attribut Provider Plugin. Feld darf nicht leer sein und ist als csv anzugeben. + +validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. +validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. +validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. +validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. +validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. + +validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. +validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. + +validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. + +validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden. +validation.general.bkuselection.specialfeatures.combination=Eine zwingend erforderliche Vollmachtenanmeldung in Kombination mit einer ausgeblendeten Vollmachtenauswahlcheckbox ist nicht m\u00F6glich. +validation.general.form.color.background=Die Hintergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.color.front=Die Vordergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.back=Die Hintergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.front=Die Vordergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.text=Die BKU-Auswahl\\u00FCberschrift enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr Focus der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert. +validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl. +validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl. -- cgit v1.2.3 From 7f332668a4b4abb72da13c5734c15039d3d190d5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Mar 2014 10:00:10 +0100 Subject: bugfix: VIDP attribute provider configuration and validation --- .../moa/id/configuration/data/oa/OASTORKConfig.java | 21 ++++++++++++--------- .../configuration/struts/action/EditOAAction.java | 3 +++ .../validation/oa/OASTORKConfigValidation.java | 9 ++++++++- .../main/resources/applicationResources.properties | 1 + 4 files changed, 24 insertions(+), 10 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index d9f2a4d85..f1cc4277c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -40,10 +40,20 @@ public class OASTORKConfig { private boolean isStorkLogonEnabled = false; private int qaa; - private List attributes; + private List attributes = null; + /* + * VIDP settings below + */ + private boolean vidpEnabled = false; + private List attributeProviderPlugins = new ArrayList(); + private boolean requireConsent = false; + public OASTORKConfig() { - + if (attributeProviderPlugins.isEmpty()) { + attributeProviderPlugins.add(new AttributeProviderPlugin()); + } + } /** @@ -146,13 +156,6 @@ public class OASTORKConfig { this.attributes = attributes; } - /* - * VIDP settings below - */ - private boolean vidpEnabled = false; - private List attributeProviderPlugins = new ArrayList(); - private boolean requireConsent; - public List getAvailableAttributeProviderPlugins() { return AttributeProviderFactory.getAvailablePlugins(); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index e5d84d461..80f74ff54 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -219,6 +219,9 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, ConfigurationDBUtils.closeSession(); + //VIDP attribute provider configuration + storkOA = new OASTORKConfig(); + newOA = true; formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 067e85aa6..9e877605e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -56,8 +56,15 @@ public class OASTORKConfigValidation { } if (MiscUtil.isEmpty(current.getName())) { log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty")); + + } else { + if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); + } } + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")); diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 08cf922c5..38b379693 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -423,6 +423,7 @@ validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url +validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name validation.stork.ap.name.valid=Ung\u00FCltiger AttributProvider Name validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00FCr ein Attribut Provider Plugin. Feld darf nicht leer sein und ist als csv anzugeben. -- cgit v1.2.3 From cd16ab61f7de0ef709ddc1330f9b7d0b241ea690 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Mar 2014 10:00:31 +0100 Subject: change boolean data representation --- .../moa/id/configuration/data/oa/OASAML1Config.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index cdfb20294..bb5baf53e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -28,13 +28,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; public class OASAML1Config { - private boolean isActive = false; - private boolean provideStammZahl = false; - private boolean provideAuthBlock = false; - private boolean provideIdentityLink = false; - private boolean provideCertificate = false; - private boolean provideFullMandateData = false; - private boolean useCondition = false; + private Boolean isActive = false; + private Boolean provideStammZahl = false; + private Boolean provideAuthBlock = false; + private Boolean provideIdentityLink = false; + private Boolean provideCertificate = false; + private Boolean provideFullMandateData = false; + private Boolean useCondition = false; private int conditionLength = -1; -- cgit v1.2.3 From 73dcb45b9e027ac9df3f810655139324521956a4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Mar 2014 10:08:12 +0100 Subject: solve VIDP CSS and JS problems --- id/ConfigWebTool/src/main/webapp/css/index.css | 5 +++++ id/ConfigWebTool/src/main/webapp/js/common.js | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index e3d2763c2..9d9f59587 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -183,6 +183,11 @@ body { margin-left: 10px; } +.oa_protocol_area >h5 { + clear: both; + margin-left: 10px; + padding-top: 10px; +} .oa_config_block { padding-left: 15px; diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index a14a287db..7b3974533 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -68,7 +68,7 @@ function oaStork() { } } function oaVIDP() { - if ($('#oa_vidp_area').css('display') == "none" || $('#OAuseVidp').is(':checked')) { + if ($('#oa_vidp_area').css('display') == "none") { $('#oa_vidp_area').css('display', "block"); $('#button_vidp_show').css('display', "none"); $('#button_vidp_hidden').css('display', "block"); -- cgit v1.2.3 From 4ae96b69e758ad34d2ad503d55fb01ed1238b65b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Mar 2014 10:19:48 +0100 Subject: fix VIDP configuration in combination with other OAs --- .../id/configuration/data/oa/OASTORKConfig.java | 3 -- .../configuration/struts/action/EditOAAction.java | 1 + .../validation/oa/OASTORKConfigValidation.java | 39 ++++++++++++---------- 3 files changed, 23 insertions(+), 20 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index f1cc4277c..d5355a421 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -50,9 +50,6 @@ public class OASTORKConfig { private boolean requireConsent = false; public OASTORKConfig() { - if (attributeProviderPlugins.isEmpty()) { - attributeProviderPlugins.add(new AttributeProviderPlugin()); - } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 80f74ff54..78747eca6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -221,6 +221,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, //VIDP attribute provider configuration storkOA = new OASTORKConfig(); + storkOA.getAttributeProviderPlugins().add(new AttributeProviderPlugin()); newOA = true; formID = Random.nextRandom(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 9e877605e..554aa9ff0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -49,26 +49,31 @@ public class OASTORKConfigValidation { new Object[] {qaa} )); } - for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { - if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { - log.info("AttributeProviderPlugin URL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid")); - } - if (MiscUtil.isEmpty(current.getName())) { - log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty")); + if (oageneral.isVidpEnabled()) { + for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { + if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid")); + } + if (MiscUtil.isEmpty(current.getName())) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty")); + + } else { + if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); + } + } - } else { - if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { - log.info("AttributeProviderPlugin Name is not supported."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); - } + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")); + } } - if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { - log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")); - } + } else { + oageneral.setAttributeProviderPlugins(null); } return errors; -- cgit v1.2.3 From 33448e8d05a087804489fb73b36a81dfc9b288d3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Mar 2014 10:27:53 +0100 Subject: solve VIDP problem if user is no admin --- id/ConfigWebTool/src/main/webapp/js/common.js | 2 +- id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 7b3974533..d31a65d87 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -214,8 +214,8 @@ function userOnLoad() { return true; } function oaOnLoad() { - oaBusinessService(); oaStorkService(); + oaBusinessService(); oaSSOService(); oaLegacyService(); oaStork(); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 6749b5131..df946b3a7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -70,7 +70,7 @@ > - + + @@ -102,6 +103,7 @@ +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.stork.header", request) %>

