From 320485ae06e93da206049f4c3706db4e4fec554b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Jan 2016 14:03:03 +0100 Subject: refactor PVP Metadata provider functionality --- .../auth/builder/SignatureVerificationUtils.java | 172 +++++++++++++++++ .../auth/invoke/SignatureVerificationInvoker.java | 142 ++++++++++++++ .../parser/VerifyXMLSignatureResponseParser.java | 211 +++++++++++++++++++++ .../pvp2x/metadata/MOAMetadataProvider.java | 10 +- .../verification/metadata/MetadataFilterChain.java | 82 -------- .../metadata/PVPMetadataFilterChain.java | 54 ++++++ .../moa/id/saml2/MetadataFilterChain.java | 73 +++++++ 7 files changed, 657 insertions(+), 87 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java new file mode 100644 index 000000000..e321c9d05 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -0,0 +1,172 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * @author tlenz + * + */ +public class SignatureVerificationUtils { + /** shortcut for XMLNS namespace URI */ + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** shortcut for MOA namespace URI */ + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + /** The DSIG-Prefix */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** The document containing the VerifyXMLsignatureRequest */ + private Document requestDoc_; + /** the VerifyXMLsignatureRequest root element */ + private Element requestElem_; + + + public SignatureVerificationUtils() throws BuildException { + try { + DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + requestDoc_ = docBuilder.newDocument(); + requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + + } catch (Throwable t) { + throw new BuildException( + "builder.00", + new Object[] {"VerifyXMLSignatureRequest", t.toString()}, + t); + } + } + + public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + try { + //build signature-verification request + Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); + + //send signature-verification to MOA-SP + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + return verifyXMLSignatureResponse; + + } catch (ParseException e) { + Logger.error("Build signature-verification request FAILED." ,e); + throw e; + + } catch (ServiceException e) { + Logger.error("MOA-SP signature verification FAILED." ,e); + throw e; + + } + + } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param signature - The XML signature as byte[] + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + private Element build(byte[] signature, String trustProfileID) + throws ParseException + { + try { + // build the request + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + + // insert the base64 encoded signature + String base64EncodedAssertion = Base64Utils.encode(signature); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + + //add trustProfileID + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java new file mode 100644 index 000000000..72a7d3ba1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -0,0 +1,142 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.invoke; + +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.SignatureVerificationService; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * Invoker of the SignatureVerification web service of MOA-SPSS.
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class SignatureVerificationInvoker { + /** This QName Object identifies the SignatureVerification endpoint of the web service */ + private static final QName SERVICE_QNAME = new QName("SignatureVerification"); + + /** + * Method verifyXMLSignature. + * @param request to be sent + * @return Element with the answer + * @throws ServiceException if an error occurs + */ + public Element verifyXMLSignature(Element request) throws ServiceException { + return doCall(SERVICE_QNAME, request); + } + + /** + * Method doCall. + * @param serviceName the name of the service + * @param request the request to be sent + * @return Element the answer + * @throws ServiceException if an error occurs + */ + protected Element doCall(QName serviceName, Element request) throws ServiceException { + ConnectionParameter authConnParam = null; + try { + Service service = ServiceFactory.newInstance().createService(serviceName); + Call call = service.createCall(); + SOAPBodyElement body = new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] { body }; + Vector responses; + SOAPBodyElement response; + + String endPoint; + AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); + authConnParam = authConfigProvider.getMoaSpConnectionParameter(); + //If the ConnectionParameter do NOT exist, we try to get the api to work.... + if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { + Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); + endPoint = authConnParam.getUrl(); + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(serviceName, params); + Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used + response = (SOAPBodyElement) responses.get(0); + return response.getAsDOM(); + } + else { + SignatureVerificationService svs = SignatureVerificationService.getInstance(); + VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); + + VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); + Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); + + //Logger.setHierarchy("moa.id.auth"); + return result.getDocumentElement(); + } + } + catch (Exception ex) { + if (authConnParam != null) { + throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); + } else { + throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); + } + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java new file mode 100644 index 000000000..7bce406e0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -0,0 +1,211 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.parser; + +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses a <VerifyXMLSignatureResponse> returned by + * MOA-SPSS. + * This class implements the Singleton pattern + * + * @author Stefan Knirsch + * @version $Id$ + */ + + +public class VerifyXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching MOA Namespaces */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** Xpath prefix for reaching DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; + + /** Xpath expression to the X509SubjectName element */ + private static final String DSIG_SUBJECT_NAME_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509SubjectName"; + /** Xpath expression to the X509Certificate element */ + private static final String DSIG_X509_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509Certificate"; + /** Xpath expression to the PublicAuthority element */ + private static final String PUBLIC_AUTHORITY_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "PublicAuthority"; + /** Xpath expression to the PublicAuthorityCode element */ + private static final String PUBLIC_AUTHORITY_CODE_XPATH = + PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; + /** Xpath expression to the QualifiedCertificate element */ + private static final String QUALIFIED_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "QualifiedCertificate"; + + /** Xpath expression to the SignatureCheckCode element */ + private static final String SIGNATURE_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureCheck/" + MOA + "Code"; + /** Xpath expression to the XMLDSIGManifestCheckCode element */ + private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the SignatureManifestCheckCode element */ + private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; + /** Xpath expression to the CertificateCheckCode element */ + private static final String CERTIFICATE_CHECK_CODE_XPATH = + ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element verifyXMLSignatureResponse; + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming String will be created + * @param xmlResponse <InfoboxReadResponse> as String + * @throws ParseException on any parsing error + */ + public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlResponse <InfoboxReadResponse> as InputStream + * @throws Exception on any parsing error + */ + public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception + { + try { + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <InfoboxReadResponse> as Element + */ + public VerifyXMLSignatureResponseParser(Element xmlResponse) + { + verifyXMLSignatureResponse =xmlResponse; + + } + + /** + * Parse identity link from <InfoboxReadResponse> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public VerifyXMLSignatureResponse parseData() throws ParseException { + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + + try { + + String s = DOMUtils.serializeNode(verifyXMLSignatureResponse); + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } else { + respData.setXmlDSIGManigest(false); + } + String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null); + if (signatureManifestCheckCode != null) { + respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); + } + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + return respData; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index f33cadc41..f4c099878 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -60,7 +60,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -422,8 +422,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ internalProvider = chainProvider; } - private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException { - MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); + private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException { + PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); if (oaParam.isInderfederationIDP()) { @@ -435,7 +435,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ return filterChain; } - private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) { + private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) { HTTPMetadataProvider httpProvider = null; Timer timer= null; MOAHttpClient httpClient = null; @@ -470,7 +470,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ //httpProvider.setRefreshDelayFactor(0.1F); if (filter == null) { - filter = new MetadataFilterChain(metadataURL, certificate); + filter = new PVPMetadataFilterChain(metadataURL, certificate); } httpProvider.setMetadataFilter(filter); httpProvider.initialize(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java deleted file mode 100644 index 4e1d939ff..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; - -import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.FilterException; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class MetadataFilterChain implements MetadataFilter { - - private List filters = new ArrayList(); - - /** - * @throws CertificateException - * - */ - public MetadataFilterChain(String url, byte[] certificate) throws CertificateException { - addDefaultFilters(url, certificate); - } - - public void addDefaultFilters(String url, byte[] certificate) throws CertificateException { - filters.add(new MetadataSignatureFilter(url, certificate)); - - } - - /** - * @return the filter - */ - public List getFilters() { - return filters; - } - - - /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) - */ - @Override - public void doFilter(XMLObject arg0) throws FilterException { - for (MetadataFilter filter : filters) { - Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName()); - filter.doFilter(arg0); - } - - } - - - - - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java new file mode 100644 index 000000000..4c1da747b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java @@ -0,0 +1,54 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import java.security.cert.CertificateException; + +import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; + +/** + * @author tlenz + * + */ +public class PVPMetadataFilterChain extends MetadataFilterChain { + + + /** + * @throws CertificateException + * + */ + public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException { + addDefaultFilters(url, certificate); + } + + public void addDefaultFilters(String url, byte[] certificate) throws CertificateException { + addFilter(new MetadataSignatureFilter(url, certificate)); + + } + + + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java new file mode 100644 index 000000000..e7412a0fc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java @@ -0,0 +1,73 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.saml2; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MetadataFilterChain implements MetadataFilter { + + private List filters = new ArrayList(); + + /** + * Return all actually used Metadata filters + * + * @return List of Metadata filters + */ + public List getFilters() { + return filters; + } + + /** + * Add a new Metadata filter to filterchain + * + * @param filter + */ + public void addFilter(MetadataFilter filter) { + filters.add(filter); + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + for (MetadataFilter filter : filters) { + Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName()); + filter.doFilter(arg0); + } + + } + +} -- cgit v1.2.3 From ced2df85fa74ea2db9949b18e075e20af6168df0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Jan 2016 14:03:37 +0100 Subject: add JavaDoc --- .../java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index ad3268b90..1d8ea4cd4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -89,6 +89,11 @@ public interface AuthConfiguration extends ConfigurationProvider{ public boolean isAdvancedLoggingActive(); + /** + * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. + * + * @return the PublicURLPrefix without trailing slash or {@code null} + */ public String getPublicURLPrefix(); public boolean isPVP2AssertionEncryptionActive(); -- cgit v1.2.3 From be6c425ea5a82ecc3d57ae365ea2c49866d29705 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jan 2016 08:58:44 +0100 Subject: temporary problem fix for default security definitions (PVP / eIDAS SAML-engine) --- ...s-with-OracleDB-and-configuration-storage.patch | 1158 ++++++++++++++++++++ ...ult-filename-in-configuration-download-di.patch | 25 + 0003-update-handbook-and-release-information.patch | 752 +++++++++++++ .../ts_119612v010201_additionaltypes_xsd.xsd | 35 + .../resources/schemas/ts_119612v010201_sie_xsd.xsd | 81 ++ .../resources/schemas/ts_119612v010201_xsd.xsd | 337 ++++++ .../opemsaml/MOAStringRedirectDeflateEncoder.java | 4 + .../id/protocols/pvp2x/binding/PostBinding.java | 8 + .../protocols/pvp2x/binding/RedirectBinding.java | 8 + .../id/protocols/pvp2x/binding/SoapBinding.java | 5 + .../pvp2x/config/MOADefaultBootstrap.java | 5 +- .../iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar | Bin 0 -> 232486 bytes .../iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom | 8 + 13 files changed, 2425 insertions(+), 1 deletion(-) create mode 100644 0001-fix-problems-with-OracleDB-and-configuration-storage.patch create mode 100644 0002-change-default-filename-in-configuration-download-di.patch create mode 100644 0003-update-handbook-and-release-information.patch create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd create mode 100644 repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar create mode 100644 repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom (limited to 'id/server/idserverlib/src/main/java') diff --git a/0001-fix-problems-with-OracleDB-and-configuration-storage.patch b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch new file mode 100644 index 000000000..c03696599 --- /dev/null +++ b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch @@ -0,0 +1,1158 @@ +From fa3f73a46151d06c4f80eb0c43d3eda6c23c3709 Mon Sep 17 00:00:00 2001 +From: Thomas Lenz +Date: Tue, 15 Sep 2015 12:55:30 +0200 +Subject: [PATCH 1/3] fix problems with OracleDB and configuration storage + implementation + +--- + .../config/ConfigurationProvider.java | 7 + + .../validation/oa/OAPVP2ConfigValidation.java | 6 +- + .../moa-id-configtool.properties | 1 + + .../data/deploy/conf/moa-id/moa-id.properties | 1 + + .../PropertyBasedAuthConfigurationProvider.java | 12 +- + .../id/storage/AuthenticationSessionStoreage.java | 569 ++++++++++++--------- + .../main/resources/moaid.configuration.beans.xml | 2 +- + .../config/persistence/MOAIDConfiguration.java | 12 + + .../config/persistence/MOAIDConfigurationImpl.java | 110 ++-- + .../moa/id/commons/db/MOASessionDBUtils.java | 10 +- + .../moa/id/commons/db/NewConfigurationDBRead.java | 7 +- + .../db/dao/config/DatabaseConfigPropertyImpl.java | 35 +- + .../src/main/resources/moaid.migration.beans.xml | 2 +- + 13 files changed, 494 insertions(+), 280 deletions(-) + +diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +index 849e819..e2a55db 100644 +--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java ++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +@@ -188,6 +188,13 @@ public class ConfigurationProvider { + + + /** ++ * @return the props ++ */ ++ public Properties getConfigurationProperties() { ++ return props; ++ } ++ ++ /** + * @return the deprecatedDBWrite + */ + public FileBasedUserConfiguration getUserManagement() { +diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +index 18452ed..35b6927 100644 +--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java ++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +@@ -76,7 +76,11 @@ public class OAPVP2ConfigValidation { + + else { + try { +- Map oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID); ++ //OracleDB does not allow the selection of a lob in SQL where expression ++ String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); ++ boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."); ++ ++ Map oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); + if (oa != null && + MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { + certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); +diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties +index 9a3b367..825a9f1 100644 +--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties ++++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties +@@ -35,6 +35,7 @@ dbcp.maxWaitMillis=-1 + dbcp.testOnBorrow=true + dbcp.testOnReturn=false + dbcp.testWhileIdle=false ++dbcp.validationQuery=SELECT 1 + + ##Mail + general.mail.host=smtp.localhost... +diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties +index 66f9afa..49e69c5 100644 +--- a/id/server/data/deploy/conf/moa-id/moa-id.properties ++++ b/id/server/data/deploy/conf/moa-id/moa-id.properties +@@ -107,6 +107,7 @@ configuration.dbcp.maxWaitMillis=-1 + configuration.dbcp.testOnBorrow=true + configuration.dbcp.testOnReturn=false + configuration.dbcp.testWhileIdle=false ++configuration.dbcp.validationQuery=SELECT 1 + + # + #Hibnerate configuration for MOA-ID 2.0 advanced statistic logging +diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +index 190c5f0..6458314 100644 +--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java ++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +@@ -980,9 +980,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide + * @return the requested online application or {@code null} + */ + public Map getActiveOnlineApplication(String id) { +- Logger.trace("Get active OnlineApplication with ID " + id + " from database."); ++ Logger.trace("Get active OnlineApplication with ID " + id + " from database."); ++ Map oaConfig = null; + try { +- Map oaConfig = configuration.getOnlineApplication(id); ++ //OracleDB does not allow the selection of a lob in SQL where expression ++ String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); ++ if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.")) ++ oaConfig = configuration.getOnlineApplicationBackupVersion(id); ++ ++ else ++ oaConfig = configuration.getOnlineApplication(id); ++ + if (oaConfig != null) { + String isActiveString = oaConfig.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE); + if (isActiveString != null && Boolean.valueOf(isActiveString)) +diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +index 4b4b5dd..829383c 100644 +--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java ++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +@@ -206,26 +206,34 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- +- session.beginTransaction(); +- Query query = session.getNamedQuery("getSessionWithID"); +- query.setParameter("sessionid", moaSessionID); +- result = query.list(); +- +- +- Logger.trace("Found entries: " + result.size()); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getSessionWithID"); ++ query.setParameter("sessionid", moaSessionID); ++ result = query.list(); ++ + +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No entries found."); +- throw new MOADatabaseException("No session found with this sessionID"); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No entries found."); ++ throw new MOADatabaseException("No session found with this sessionID"); ++ } ++ ++ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); ++ tx.commit(); ++ cleanDelete(dbsession); + } + +- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); +- session.getTransaction().commit(); +- cleanDelete(dbsession); ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ + } + + } +@@ -290,28 +298,36 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getSessionWithSSOID"); +- query.setParameter("sessionid", SSOSessionID); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getSessionWithSSOID"); ++ query.setParameter("sessionid", SSOSessionID); ++ result = query.list(); + +- //send transaction +- session.getTransaction().commit(); +- } ++ //send transaction ++ tx.commit(); ++ ++ } + +- Logger.trace("Found entries: " + result.size()); ++ Logger.trace("Found entries: " + result.size()); + +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No entries found."); +- return null; ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No entries found."); ++ return null; + +- } else { +- return result.get(0).getSessionid(); ++ } else { ++ return result.get(0).getSessionid(); + +- } ++ } ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { +@@ -331,27 +347,33 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getSessionWithSSOID"); +- query.setParameter("sessionid", SSOId); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getSessionWithSSOID"); ++ query.setParameter("sessionid", SSOId); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } ++ ++ Logger.trace("Found entries: " + result.size()); + +- //send transaction +- session.getTransaction().commit(); ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No entries found."); ++ return null; ++ ++ } else { ++ return result.get(0); ++ } ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; + } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No entries found."); +- return null; +- +- } else { +- return result.get(0); +- } + } + + public static void addSSOInformation(String moaSessionID, String SSOSessionID, +@@ -453,13 +475,15 @@ public class AuthenticationSessionStoreage { + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); +- tx.rollback(); +- throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); +- } ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); ++ } + } + + public static List getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); ++ Session session = null; + + try { + List oas = new ArrayList(); +@@ -467,7 +491,7 @@ public class AuthenticationSessionStoreage { + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + oas.addAll(dbsession.getActiveOAsessions()); + +- Session session = MOASessionDBUtils.getCurrentSession(); ++ session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return oas; +@@ -475,6 +499,14 @@ public class AuthenticationSessionStoreage { + } catch (MOADatabaseException e) { + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); + ++ } catch (Exception e) { ++ if (session != null && session.getTransaction() != null ++ && !session.getTransaction().wasCommitted()) { ++ session.getTransaction().rollback(); ++ throw e; ++ ++ } ++ + } + + return null; +@@ -482,13 +514,13 @@ public class AuthenticationSessionStoreage { + + public static List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); +- ++ Session session = null; + try { + List idps = new ArrayList(); + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + idps.addAll(dbsession.getInderfederation()); + +- Session session = MOASessionDBUtils.getCurrentSession(); ++ session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return idps; +@@ -496,6 +528,14 @@ public class AuthenticationSessionStoreage { + } catch (MOADatabaseException e) { + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); + ++ } catch (Exception e) { ++ if (session != null && session.getTransaction() != null ++ && !session.getTransaction().wasCommitted()) { ++ session.getTransaction().rollback(); ++ throw e; ++ ++ } ++ + } + + return null; +@@ -507,35 +547,42 @@ public class AuthenticationSessionStoreage { + Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + + oaID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); +- +- List result; ++ Transaction tx = null; + +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); +- query.setParameter("oaID", oaID); +- query.setParameter("nameID", userNameID); +- result = query.list(); ++ List result = null;; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); ++ query.setParameter("oaID", oaID); ++ query.setParameter("nameID", userNameID); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No unique entry found."); +- return null; +- +- } +- try { +- return decryptSession(result.get(0)); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No unique entry found."); ++ return null; ++ ++ } ++ ++ return decryptSession(result.get(0)); + + } catch (BuildException e) { +- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); ++ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); + return null; ++ ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; + } ++ + } + + public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { +@@ -547,29 +594,36 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); +- query.setParameter("sessionID", moaSession.getSessionID()); +- query.setParameter("oaID", oaID); +- query.setParameter("protocol", protocolType); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); ++ query.setParameter("sessionID", moaSession.getSessionID()); ++ query.setParameter("oaID", oaID); ++ query.setParameter("protocol", protocolType); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() == 0) { +- Logger.trace("No entries found."); +- return null; +- +- } +- +- return result.get(0).getActiveOAsessions().get(0); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() == 0) { ++ Logger.trace("No entries found."); ++ return null; ++ ++ } ++ ++ return result.get(0).getActiveOAsessions().get(0); ++ ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + public static String getPendingRequestID(String sessionID) { +@@ -584,6 +638,7 @@ public class AuthenticationSessionStoreage { + } + + public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { ++ Transaction tx = null; + try { + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); + Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); +@@ -592,13 +647,13 @@ public class AuthenticationSessionStoreage { + List result; + + synchronized (session) { +- session.beginTransaction(); ++ tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", pedingRequestID); + result = query.list(); + + //send transaction +- session.getTransaction().commit(); ++ tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); +@@ -613,8 +668,13 @@ public class AuthenticationSessionStoreage { + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); ++ ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ + return null; +- } ++ ++ } + } + + public static boolean deleteSessionWithPendingRequestID(String id) { +@@ -623,34 +683,39 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getSessionWithPendingRequestID"); +- query.setParameter("sessionid", id); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getSessionWithPendingRequestID"); ++ query.setParameter("sessionid", id); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No entries found."); +- return false; +- +- } else { +- cleanDelete(result.get(0)); +- return true; +- } +- +- ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No entries found."); ++ return false; ++ ++ } else { ++ cleanDelete(result.get(0)); ++ return true; ++ } ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + public static AuthenticationSession getSessionWithUserNameID(String nameID) { + ++ Transaction tx = null; + try { + MiscUtil.assertNotNull(nameID, "nameID"); + Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); +@@ -659,13 +724,13 @@ public class AuthenticationSessionStoreage { + List result; + + synchronized (session) { +- session.beginTransaction(); ++ tx = session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); + query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); + result = query.list(); + + //send transaction +- session.getTransaction().commit(); ++ tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); +@@ -679,7 +744,9 @@ public class AuthenticationSessionStoreage { + return decryptSession(result.get(0)); + + } catch (Throwable e) { +- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); ++ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); + return null; + } + +@@ -691,27 +758,33 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); +- query.setParameter("sessionID", sessionID); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); ++ query.setParameter("sessionID", sessionID); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() == 0) { +- Logger.trace("No entries found."); +- return null; +- +- } +- +- return result.get(0).getInderfederation().get(0); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() == 0) { ++ Logger.trace("No entries found."); ++ return null; ++ ++ } ++ ++ return result.get(0).getInderfederation().get(0); ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { +@@ -721,28 +794,34 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); +- query.setParameter("sessionID", sessionID); +- query.setParameter("idpID", idpID); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); ++ query.setParameter("sessionID", sessionID); ++ query.setParameter("idpID", idpID); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() == 0) { +- Logger.trace("No entries found."); +- return null; +- +- } +- +- return result.get(0).getInderfederation().get(0); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() == 0) { ++ Logger.trace("No entries found."); ++ return null; ++ ++ } ++ ++ return result.get(0).getInderfederation().get(0); ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { +@@ -847,27 +926,33 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); +- query.setParameter("sessionID", moaSession.getSessionID()); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); ++ query.setParameter("sessionID", moaSession.getSessionID()); ++ result = query.list(); ++ ++ //send transaction ++ tx.commit(); ++ } + +- //send transaction +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() == 0) { +- Logger.trace("No entries found."); +- return null; +- +- } +- +- return result.get(0).getInderfederation().get(0); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() == 0) { ++ Logger.trace("No entries found."); ++ return null; ++ ++ } ++ ++ return result.get(0).getInderfederation().get(0); ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; ++ } + } + + /** +@@ -930,28 +1015,34 @@ public class AuthenticationSessionStoreage { + + List results; + Session session = MOASessionDBUtils.getCurrentSession(); +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); +- query.setTimestamp("timeoutcreate", expioredatecreate); +- query.setTimestamp("timeoutupdate", expioredateupdate); +- results = query.list(); +- session.getTransaction().commit(); +- } +- +- if (results.size() != 0) { +- for(AuthenticatedSessionStore result : results) { +- try { +- cleanDelete(result); +- Logger.info("Authenticated session with sessionID=" + result.getSessionid() +- + " after session timeout."); +- +- } catch (HibernateException e){ +- Logger.warn("Authenticated session with sessionID=" + result.getSessionid() +- + " not removed after timeout! (Error during Database communication)", e); +- } +- } ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); ++ query.setTimestamp("timeoutcreate", expioredatecreate); ++ query.setTimestamp("timeoutupdate", expioredateupdate); ++ results = query.list(); ++ tx.commit(); ++ } ++ ++ if (results.size() != 0) { ++ for(AuthenticatedSessionStore result : results) { ++ try { ++ cleanDelete(result); ++ Logger.info("Authenticated session with sessionID=" + result.getSessionid() ++ + " after session timeout."); ++ ++ } catch (HibernateException e){ ++ Logger.warn("Authenticated session with sessionID=" + result.getSessionid() ++ + " not removed after timeout! (Error during Database communication)", e); ++ } ++ } ++ } ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted()) ++ tx.rollback(); ++ throw e; + } + } + +@@ -1004,26 +1095,32 @@ public class AuthenticationSessionStoreage { + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; +- +- synchronized (session) { +- session.beginTransaction(); +- Query query = session.getNamedQuery("getSessionWithID"); +- query.setParameter("sessionid", sessionID); +- result = query.list(); ++ Transaction tx = null; ++ try { ++ synchronized (session) { ++ tx = session.beginTransaction(); ++ Query query = session.getNamedQuery("getSessionWithID"); ++ query.setParameter("sessionid", sessionID); ++ result = query.list(); ++ ++ //send transaction ++ if (commit) ++ tx.commit(); ++ } + +- //send transaction +- if (commit) +- session.getTransaction().commit(); +- } +- +- Logger.trace("Found entries: " + result.size()); +- +- //Assertion requires an unique artifact +- if (result.size() != 1) { +- Logger.trace("No entries found."); +- throw new MOADatabaseException("No session found with this sessionID"); +- } +- +- return (AuthenticatedSessionStore) result.get(0); ++ Logger.trace("Found entries: " + result.size()); ++ ++ //Assertion requires an unique artifact ++ if (result.size() != 1) { ++ Logger.trace("No entries found."); ++ throw new MOADatabaseException("No session found with this sessionID"); ++ } ++ ++ return (AuthenticatedSessionStore) result.get(0); ++ } catch (Exception e) { ++ if (tx != null && !tx.wasCommitted() && commit) ++ tx.rollback(); ++ throw e; ++ } + } + } +diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +index 206fde8..7e319e2 100644 +--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml ++++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +@@ -29,7 +29,7 @@ + + + +- ++ + + + +diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java +index 223f29a..4bd459f 100644 +--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java ++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java +@@ -61,4 +61,16 @@ public interface MOAIDConfiguration extends Configuration { + * @throws ConfigurationException in case of an configuration access error + */ + public Map getOnlineApplication(String publicURLPrefix) throws ConfigurationException; ++ ++ ++ /** ++ * Load an OnlineApplication configuration and remove the OA key prefix ++ * This is a backup version if direct UniqueID selection does not work ++ * ++ * @param publicURLPrefix: Unique identifier of online application ++ * @return Properties of the online application or null if no OA is found ++ * @throws ConfigurationException in case of an configuration access error ++ */ ++ public Map getOnlineApplicationBackupVersion(String publicURLPrefix) throws ConfigurationException; ++ + } +\ No newline at end of file +diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +index 297c63d..b9b5ad6 100644 +--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java ++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +@@ -1,5 +1,7 @@ + package at.gv.egovernment.moa.id.commons.config.persistence; + ++import java.sql.SQLSyntaxErrorException; ++import java.util.ArrayList; + import java.util.HashMap; + import java.util.Iterator; + import java.util.List; +@@ -131,13 +133,88 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement + String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER; +- ++ ++ List oaSearchResult = null; + TypedQuery oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key and dbconfig.value = SUBSTRING(:uniqueID, 1, LENGTH(dbconfig.value))", ConfigProperty.class); + oaSearchQuery.setParameter("key", keyId); + oaSearchQuery.setParameter("uniqueID", publicURLPrefix); +- List oaSearchResult = oaSearchQuery.getResultList(); ++ oaSearchResult = oaSearchQuery.getResultList(); ++ ++ return postProcessLoadOnlineApplication(em, oaSearchResult); ++ ++ } ++ ++ /* (non-Javadoc) ++ * @see at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration#getOnlineApplicationBackupVersion(java.lang.String) ++ */ ++ @Override ++ public Map getOnlineApplicationBackupVersion( ++ String publicURLPrefix) throws ConfigurationException { ++ Logger.debug("Use backup implementation to query configuration database"); ++ ++ EntityManager em = this.getPersistenceContext(); ++ if (null == em) { ++ Logger.error("No EntityManager set!"); ++ throw new ConfigurationException("No EntityManager set!"); ++ ++ } ++ ++ //search key prefix for online application with this publicURLPrefix ++ String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES ++ + ".%." ++ + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER; + +- if (oaSearchResult.size() == 0) { ++ List oaSearchResult = new ArrayList(); ++ ++ TypedQuery oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class); ++ oaSearchQuery.setParameter("key", keyId); ++ List intermResult = oaSearchQuery.getResultList(); ++ if (intermResult != null) { ++ for (ConfigProperty el : intermResult) { ++ if (publicURLPrefix.startsWith(el.getValue())) ++ oaSearchResult.add(el); ++ ++ } ++ } ++ ++ return postProcessLoadOnlineApplication(em, oaSearchResult); ++ ++ } ++ ++ /** ++ * Small helper method. NOTE: may return empty configuration properties, but never {@code null}. ++ * ++ * @param propPrefix: the prefix of the desired property. ++ * @param input: List of database objects with key/value information. ++ * @param removePrefix: Indicates if the prefix should be removed from the result key ++ * @return the {@link Map} of configuration properties ++ */ ++ private Map getKeyValueFromDatabaseDAO(Iterator input, final String prefix, boolean removePrefix) { ++ Map configProp = new HashMap(); ++ while (input.hasNext()) { ++ ConfigProperty el = input.next(); ++ if (removePrefix) { ++ if (el.getKey().startsWith(prefix)) { ++ String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix); ++ configProp.put(propertyName, el.getValue()); ++ ++ } ++ } else ++ configProp.put(el.getKey(), el.getValue()); ++ ++ } ++ return configProp; ++ } ++ ++ /** ++ * Online-Application load operation post-processing ++ * ++ * @param em EntityManager for Database access ++ * @param oaSearchResult Search result of first OA selection operation ++ * @return Map of post-processed OA configuration key/value pairs ++ */ ++ private Map postProcessLoadOnlineApplication(EntityManager em, List oaSearchResult) { ++ if (oaSearchResult == null || oaSearchResult.size() == 0) { + Logger.debug("No entries found."); + return null; } + +@@ -170,31 +247,6 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement + result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType); + + return result; ++ + } +- +- /** +- * Small helper method. NOTE: may return empty configuration properties, but never {@code null}. +- * +- * @param propPrefix: the prefix of the desired property. +- * @param input: List of database objects with key/value information. +- * @param removePrefix: Indicates if the prefix should be removed from the result key +- * @return the {@link Map} of configuration properties +- */ +- private Map getKeyValueFromDatabaseDAO(Iterator input, final String prefix, boolean removePrefix) { +- Map configProp = new HashMap(); +- while (input.hasNext()) { +- ConfigProperty el = input.next(); +- if (removePrefix) { +- if (el.getKey().startsWith(prefix)) { +- String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix); +- configProp.put(propertyName, el.getValue()); +- +- } +- } else +- configProp.put(el.getKey(), el.getValue()); +- +- } +- return configProp; +- } +- + } +diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +index 7621552..49e0634 100644 +--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java ++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +@@ -163,8 +163,9 @@ public final class MOASessionDBUtils { + + } catch(HibernateException e) { + Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e); +- tx.rollback(); +- throw new MOADatabaseException(e); ++ if (tx != null) ++ tx.rollback(); ++ throw new MOADatabaseException(e); + } + } + +@@ -183,8 +184,9 @@ public final class MOASessionDBUtils { + + } catch(HibernateException e) { + Logger.warn("Error during MOASession database delete. Rollback.", e); +- tx.rollback(); +- return false; ++ if (tx != null) ++ tx.rollback(); ++ return false; + } + } + +diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +index 0f157f1..c049eeb 100644 +--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java ++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +@@ -41,9 +41,12 @@ public class NewConfigurationDBRead { + + } + +- public Map getOnlineApplicationKeyValueWithId(String id) { ++ public Map getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) { + try { +- return conf.getOnlineApplication(id); ++ if (backupVersion) ++ return conf.getOnlineApplicationBackupVersion(id); ++ else ++ return conf.getOnlineApplication(id); + + } catch (ConfigurationException e) { + Logger.warn("OnlineApplication with Id: " + id + " not found.", e); +diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java +index f59e39a..aad830d 100644 +--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java ++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java +@@ -1,6 +1,10 @@ + package at.gv.egovernment.moa.id.commons.db.dao.config; + ++import java.util.ArrayList; ++import java.util.Iterator; + import java.util.List; ++import java.util.Map.Entry; ++import java.util.regex.Pattern; + + import javax.persistence.EntityManager; + import javax.persistence.PersistenceContext; +@@ -137,10 +141,33 @@ public class DatabaseConfigPropertyImpl extends AbstractConfigurationImpl { + throw new ConfigurationException("No EntityManager set!"); + } + +- TypedQuery query = em.createQuery("select key from ConfigProperty dbconfig where dbconfig.value like :value", String.class); +- query.setParameter("value", searchString.replace("*", "%")); +- List result = query.getResultList(); +- return result.toArray(new String[result.size()]); ++ TypedQuery query = em.createQuery("select * from ConfigProperty dbconfig", ConfigProperty.class); ++ List all = query.getResultList(); ++ ++ searchString = searchString.replace(".", "\\."); ++ String regex = searchString.replace("*", ".*"); ++ regex = regex.replace("%", "\\w*"); ++ log.debug("Searching with regex: {}", regex); ++ Pattern pattern = Pattern.compile(regex); ++ ++ List keyList = new ArrayList(); ++ Iterator keyIt; ++ if (all != null) { ++ keyIt = all.iterator(); ++ while(keyIt.hasNext()) { ++ ConfigProperty entry = keyIt.next(); ++ String value = entry.getValue(); ++ String key = entry.getKey(); ++ ++ if(pattern.matcher(value).matches()) { ++ keyList.add(key); ++ } ++ } ++ } ++ ++ String[] result = new String[keyList.size()]; ++ return keyList.toArray(result); ++ + } + + /* (non-Javadoc) +diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml +index 3bd1222..c758e23 100644 +--- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml ++++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml +@@ -31,7 +31,7 @@ + + + +- ++ + + + +-- +1.9.5.msysgit.0 + diff --git a/0002-change-default-filename-in-configuration-download-di.patch b/0002-change-default-filename-in-configuration-download-di.patch new file mode 100644 index 000000000..d95f57e38 --- /dev/null +++ b/0002-change-default-filename-in-configuration-download-di.patch @@ -0,0 +1,25 @@ +From 2362892f59b8daccb8c0a2155048c5adc7a1a7ea Mon Sep 17 00:00:00 2001 +From: Thomas Lenz +Date: Tue, 15 Sep 2015 12:56:17 +0200 +Subject: [PATCH 2/3] change default filename in configuration download dialog + +--- + id/ConfigWebTool/src/main/resources/struts.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml +index 701cc99..f978e93 100644 +--- a/id/ConfigWebTool/src/main/resources/struts.xml ++++ b/id/ConfigWebTool/src/main/resources/struts.xml +@@ -284,7 +284,7 @@ + + application/octet-stream + fileInputStream +- attachment;filename="MOAID-2.0_config.xml" ++ attachment;filename="MOAID-3.0_config.properties" + 1024 + + +-- +1.9.5.msysgit.0 + diff --git a/0003-update-handbook-and-release-information.patch b/0003-update-handbook-and-release-information.patch new file mode 100644 index 000000000..6c8a4ee2a --- /dev/null +++ b/0003-update-handbook-and-release-information.patch @@ -0,0 +1,752 @@ +From 8149f22dc110b82ef2910db0037d037062628dd5 Mon Sep 17 00:00:00 2001 +From: Thomas Lenz +Date: Tue, 15 Sep 2015 13:02:59 +0200 +Subject: [PATCH 3/3] - update handbook and release information - change + version to 3.0.2 + +--- + id/history.txt | 7 + + id/readme_3.0.2.txt | 644 ++++++++++++++++++++++++++++++ + id/server/doc/handbook/config/config.html | 16 +- + pom.xml | 12 +- + 4 files changed, 672 insertions(+), 7 deletions(-) + create mode 100644 id/readme_3.0.2.txt + +diff --git a/id/history.txt b/id/history.txt +index f1b9adf..6ad08d9 100644 +--- a/id/history.txt ++++ b/id/history.txt +@@ -1,5 +1,12 @@ + Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf. + ++Version MOA-ID Release 3.0.2: Änderungen seit Version MOA-ID 3.0.1 ++- Änderungen ++ - Bug-Fix für Zugriff auf Oracle Datenbanken ++ - ++ ++ ++ ------------------------------------------------------------------------------ + Version MOA-ID Release 3.0.1: Änderungen seit Version MOA-ID 3.0.0 + - Änderungen + - Bug-Fix für Testkarten mit Testkarten-OID +diff --git a/id/readme_3.0.2.txt b/id/readme_3.0.2.txt +new file mode 100644 +index 0000000..cd752a6 +--- /dev/null ++++ b/id/readme_3.0.2.txt +@@ -0,0 +1,644 @@ ++=============================================================================== ++MOA ID Version Release 3.0.2 - Wichtige Informationen zur Installation ++=============================================================================== ++ ++------------------------------------------------------------------------------- ++A. Neuerungen/Änderungen ++------------------------------------------------------------------------------- ++ ++Mit MOA ID Version 3.0.2 wurden folgende Neuerungen und Änderungen eingeführt, ++die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch ++history.txt im gleichen Verzeichnis). Da es sich bei der Version 3.0.2 nur um ++Version mit minimaler Fehlerbereinigung handelt sind zusätzlich auch alle ++Änderungen aus der Version 3.0.0 und 3.0.1 zur Information gelisted: ++ ++- Änderungen ++ - Bug-Fix für Zugriff auf Oracle Datenbanken ++ ++Anpassungen aus MOA-ID 3.0.0 und 3.0.1 ++- Änderungen ++ - Redesign des Datenmodels für die Configuration ++ - Redesign des Authentifizierungsprozessmanagment ++ - Anpassung VIDP Code für STORK ++ - Update von TrustStore und CertSTore ++ - Kleinere Bug-Fixes ++ - Update von Libraries ++ - Bug-Fix für Testkarten mit Testkarten-OID ++ ++------------------------------------------------------------------------------- ++B. Durchführung eines Updates ++------------------------------------------------------------------------------- ++ ++Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch ++eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher ++MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend ++angebebenen Updateschritte. ++ ++Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.0.x ++reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export ++Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. ++Diese Datei dient dann als Basis für den Import in MOA-ID 3.0.x. ++ ++............................................................................... ++B.0 Durchführung eines Updates von Version 3.0.1 auf Version 3.0.2 ++............................................................................... ++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war ++ als auch das komplette Verzeichnis moa-id-auth. ++ ++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Hinzufügen der zusätzlichen Konfigurationsparameter in der ++ MOA-ID-Configuration Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties ++ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der ++ Datenbankverbindung ++ z.B: "SELECT 1" für mySQL ++ "select 1 from dual" für OracleDB) ++ ++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth ++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties ++ a.) configuration.dbcp.validationQuery=..... (SQL Query zum ++ Validieren der Datenbankverbindung ++ z.B: "SELECT 1" für mySQL ++ "select 1 from dual" für OracleDB) ++ ++8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.1 Durchführung eines Updates von Version 3.0.0 auf Version 3.0.2 ++............................................................................... ++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war ++ als auch das komplette Verzeichnis moa-id-auth. ++ ++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Update der TrustStores für WebService Zugriffe. ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs. ++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded. ++ ++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der ++ MOA-ID-Configuration Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties ++ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der ++ Datenbankverbindung ++ z.B: "SELECT 1" für mySQL ++ "select 1 from dual" für OracleDB) ++ ++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth ++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties ++ a.) configuration.dbcp.validationQuery=..... (SQL Query zum ++ Validieren der Datenbankverbindung ++ z.B: "SELECT 1" für mySQL ++ "select 1 from dual" für OracleDB) ++ ++9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++............................................................................... ++B.2 Durchführung eines Updates von Version 2.2.1 auf Version 3.0.2 ++............................................................................... ++ ++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und ++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth ++ und das komplette Verzeichnis moa-id-configuration. ++ ++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis ++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++7. Update des Cert-Stores. ++ Kopieren Sie den Inhalt des Verzeichnisses ++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie ++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann ++ bejahen sie das. ++ ++8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen ++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile ++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b). ++ ++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: ++ ++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. ++ 2) Kopieren Sie das Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss. ++ ++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie ++ folgt vor, um die Profile auf den aktuellen Stand zu bringen: ++ ++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den ++ entsprechenden Profilen im Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren ++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt ++ der einzelnen Profile aus der Distribution ++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden ++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) ++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate ++ überschreiben), also z.B: Kopieren des Inhalts von ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach ++ CATALINA_HOME\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. ++ ++9. Update der Default html-Templates für die Bürgerkartenauswahl. ++ ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. ++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates ++ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. ++ ++10. Update der STORK Konfiguration ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. ++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> ++ 2.4 Konfiguration des SamlEngines an. ++ ++11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id\moa-id.properties ++ ++12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties ++ ++13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration ++ CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties ++ ++14. Update der Tomcat Start-Skripts: ++ - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen ++ nur als URI (file:/...) übergeben werden. ++ ++15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1 ++............................................................................... ++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und ++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth ++ und das komplette Verzeichnis moa-id-configuration. ++ ++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Update des Cert-Stores. ++ Kopieren Sie den Inhalt des Verzeichnisses ++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie ++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann ++ bejahen sie das. ++ ++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen ++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile ++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b). ++ ++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: ++ ++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. ++ 2) Kopieren Sie das Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss. ++ ++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie ++ folgt vor, um die Profile auf den aktuellen Stand zu bringen: ++ ++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den ++ entsprechenden Profilen im Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren ++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt ++ der einzelnen Profile aus der Distribution ++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden ++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) ++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate ++ überschreiben), also z.B: Kopieren des Inhalts von ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach ++ CATALINA_HOME\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. ++ ++8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++............................................................................... ++B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0 ++............................................................................... ++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und ++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth ++ und das komplette Verzeichnis moa-id-configuration. ++ ++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis ++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. ++ ++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++8. Kopieren der folgenden Dateien: ++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der ++ Datei bevor Sie diese durch die neue Version ersetzen. ++ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> ++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ++ b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml -> ++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ++ ++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks ++ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. ++ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell ++ verwendeten KeyStore ab. ++ ++10. Update des Cert-Stores. ++ Kopieren Sie den Inhalt des Verzeichnisses ++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie ++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann ++ bejahen sie das. ++ ++11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen ++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile ++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b). ++ ++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: ++ ++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. ++ 2) Kopieren Sie das Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss. ++ ++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie ++ folgt vor, um die Profile auf den aktuellen Stand zu bringen: ++ ++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den ++ entsprechenden Profilen im Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren ++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt ++ der einzelnen Profile aus der Distribution ++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden ++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) ++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate ++ überschreiben), also z.B: Kopieren des Inhalts von ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach ++ CATALINA_HOME\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. ++ ++ ++12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++............................................................................... ++B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2 ++............................................................................... ++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und ++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth ++ und das komplette Verzeichnis moa-id-configuration. ++ ++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis ++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. ++ ++5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das ++ Verzeichnis CATALINA_HOME_ID\endorsed ++ ++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++8. Kopieren der folgenden Dateien ++ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml -> ++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der ++ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. ++ ++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks ++ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt. ++ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell ++ verwendeten KeyStore ab. ++ ++10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1 ++............................................................................... ++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis ++ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. ++ ++4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das ++ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr ++ unterstuetzt). ++ ++5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als ++ auch das komplette Verzeichnis moa-id-auth. ++ ++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der ++ MOA-ID-Configuration Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties ++ a.) general.moaconfig.key=..... (Passwort zum Ver- und ++ Entschlüsseln von Konfigurationsparametern in der Datenbank) ++ ++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth ++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties ++ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und ++ Entschlüsseln von Konfigurationsparametern in der Datenbank) ++ ++10. Kopieren der folgenden Dateien ++ a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> ++ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html ++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der ++ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen. ++ ++11. Update des Cert-Stores. ++ Kopieren Sie den Inhalt des Verzeichnisses ++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie ++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann ++ bejahen sie das. ++ ++12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen ++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile ++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b). ++ ++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: ++ ++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. ++ 2) Kopieren Sie das Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss. ++ ++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie ++ folgt vor, um die Profile auf den aktuellen Stand zu bringen: ++ ++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den ++ entsprechenden Profilen im Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren ++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt ++ der einzelnen Profile aus der Distribution ++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden ++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) ++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate ++ überschreiben), also z.B: Kopieren des Inhalts von ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach ++ CATALINA_HOME\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. ++ ++13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0 ++............................................................................... ++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als ++ auch das komplette Verzeichnis moa-id-auth. ++ ++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Update der STORK Konfiguration ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. ++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> ++ 2.4 Konfiguration des SamlEngines an. ++ ++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties ++ a.) general.ssl.certstore=certs/certstore ++ b.) general.ssl.truststore=certs/truststore ++ ++8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs ++ nach CATALINA_HOME\conf\moa-id-configuration\ ++ ++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar. ++ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion ++ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password ++ ++10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/ ++ nach CATALINA_HOME\conf\moa-id\ ++ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\ ++ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html -> ++ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html ++ ++11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen ++ zwei Varianten zur Verfügung. ++ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth ++ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile ++ moasession.hibernate.hbm2ddl.auto=update ++ zu ++ moasession.hibernate.hbm2ddl.auto=create ++ Danach werden die Tabellen beim nächsten Startvorgang neu generiert. ++ ++ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson ++ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert. ++ ++12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1 ++............................................................................... ++ ++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. ++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. ++ ++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST ++ bezeichnet. ++ Für MOA ID Proxy: ++ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in ++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST ++ bezeichnet. ++ ++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth ++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, ++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation ++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als ++ auch das komplette Verzeichnis moa-id-auth. ++ ++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach ++ CATALINA_HOME_ID/webapps. ++ ++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach ++ CATALINA_HOME_ID/webapps. ++ ++6. Update des Cert-Stores. ++ Kopieren Sie den Inhalt des Verzeichnisses ++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie ++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann ++ bejahen sie das. ++ ++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen ++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile ++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b). ++ ++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen: ++ ++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles. ++ 2) Kopieren Sie das Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis ++ CATALINA_HOME\conf\moa-spss. ++ ++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie ++ folgt vor, um die Profile auf den aktuellen Stand zu bringen: ++ ++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den ++ entsprechenden Profilen im Verzeichnis ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren ++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt ++ der einzelnen Profile aus der Distribution ++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden ++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) ++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate ++ überschreiben), also z.B: Kopieren des Inhalts von ++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach ++ CATALINA_HOME\conf\moa-spss\trustProfiles\ ++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. ++ ++8. Update der Default html-Templates für die Bürgerkartenauswahl. ++ ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates. ++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates ++ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. ++ ++9. Update der STORK Konfiguration ++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork ++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork. ++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration -> ++ 2.4 Konfiguration des SamlEngines an. ++ ++10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei ++ CATALINA_HOME\conf\moa-id\moa-id.properties ++ ++ a.) configuration.validation.certificate.QC.ignore=false ++ b.) protocols.pvp2.assertion.encryption.active=false ++ ++11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im ++ Logging von MOA ID beim Einlesen der Konfiguration. ++ ++ ++............................................................................... ++B.6 Durchführung eines Updates von Version <= 1.5.1 ++............................................................................... ++ ++Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen ++Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter ++Zuhilfenahme Ihrer bisherigen Konfiguration an. ++ +diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html +index 6f6d13d..4eb5ea2 100644 +--- a/id/server/doc/handbook/config/config.html ++++ b/id/server/doc/handbook/config/config.html +@@ -259,6 +259,13 @@ UNIX: -Duser.properties=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id-config + moaconfigpassword + Passwort für den Zugriff auf das Datenbank Schema + ++ ++

dbcp.validationQuery

++ SELECT 1 ++

SQL Query zum Validieren der Datenbank Verbindung

++

mySQL: SELECT 1

++

Oracle: select 1 from dual

++ + +

 

+

Die Beispielkonfiguration beinhaltet noch zusätzliche Konfigurationsparameter für den Datenbankzugriff welche direkt aus der Beispielkonfiguration übernommen werden können. Eine detaillierte Beschreibung der einzelnen Einstellungsparameter kann der Hibernate Dokumention entnommen werden.

+@@ -612,10 +619,17 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet + Benutzername für den Zugriff auf das Datenbank Schema + + +-

configuration.hibernate.connection.password

++ configuration.hibernate.connection.password + moaconfigpassword + Passwort für den Zugriff auf das Datenbank Schema + ++ ++

configuration.dbcp.validationQuery

++ SELECT 1 ++

SQL Query zum Validieren der Datenbank Verbindung

++

mySQL: SELECT 1

++

Oracle: select 1 from dual

++ + +

 

+
2.2.2.4.2 Session Informationen
+diff --git a/pom.xml b/pom.xml +index cdffb90..3e7e4ea 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -22,12 +22,12 @@ + --> + + +- 3.0.1-Snapshot +- 3.0.2-Snapshot ++ 3.0.2 ++ 3.0.2 + 2.0.1-Snapshot +- 2.0.5-Snapshot +- 2.0.1-Snapshot +- 2.0.5-Snapshot ++ 2.0.5 ++ 2.0.2 ++ 2.0.5 + + + 4.1.6.RELEASE +@@ -236,7 +236,7 @@ + + + +- --> ++ --> + + + +-- +1.9.5.msysgit.0 + diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd new file mode 100644 index 000000000..4af373cf0 --- /dev/null +++ b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd new file mode 100644 index 000000000..42a96b78c --- /dev/null +++ b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + Please first try to use the CriteriaList before doing the OtherCriteria extension point. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd new file mode 100644 index 000000000..fb1852ec0 --- /dev/null +++ b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java index ece1a805d..acbb67b34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java @@ -27,6 +27,7 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.ws.message.MessageContext; import org.opensaml.ws.message.encoder.MessageEncodingException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; /** @@ -45,6 +46,9 @@ public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder "Invalid message context type, this encoder only support SAMLMessageContext"); } + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; String endpointURL = getEndpointURL(samlMsgCtx).buildURL(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 5402e3dce..65400444d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; @@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -74,6 +76,9 @@ public class PostBinding implements IDecoder, IEncoder { X509Credential credentials = CredentialProvider .getIDPAssertionSigningCredential(); + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); HTTPPostEncoder encoder = new HTTPPostEncoder(engine, "resources/templates/pvp_postbinding_template.html"); @@ -109,6 +114,9 @@ public class PostBinding implements IDecoder, IEncoder { X509Credential credentials = CredentialProvider .getIDPAssertionSigningCredential(); + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + Logger.debug("create SAML POSTBinding response"); VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 81863f48f..9a505a7b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; @@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; @@ -73,6 +75,9 @@ public class RedirectBinding implements IDecoder, IEncoder { X509Credential credentials = CredentialProvider .getIDPAssertionSigningCredential(); + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + Logger.debug("create SAML RedirectBinding response"); HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); @@ -103,6 +108,9 @@ public class RedirectBinding implements IDecoder, IEncoder { X509Credential credentials = CredentialProvider .getIDPAssertionSigningCredential(); + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + Logger.debug("create SAML RedirectBinding response"); HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index a2583c706..fee508d33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; import org.opensaml.saml2.core.RequestAbstractType; @@ -48,6 +49,7 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; @@ -130,6 +132,9 @@ public class SoapBinding implements IDecoder, IEncoder { Credential credentials = CredentialProvider .getIDPAssertionSigningCredential(); + //load default PVP security configurations + MOADefaultBootstrap.initializeDefaultPVPConfiguration(); + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java index 80789cd12..b731e2a95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java @@ -50,7 +50,10 @@ public class MOADefaultBootstrap extends DefaultBootstrap { } - + public static void initializeDefaultPVPConfiguration() { + initializeGlobalSecurityConfiguration(); + + } /** * Initializes the default global security configuration. diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar new file mode 100644 index 000000000..d53fcb398 Binary files /dev/null and b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar differ diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom new file mode 100644 index 000000000..21a800dd7 --- /dev/null +++ b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom @@ -0,0 +1,8 @@ + + + 4.0.0 + iaik + iaik_eccelerate + 2.51 + POM was created by Sonatype Nexus + \ No newline at end of file -- cgit v1.2.3 From 78c50331e83269f25286e172fdfd4f8ae32c8633 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jan 2016 09:28:59 +0100 Subject: fix problem with eIDAS QAA to STORK QAA mapping --- .../src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java index d0da0003f..099a70470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java @@ -102,7 +102,7 @@ public class PVPtoSTORKMapper { public String mapeIDASQAAToSTORKQAA(String qaaLevel) { if (mapping != null) { String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length()); - String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input); + String mappedQAA = mapping.getProperty(input); if (MiscUtil.isNotEmpty(mappedQAA)) { Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA); return mappedQAA; -- cgit v1.2.3