+
-- cgit v1.2.3 From 4508a00bddd36619a684f47841c341a686837847 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 25 Mar 2014 17:09:38 +0100 Subject: fixed missing translation --- id/ConfigWebTool/src/main/resources/applicationResources.properties | 5 +++++ .../src/main/resources/applicationResources_en.properties | 5 +++++ id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 6 ++++-- 3 files changed, 14 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 38b379693..34d2bc81f 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -244,6 +244,11 @@ webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage webpages.oaconfig.sso.usesso=Single Sign-On verwenden webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed +webpages.oaconfig.stork.enabledcpeps=aktivierte Zielländer +webpages.oaconfig.stork.attributes.header=angeforderte Attribute +webpages.oaconfig.stork.attributes.used=anfordern? +webpages.oaconfig.stork.attributes.name=Attributname +webpages.oaconfig.stork.attributes.mandatory=obligatorisch? webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index ab945b0a0..c66572969 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -245,6 +245,11 @@ webpages.oaconfig.sso.usesso=Single Sign-On verwenden webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed webpages.oaconfig.stork.usestork=STORK Logon aktivieren +webpages.oaconfig.stork.attributes.header=angeforderte Attribute +webpages.oaconfig.stork.attributes.used=anfordern? +webpages.oaconfig.stork.attributes.name=Attributname +webpages.oaconfig.stork.attributes.mandatory=obligatorisch? +webpages.oaconfig.stork.enabledcpeps=aktivierte Zielländer webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index df946b3a7..d5396d06e 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -388,9 +388,11 @@ name="storkOA.qaa" key="webpages.moaconfig.stork.qaa" labelposition="left" /> -

Attributes

+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %>

AP PluginURLAttribute (CSV)
- + + + -- cgit v1.2.3 From 1b47a1e5f5787a3d1681cdee8b8bc1ec7a5cd9c9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 25 Mar 2014 17:09:52 +0100 Subject: fixed ugly formatting --- id/ConfigWebTool/src/main/webapp/css/index.css | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 9d9f59587..4f497faaa 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -223,6 +223,12 @@ body { padding-top: 25px; } +.oa_config_block h4 { + clear: both; + padding-top: 20px; + margin-bottom: 10px; +} + #loadOA_webpages_oaconfig_pvp2_certifcate_info{ width: 100%; } -- cgit v1.2.3
verwendetAttributnamemandatory
<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %>