From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 09:17:57 +0100 Subject: refactor the GUI generation for user interaction --- .../resources/properties/id_messages_de.properties | 1 + .../resources/resources/templates/css_template.css | 623 --------------------- .../resources/templates/error_message.html | 37 -- .../resources/templates/javascript_tempalte.js | 196 ------- .../resources/templates/loginFormFull.html | 92 --- .../resources/templates/redirectForm.html | 13 - .../resources/templates/sendAssertionFormFull.html | 68 --- .../resources/templates/slo_template.html | 94 ---- .../resources/templates/sso_transfer_template.html | 59 -- 9 files changed, 1 insertion(+), 1182 deletions(-) delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/css_template.css delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/error_message.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/slo_template.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 34ef9c1d0..86aa13fb8 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -106,6 +106,7 @@ builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufge builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen. builder.07=Fehlerhaftes SecurityLayer Template. builder.08=Authentication process could NOT completed. Reason: {0} +builder.09=Can not build GUI component. Reason: {0} service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint diff --git a/id/server/idserverlib/src/main/resources/resources/templates/css_template.css b/id/server/idserverlib/src/main/resources/resources/templates/css_template.css deleted file mode 100644 index 4a771fcac..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/css_template.css +++ /dev/null @@ -1,623 +0,0 @@ -@charset "utf-8"; - @media screen and (min-width: 650px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - text-align: center; - background-color: #6B7B8B; - } - - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU p { - font-size: 0.7em; - } - - #localBKU input{ - font-size: 0.85em; - /*border-radius: 5px;*/ - } - - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /*border-radius: 7px;*/ - margin-bottom: 25px; - min-width: 80px; - } - - #mandateLogin { - font-size: 0.85em; - } - - #bku_header h2 { - font-size: 0.8em; - } - - - #page { - display: block; - border: 2px solid rgb(0,0,0); - width: 650px; - height: 460px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255,255,255); - } - - #page1 { - text-align: center; - } - - #main { - /* clear:both; */ - position:relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - - #leftcontent { - /*float:left; */ - width:250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0,0,0); - } - - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - - #leftcontent { - width: 300px; - margin-top: 30px; - } - - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - - #bkulogin { - overflow:hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - - h2#tabheader{ - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - - #stork h2 { - font-size: 1.0em; - margin-bottom: 2%; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - - #leftbutton { - width: 30%; - float:left; - margin-left: 40px; - } - - #rightbutton { - width: 30%; - float:right; - margin-right: 45px; - text-align: right; - } - - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - - - - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } - - } - - @media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - - #bkuselectionarea input[type=button] { - font-size: 0.7em; - min-width: 55px; - /*min-height: 1.1em; - border-radius: 5px;*/ - margin-bottom: 2% - } - - #mandateLogin { - font-size: 0.65em; - } - - #bku_header h2 { - font-size: 0.8em; - margin-top: -0.4em; - padding-top: 0.4em; - } - - #bkulogin { - min-height: 150px; - } - } - - @media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button] { - font-size: 0.75em; - min-width: 60px; - /* min-height: 0.95em; - border-radius: 6px; */ - margin-bottom: 5% - } - - #mandateLogin { - font-size: 0.75em; - } - - #bku_header h2 { - font-size: 0.9em; - margin-top: -0.45em; - padding-top: 0.45em; - } - - #bkulogin { - min-height: 180px; - } - } - - @media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /* min-height: 1.05em; - border-radius: 7px; */ - margin-bottom: 10%; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.0em; - margin-top: -0.50em; - padding-top: 0.50em; - } - } - - @media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button] { - font-size: 0.9em; - /* min-height: 1.2em; - border-radius: 8px; */ - margin-bottom: 10%; - max-width: 80px; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.1em; - margin-top: -0.55em; - padding-top: 0.55em; - } - } - - @media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button] { - font-size: 1.0em; - /* min-height: 1.3em; - border-radius: 10px; */ - margin-bottom: 10%; - max-width: 85px; - } - - #mandateLogin { - font-size: 1.2em; - } - - #bku_header h2 { - font-size: 1.3em; - margin-top: -0.65em; - padding-top: 0.65em; - } - } - - - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #page { - visibility: hidden; - margin-top: 0%; - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - #validation { - visibility: hidden; - display: none; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - - } - - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - - h2#tabheader{ - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - - #stork h2 { - font-size: 0.9em; - margin-bottom: 2%; - } - - #bkulogin { - min-width: 190px; - min-height: 155px; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - input[type=button] { -/* height: 11%; */ - width: 70%; - } - } - - * { - margin: 0; - padding: 0; - font-family: #FONTTYPE#; - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } - - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } - - #stork { - /*margin-bottom: 10px;*/ - /* margin-top: 5px; */ - } - - #mandateLogin { - padding-bottom: 4%; - padding-top: 4%; - height: 10%; - position: relative; - text-align: center; - } - - .verticalcenter { - vertical-align: middle; - } - - #mandateLogin div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; - } - - #bkuselectionarea { - position: relative; - display: block; - } - - #localBKU { - padding-bottom: 4%; - /*padding-top: 4%;*/ - position: relative; - clear: both; - text-align: center; - } - - #bkukarte { - float:left; - text-align:center; - width:40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; - } - - #bkuhandy { - float:right; - text-align:center; - width:40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; - } - - .bkuimage { - width: 90%; - height: auto; - } - - #mandate{ - text-align:center; - padding : 5px 5px 5px 5px; - } - -/* input[type=button], .sendButton { - background: #BUTTON_BACKGROUNDCOLOR#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: 3px 3px 3px #222222; */ -/* } - -/* button:hover, button:focus, button:active, - .sendButton:hover , .sendButton:focus, .sendButton:active, - #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { - background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: -1px -1px 3px #222222; */ -/* } - -*/ - input { - /*border:1px solid #000;*/ - cursor: pointer; - } - - #localBKU input { -/* color: #BUTTON_COLOR#; */ - /*border: 0px;*/ - display: inline-block; - - } - - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - /*text-decoration: underline;*/ - } - - #installJava, #BrowserNOK { - clear:both; - font-size:0.8em; - padding:4px; - } - - .selectText{ - - } - - .selectTextHeader{ - - } - - .sendButton { - width: 30%; - margin-bottom: 1%; - } - - #leftcontent a { - text-decoration:none; - color: #000; - /* display:block;*/ - padding:4px; - } - - #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { - text-decoration:underline; - color: #000; - } - - .infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; - } - - .hell { - background-color : #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; - } - - .dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; - } - - .main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; - - } - - #ssoSessionTransferBlock { - font-size: 0.8em; - margin-left: 5px; - margin-bottom: 5px; - } - - #alert_area { - width: 500px; - padding-left: 80px; - } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html deleted file mode 100644 index 4fd4d63cd..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - An error arise ... - - - -
-
-

Authentication error arise

- - - - - -
-

The authentication stops on account of a process error:

-
-

Error Code: $errorCode

-

Error Message:$errorMsg

-
- - - #if($stacktrace) -
-

Stacktrace: $stacktrace

-
- #end - - - -
-
- - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js b/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js deleted file mode 100644 index ae621f0cb..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js +++ /dev/null @@ -1,196 +0,0 @@ -function isIE() { - return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); - } - function isFullscreen() { - try { - return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); - } catch (e) { - return false; - } - } - function isActivexEnabled() { - var supported = null; - try { - supported = !!new ActiveXObject("htmlfile"); - } catch (e) { - supported = false; - } - return supported; - } - function isMetro() { - if (!isIE()) - return false; - return !isActivexEnabled() && isFullscreen(); - } - window.onload=function() { - document.getElementById("localBKU").style.display="block"; - return; - } - function bkuLocalClicked() { - setMandateSelection(); - } - - function bkuOnlineClicked() { - if (isMetro()) - document.getElementById("metroDetected").style.display="block"; - document.getElementById("localBKU").style.display="block"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&pendingid=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function bkuHandyClicked() { - document.getElementById("localBKU").style.display="none"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#HANDY#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&pendingid=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function storkClicked() { - document.getElementById("localBKU").style.display="none"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var ccc = "AT"; - var countrySelection = document.getElementById("cccSelection"); - if (countrySelection != null) { - ccc = document.getElementById("cccSelection").value; - } - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&CCC=" + ccc; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&pendingid=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function generateIFrame(iFrameURL) { - var el = document.getElementById("bkulogin"); - var width = el.clientWidth; - var heigth = el.clientHeight - 20; - var parent = el.parentNode; - - iFrameURL += "&heigth=" + heigth; - iFrameURL += "&width=" + width; - - var iframe = document.createElement("iframe"); - iframe.setAttribute("src", iFrameURL); - iframe.setAttribute("width", el.clientWidth - 1); - iframe.setAttribute("height", el.clientHeight - 1); - iframe.setAttribute("frameborder", "0"); - iframe.setAttribute("scrolling", "no"); - iframe.setAttribute("title", "Login"); - parent.replaceChild(iframe, el); - } - function setMandateSelection() { - document.getElementById("useMandate").value = "false"; - var checkbox = document.getElementById("mandateCheckBox"); - if (checkbox != null) { - if (document.getElementById("mandateCheckBox").checked) { - document.getElementById("useMandate").value = "true"; - } - } - } - function onChangeChecks() { - if (self.innerWidth < 650) { - document.getElementById("moaidform").setAttribute("target","_parent"); - } else { - document.getElementById("moaidform").removeAttribute("target"); - } - - } - - function checkIfBrowserSupportsJava(){ - console.log("Browser is Chrome: "+checkIfBrowserIsChrome()); - console.log("Browser is Safari: "+checkIfBrowserIsSafari()); - console.log("Browser is Edge: "+checkIfBrowserIsEdge()); - - var cnt = 0; - - if(checkIfBrowserIsChrome())cnt++; - if(checkIfBrowserIsEdge())cnt++; - if(checkIfBrowserIsSafari())cnt++; - - if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection - return true; - - var image = document.getElementById("bkuimage"); - var srcatt = image.getAttribute("src"); - var last = srcatt.substring(srcatt.lastIndexOf('/')+1); - srcatt = srcatt.replace(last,'online-bku-deactivated.png'); - image.setAttribute("src",srcatt); - - - var button = document.getElementsByName("bkuButtonOnline")[0]; - button.setAttribute("class","browserInfoButton"); - button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen."); - button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');"); - - return false; - - } - function checkIfBrowserIsChrome(){ - var chrome_defined = !!window.chrome;//chrome object defined - var webstore_defined = false; - if(window.chrome){ - webstore_defined = !!window.chrome.webstore; - } - return chrome_defined && webstore_defined; - } - function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp - var chrome_defined = !!window.chrome;//chrome object defined - var webstore_defined = true; - if(window.chrome){ - webstore_defined = !!window.chrome.webstore; - } - return chrome_defined && !webstore_defined; - } - function checkIfBrowserIsSafari(){ - var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0; - return cond1; - } -/* function setSSOSelection() { - document.getElementById("useSSO").value = "false"; - var checkbox = document.getElementById("SSOCheckBox"); - if (checkbox != null) { - if (document.getElementById("SSOCheckBox").checked) { - document.getElementById("useSSO").value = "true"; - } - } - } */ - -/* function checkMandateSSO() { - var sso = document.getElementById("SSOCheckBox"); - var mandate = document.getElementById("mandateCheckBox"); - - - if (sso.checked && mandate.checked) { - alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") - mandate.checked = false; - sso.checked = false; - return true; - } else { - return false; - } - } */ \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html deleted file mode 100644 index 53d04c282..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ /dev/null @@ -1,92 +0,0 @@ - - - - - - - - - - - - -Anmeldung mittels Bürgerkarte oder Handy-Signatur - - -
-
-

Anmeldung an: #OAName#

-
-
-
-

#HEADER_TEXT#

-
-
-
-
- - - -
-
-
-
- OnlineBKU -
-
- HandyBKU -
-
-
-
- - -
-
- - - - -
-

Home Country Selection

-

- - - i -

-
- - -
-
-
-
-
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html deleted file mode 100644 index 9bddee931..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - CLICK to perform a - redirect back to Online Application - - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html deleted file mode 100644 index ecda6550b..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - Anmeldung an Online-Applikation - - - - -
- -
- - - -
-
-
-

- Anmeldeinformationen: -

-
- -
-

Anmeldung an: #OAName#

- - -
-
- - - - - -
-
-
-
- - - - - -
-
- -
-
-
-
- -
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html deleted file mode 100644 index b3eb18082..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - #if($timeoutURL) - - #end - - Single LogOut Vorgang ... - - -#if($timeoutURL) - -#else - -#end - - -
-
-

MOA-ID Single LogOut Information

-
-
- - #if($errorMsg) -
-

$errorMsg

-
- #end - - #if($successMsg) -
-

$successMsg

-
- #end - - #if($redirectURLs) -
-

- Sie werden von allen Online-Applikationen abgemeldet.
- Dieser Vorgang kann einige Zeit in Anspruch nehmen. -

-
- #end - -
-
-
- -
- - - #foreach( $el in $redirectURLs ) - - #end - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html b/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html deleted file mode 100644 index e9c2fae76..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - - Single Sign-On Session Transfer - - - - - -
-
-

MOA-ID Single Sign-On Session Transfer Service

-
-
- - #if($errorMsg) -
-

$errorMsg

-
- #end - - #if($successMsg) -
-

$successMsg

-
- #end - - #if($QRImage) -
- -
- #end - -
-
-
- -
- - - \ No newline at end of file -- cgit v1.2.3 From 6701d8aaca715133cfa9d7764eb2f1ed163dfce9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 14:14:24 +0100 Subject: update statuscodes and revisionslog codes --- .../conf/moa-id/htmlTemplates/css_template.css | 43 +++++++++++- .../conf/moa-id/htmlTemplates/loginFormFull.html | 4 +- id/server/doc/handbook/additional/additional.html | 25 +++++++ id/server/doc/handbook/protocol/protocol.html | 45 +++++++++++-- .../resources/properties/id_messages_de.properties | 1 - .../protocol_response_statuscodes_de.properties | 45 ++++++------- .../src/main/resources/templates/css_template.css | 43 +++++++++++- .../templates/mandate-service-selection.html | 76 ++++++++++++++-------- 8 files changed, 222 insertions(+), 60 deletions(-) (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css index a8735be60..32b9dee12 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -59,7 +59,7 @@ /* clear:both; */ position:relative; margin: 0 auto; - width: 250px; + /*width: 250px;*/ text-align: center; } @@ -85,7 +85,8 @@ #leftcontent { width: 300px; - margin-top: 30px; + /*margin-top: 30px;*/ + margin: auto; } #bku_header { @@ -622,4 +623,42 @@ #alert_area { width: 500px; padding-left: 80px; + } + + #processInfoArea { + margin-bottom: 15px; + margin-top: 15px; + } + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + .processSelectionButtonArea { + float: none; + margin-bottom: 20px; + height: 35px; + } + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 30px; + width: 200px; + float: right; + border-style: solid; + border-bottom-width: 2px; + border-right-width: 2px; + border-left-width: 1px; + border-top-width: 1px; + border-color: #000000; + } + .buttonDescription { + float: left; + margin-left: 10px; + padding-top: 4px; + text-align: left; + width: 330px; + } + #processContent { + margin-top: 25px; } \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 02b86472b..983e8b544 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -63,9 +63,9 @@ - +

Home Country Selection

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index fb9735990..cbf4a50c9 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -520,6 +520,31 @@

baseID

Stammzahl der vertretenen juristischen Person

+ +   +   +   + + + 6000 + ReferenceID des Vollmachtensystems + externes Vollmachten Service kontaktiert + + + 6001 +   + gültige Vollmacht vom externen Vollmachten Service verarbeitet + + + 6002 +   + Fehler vom externen Vollmachten Service verarbeitet + + + 6003 + IP Adresse + IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat +

 

Einzelne Events werden um einen Transaktionsparameter ergänzt, welcher in der Spalte Wert beschrieben ist.
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index a3a06bc6d..3b31dbfc0 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -559,6 +559,10 @@ Redirect Binding 1007 Vollmachtsmodus für ausländische Personen wird nicht unterstützt. + + 1008 + Es konnten nicht alle minimal erforderlichen Identifikations- oder Authentifikationsmerkmale ermittelt werden. +

1.3.1.2 Validierung (11xxx)
@@ -691,24 +695,51 @@ Redirect Binding
1.3.2.4 MOA SP/SS(43xxx)
- - + +
StatuscodeBeschreibungStatuscodeBeschreibung
4300 Fehler beim Aufruf von MOA SP/SS
-
1.3.2.5 Interfederation (44xxx)
+
1.3.2.5 Interfederation (44xx)
- - + + + + + + +
StatuscodeBeschreibungStatuscodeBeschreibung
4400 Fehler beim Generieren der Anmeldedaten
4401Die Verwendung des angeforderten federated IDP ist nicht erlaubt
+
1.3.2.6 Attributprovider (45xx)
+ + + + + + + + + + + + + + + + + + + + +
StatuscodeBeschreibung
4500Der Zugriff auf einen Attributprovider ist nicht erlaubt
4501Die Requestgenerierung für den Zugriff auf den Attributprovider schlug fehl
4502Die Response vom Attributeprovider ist ungültig oder nicht errlaubt
4503Die Response vom Attributeprovider beinhaltet einen Fehlercode

1.3.3 Statuscodes 6xxxx

Alles Statuscodes beginnend mit der Zahl sechs beschreiben protokollspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.

@@ -843,6 +874,10 @@ Redirect Binding 9103 Fehler bei der Verarbeitung eines Templates + + 9104 + Fehler bei der Auswahl oder Initialisierung des gewünschten Anmeldeprozesses + 9199 Allgemeiner interner Fehler diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 86aa13fb8..c47ec2477 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -118,7 +118,6 @@ service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service service.07=Der SZR-Gateway ist unter {0} nicht erreichbar. service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen. service.09=Der SZR-Gateway Client konnte nicht initialisiert werden. - service.10=Die Verwendung des Service {0} ist nicht m\u00f6glich. Ursache: {1} cleaner.00=AuthenticationSessionCleaner wurde gestartet diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 27070cc84..581037a29 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -28,10 +28,10 @@ auth.27=4401 auth.28=1100 auth.29=4401 auth.30=1110 -auth.31=TODO -auth.32=TODO -auth.33=TODO -auth.34=TODO +auth.31=4400 +auth.32=4401 +auth.33=4401 +auth.34=4401 init.00=9199 init.01=9199 @@ -85,7 +85,8 @@ builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus die builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. builder.06=4400 builder.07=9002 -builder.08=TODO +builder.08=1008 +builder.09=9103 service.00=4300 service.03=4300 @@ -96,23 +97,23 @@ service.07=4200 service.08=4201 service.09=9007 -service.10=TODO +service.10=4500 -process.01=TODO -process.02=TODO +process.01=9104 +process.02=9104 -sp.pvp2.00=TODO -sp.pvp2.01=TODO -sp.pvp2.02=TODO -sp.pvp2.03=TODO -sp.pvp2.04=TODO -sp.pvp2.05=TODO -sp.pvp2.06=TODO -sp.pvp2.07=TODO -sp.pvp2.08=TODO -sp.pvp2.09=TODO -sp.pvp2.10=TODO -sp.pvp2.11=TODO +sp.pvp2.00=4501 +sp.pvp2.01=4501 +sp.pvp2.02=4501 +sp.pvp2.03=4502 +sp.pvp2.04=4502 +sp.pvp2.05=4503 +sp.pvp2.06=4502 +sp.pvp2.07=4502 +sp.pvp2.08=4502 +sp.pvp2.09=4503 +sp.pvp2.10=4502 +sp.pvp2.11=4502 validator.00=1102 validator.01=1102 @@ -182,8 +183,8 @@ validator.69=1106 validator.70=1106 validator.71=1105 -validator.72=TODO -validator.73=TODO +validator.72=1105 +validator.73=4500 ssl.01=1107 diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css index a8735be60..32b9dee12 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css @@ -59,7 +59,7 @@ /* clear:both; */ position:relative; margin: 0 auto; - width: 250px; + /*width: 250px;*/ text-align: center; } @@ -85,7 +85,8 @@ #leftcontent { width: 300px; - margin-top: 30px; + /*margin-top: 30px;*/ + margin: auto; } #bku_header { @@ -622,4 +623,42 @@ #alert_area { width: 500px; padding-left: 80px; + } + + #processInfoArea { + margin-bottom: 15px; + margin-top: 15px; + } + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + .processSelectionButtonArea { + float: none; + margin-bottom: 20px; + height: 35px; + } + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 30px; + width: 200px; + float: right; + border-style: solid; + border-bottom-width: 2px; + border-right-width: 2px; + border-left-width: 1px; + border-top-width: 1px; + border-color: #000000; + } + .buttonDescription { + float: left; + margin-left: 10px; + padding-top: 4px; + text-align: left; + width: 330px; + } + #processContent { + margin-top: 25px; } \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html index a9f0c4238..b0be4a475 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html @@ -17,36 +17,60 @@
-
-
-

- Anmeldeinformationen: -

-
+ +
+
+

+ Anmeldeinformationen: +

+
-
-

Anmeldung an: $OAName

- - -
-
- - - -
-
-
+
+

Anmeldung an: $OAName

+ + +
+

Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.

+
+ +
+
+
+ + + +
+
+

Eltern-Kind Vertretung

+
+
+
+
+ + + +
+
+

Vollmachtenservice der Österreichischen Datenschutzbehörde (MMS Service)

+
+
+
- - - -
-
- -
+ + + +
+

Den Anmeldevorgang abbrechen

+
+
+
+ +
+
+ +
- -- cgit v1.2.3 From 20afefb3ffcfd9381c286653f310fbc3b989c512 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 10:56:30 +0100 Subject: fix some problems with logging and error codes --- id/server/doc/handbook/protocol/protocol.html | 8 ++++++++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 17 +++++++++++++---- .../pvp2x/signer/AbstractCredentialProvider.java | 19 ++++++++++--------- .../signer/CredentialsNotAvailableException.java | 5 +++++ .../resources/properties/id_messages_de.properties | 3 +++ .../protocol_response_statuscodes_de.properties | 7 ++++++- .../tasks/ReceiveElgaMandateResponseTask.java | 14 +++++++++++--- 7 files changed, 56 insertions(+), 17 deletions(-) (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 3b31dbfc0..8e0260a38 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -851,6 +851,14 @@ Redirect Binding 9007 Der SZR-Gateway Client konnte nicht initialisiert werden. + + 9008 + Fehler beim Verarbeiten eines Konfigurationsparameters. + + + 9099 + Allgemeiner Konfigurationsfehler +
1.3.4.2 Interne Fehler (91xxx)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 2cb62b993..bca080ba6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -203,12 +203,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (MOAIDException e) { + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -254,11 +257,14 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -304,12 +310,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - + + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java index 4c9a1e59f..bf4cfd480 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java @@ -121,15 +121,15 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); } return credentials; } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -146,8 +146,8 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); } @@ -155,7 +155,7 @@ public abstract class AbstractCredentialProvider { } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -177,16 +177,17 @@ public abstract class AbstractCredentialProvider { if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); } return (X509Credential) credentials; + } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java index 1e1c37621..85de666c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -31,6 +31,11 @@ public class CredentialsNotAvailableException extends MOAIDException { super(messageId, parameters); } + public CredentialsNotAvailableException(String messageId, + Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + /** * */ diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index c47ec2477..9986d5679 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -87,6 +87,7 @@ config.23=Fehler beim initialisieren von OpenSAML config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix. config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. config.26=Federated IDP {0} contains no AttributeQuery URL. +config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} @@ -279,6 +280,7 @@ pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden. pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}). pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten. +pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}). ##add status codes!!!! @@ -294,6 +296,7 @@ sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not val sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4} sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included. sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED. +sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1} oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 581037a29..f97ebeeca 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -66,7 +66,8 @@ config.22=9008 config.23=9199 config.24=9199 config.25=9199 -config.26=TODO +config.26=9099 +config.27=9008 parser.00=1101 parser.01=1101 @@ -114,6 +115,7 @@ sp.pvp2.08=4502 sp.pvp2.09=4503 sp.pvp2.10=4502 sp.pvp2.11=4502 +sp.pvp2.12=4502 validator.00=1102 validator.01=1102 @@ -222,6 +224,9 @@ pvp2.17=6102 pvp2.20=6103 pvp2.21=6104 pvp2.22=6105 +pvp2.23=6105 +pvp2.24=6105 + oauth20.01=6200 oauth20.06=1000 diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index f976793b8..c2ca69238 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -179,12 +179,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { String samlRequest = request.getParameter("SAMLRequest"); Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); - throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e); + throw new TaskExecutionException(pendingReq, + "Receive INVALID PVP Response from ELGA mandate-service", + new AuthnResponseValidationException("sp.pvp2.12", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); } catch (IOException | MarshallingException | TransformerException e) { Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); - throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e); + throw new TaskExecutionException(pendingReq, + "Processing PVP response from ELGA mandate-service FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); } catch (CredentialsNotAvailableException e) { Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e); @@ -195,7 +203,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); - + } catch (Exception e) { Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage()); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); -- cgit v1.2.3 From 328c1dc9f22623f6e7cdf1c23dd104c10011ee91 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 12:00:33 +0100 Subject: add missing PVP attribute 'mandate-type-oid' --- .../attributes/MandateTypeOIDAttributeBuilder.java | 59 ++++++++++++++++++++++ .../moa/id/protocols/pvp2x/PVPConstants.java | 5 ++ ....protocols.builder.attributes.IAttributeBuilder | 1 + 3 files changed, 65 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java new file mode 100644 index 000000000..80d330172 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java @@ -0,0 +1,59 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_TYPE_OID_NAME; + } + + public ATT build(IOAAuthParameters oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeException { + if (authData.isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); + + if (MiscUtil.isEmpty(mandateType)) { + Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); + return null; + + } + + return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); + } + return null; + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index c2b61aaa7..eaddd0789 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -190,6 +190,11 @@ public interface PVPConstants { public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; public static final int MANDATE_TYPE_MAX_LENGTH = 256; + public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106"; + public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID; + public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID"; + public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256; + public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder index 8e5d6ee3c..d40be32f5 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder @@ -26,6 +26,7 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescAttribut at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey -- cgit v1.2.3 From f1c588836f613209984c15a761d65b20c66ca4e9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 13:29:52 +0100 Subject: add missing error codes --- id/server/doc/handbook/protocol/protocol.html | 4 ++ .../auth/exception/MOAIllegalStateException.java | 46 +++++++++++++++++++ .../AbstractProcessEngineSignalController.java | 7 ++- .../resources/properties/id_messages_de.properties | 1 + .../protocol_response_statuscodes_de.properties | 1 + .../id/commons/api/exceptions/MOAIDException.java | 52 ---------------------- .../oauth20/exceptions/OAuth20Exception.java | 6 +-- 7 files changed, 60 insertions(+), 57 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 8e0260a38..ff7921ad5 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -886,6 +886,10 @@ Redirect Binding + + + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java new file mode 100644 index 000000000..bc19a3f39 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java @@ -0,0 +1,46 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +/** + * @author tlenz + * + */ +public class MOAIllegalStateException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 613582783125887683L; + + /** + * + */ + public MOAIllegalStateException(String code, Object[] params) { + super(code, params); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index a23938f97..f22c82e95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -9,6 +9,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -30,7 +31,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont try { if (pendingRequestID == null) { - throw new IllegalStateException("Unable to determine MOA pending-request id."); + throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."}); + } IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); @@ -49,7 +51,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // process instance is mandatory if (pendingReq.getProcessInstanceId() == null) { - throw new IllegalStateException("MOA session does not provide process instance id."); + throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."}); + } // wake up next task diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9986d5679..a579dd80b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -315,3 +315,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin process.01=Fehler beim Ausf\u00FChren des Prozesses. process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}. +process.03=Fehler beim Weiterführen es Prozesses. Msg:{0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index f97ebeeca..653e073a2 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -102,6 +102,7 @@ service.10=4500 process.01=9104 process.02=9104 +process.03=9105 sp.pvp2.00=4501 sp.pvp2.01=4501 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java index 955b0f5ea..6841be92b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java @@ -49,16 +49,7 @@ package at.gv.egovernment.moa.id.commons.api.exceptions; import java.io.PrintStream; import java.io.PrintWriter; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.DOMImplementation; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.util.Constants; /** * Base class of technical MOA exceptions. @@ -176,47 +167,4 @@ public Object[] getParameters() { return parameters; } -/** - * Convert this MOAIDException to an ErrorResponse - * element from the MOA namespace. - * - * @return An ErrorResponse element, containing the subelements - * ErrorCode and Info required by the MOA schema. - */ - public Element toErrorResponse() { - DocumentBuilder builder; - DOMImplementation impl; - Document doc; - Element errorResponse; - Element errorCode; - Element info; - - // create a new document - try { - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - impl = builder.getDOMImplementation(); - } catch (ParserConfigurationException e) { - return null; - } - - // build the ErrorResponse element - doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); - errorResponse = doc.getDocumentElement(); - - // add MOA namespace declaration - errorResponse.setAttributeNS( - Constants.XMLNS_NS_URI, - "xmlns", - Constants.MOA_NS_URI); - - // build the child elements - errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); - errorCode.appendChild(doc.createTextNode(messageId)); - info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); - info.appendChild(doc.createTextNode(toString())); - errorResponse.appendChild(errorCode); - errorResponse.appendChild(info); - return errorResponse; - } - } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java index d7fecd1b5..5dc36868b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -public class OAuth20Exception extends RuntimeException { +public class OAuth20Exception extends MOAIDException { private static final long serialVersionUID = 1L; @@ -33,7 +33,7 @@ public class OAuth20Exception extends RuntimeException { private String errorCode; public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters); this.errorCode = errorCode; this.messageId = messageId; } -- cgit v1.2.3 From 54a26c8e353069abacefe5232f8270bec6b3cc60 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 15:49:24 +0100 Subject: update libs --- id/moa-spss-container/pom.xml | 8 +- id/server/idserverlib/pom.xml | 4 +- .../moa/id/config/ConfigurationProviderImpl.java | 2 - .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 3 +- .../storage/DBAuthenticationSessionStoreage.java | 29 +-- .../moa/id/util/AxisSecureSocketFactory.java | 258 --------------------- .../main/resources/moaid.configuration.beans.xml | 6 +- id/server/moa-id-commons/pom.xml | 8 +- .../id/commons/db/dao/session/AssertionStore.java | 4 +- .../db/dao/session/AuthenticatedSessionStore.java | 4 +- .../id/commons/db/dao/session/ExceptionStore.java | 125 ---------- .../dao/session/InterfederationSessionStore.java | 4 +- .../id/commons/db/dao/session/OASessionStore.java | 4 +- .../db/dao/session/OldSSOSessionIDStore.java | 4 +- .../id/commons/db/dao/statistic/StatisticLog.java | 4 +- .../src/main/resources/moaid.migration.beans.xml | 6 +- pom.xml | 46 ++-- .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar | Bin 0 -> 380513 bytes 18 files changed, 68 insertions(+), 451 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java create mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 1f7cb673f..fb08989b4 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -68,12 +68,12 @@ iaik_X509TrustManager - + - + commons-discovery commons-discovery diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 1c8d89fb4..b226f01b3 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -182,11 +182,11 @@ - + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java index db6ff8d9b..395aeaadb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java @@ -57,7 +57,6 @@ import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; @@ -221,7 +220,6 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider config.addAnnotatedClass(AuthenticatedSessionStore.class); config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); - config.addAnnotatedClass(ExceptionStore.class); config.addAnnotatedClass(InterfederationSessionStore.class); config.addAnnotatedClass(ProcessInstanceStore.class); config.addProperties(moaSessionProp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index ae88f3ea4..dfe9ecb49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -34,6 +34,7 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import org.hibernate.resource.transaction.spi.TransactionStatus; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; @@ -274,7 +275,7 @@ public class SingleLogOutAction implements IAction { throw new AuthenticationException("pvp2.13", new Object[]{}); } finally { - if (tx != null && !tx.wasCommitted()) { + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) { tx.commit(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 43b4ecf17..094e25040 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -32,6 +32,7 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import org.hibernate.resource.transaction.spi.TransactionStatus; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -231,7 +232,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; @@ -321,7 +322,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -371,7 +372,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0); } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -477,7 +478,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch(HibernateException e) { Logger.warn("Error during database saveOrUpdate. Rollback.", e); - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); } @@ -504,7 +505,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Exception e) { if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { + && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { session.getTransaction().rollback(); throw e; @@ -534,7 +535,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Exception e) { if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { + && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { session.getTransaction().rollback(); throw e; @@ -583,7 +584,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return null; } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -626,7 +627,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getActiveOAsessions().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -665,7 +666,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); return null; } @@ -702,7 +703,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -740,7 +741,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -856,7 +857,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -948,7 +949,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -1018,7 +1019,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return (AuthenticatedSessionStore) result.get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted() && commit) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit) tx.rollback(); throw e; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java deleted file mode 100644 index fff5fac96..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ /dev/null @@ -1,258 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - -import java.io.BufferedWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintWriter; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.util.Hashtable; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.components.net.BooleanHolder; -import org.apache.axis.components.net.DefaultSocketFactory; -import org.apache.axis.components.net.SocketFactory; -import org.apache.axis.components.net.TransportClientProperties; -import org.apache.axis.components.net.TransportClientPropertiesFactory; -import org.apache.axis.utils.Messages; -import org.apache.axis.utils.XMLUtils; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * Secure socket factory for Axis webs service clients of the MOA-ID component, - * which are the MOA-SP calls from MOA-ID Auth, - * and the MOA-ID Auth calls from MOA-ID Proxy. - *
Use this initialization code:
- * // ConnectionParameter connParam = ... get from ConfigurationProvider - * AxisSecureSocketFactory.initialize(connParam); - *
See the Apache Axis documentation on how to configure this class - * as the default secure socket factory to be used by Axis. - *
- * This code has been copied from JSSESocketFactory, the - * method initialize() has been added. - * - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AxisSecureSocketFactory - extends DefaultSocketFactory implements SocketFactory { - - /** Field sslFactory */ - private static SSLSocketFactory sslFactory; - - /** - * Constructor for AxisSecureSocketFactory. - * @param attributes ??? - */ - public AxisSecureSocketFactory(Hashtable attributes) { - super(attributes); - } - /** - * Initializes the factory by setting the connection parameters to be used for - * setting the secure socket factory, and by setting the system property - * axis.socketSecureFactory. - * @param ssf SSLSocketFactory to initialize with - */ - public static void initialize(SSLSocketFactory ssf) - throws IOException, GeneralSecurityException { - - Logger.debug("Initialize AxisSecureSocketFactory"); - sslFactory = ssf; - } - - /** - * creates a secure socket - * - * @param host - * @param port - * @param otherHeaders - * @param useFullURL - * - * @return Socket - * @throws Exception - */ - public Socket create( - String host, - int port, - StringBuffer otherHeaders, - BooleanHolder useFullURL) - throws Exception { - if (port == -1) { - port = 443; - } - - TransportClientProperties tcp = - TransportClientPropertiesFactory.create("https"); - - boolean hostInNonProxyList = - isHostInNonProxyList(host, tcp.getNonProxyHosts()); - - Socket sslSocket = null; - if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { - // direct SSL connection - sslSocket = sslFactory.createSocket(host, port); - } - else { - - // Default proxy port is 80, even for https - int tunnelPort = - (tcp.getProxyPort().length() != 0) - ? Integer.parseInt(tcp.getProxyPort()) - : 80; - if (tunnelPort < 0) - tunnelPort = 80; - - // Create the regular socket connection to the proxy - Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); - - // The tunnel handshake method (condensed and made reflexive) - OutputStream tunnelOutputStream = tunnel.getOutputStream(); - PrintWriter out = - new PrintWriter( - new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); - - // More secure version... engage later? - // PasswordAuthentication pa = - // Authenticator.requestPasswordAuthentication( - // InetAddress.getByName(tunnelHost), - // tunnelPort, "SOCK", "Proxy","HTTP"); - // if(pa == null){ - // printDebug("No Authenticator set."); - // }else{ - // printDebug("Using Authenticator."); - // tunnelUser = pa.getUserName(); - // tunnelPassword = new String(pa.getPassword()); - // } - out.print( - "CONNECT " - + host - + ":" - + port - + " HTTP/1.0\r\n" - + "User-Agent: AxisClient"); - if (tcp.getProxyUser().length() != 0 - && tcp.getProxyPassword().length() != 0) { - - // add basic authentication header for the proxy - String encodedPassword = - XMLUtils.base64encode( - (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); - - out.print("\nProxy-Authorization: Basic " + encodedPassword); - } - out.print("\nContent-Length: 0"); - out.print("\nPragma: no-cache"); - out.print("\r\n\r\n"); - out.flush(); - InputStream tunnelInputStream = tunnel.getInputStream(); - - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "isNull00", - "tunnelInputStream", - "" + (tunnelInputStream == null))); - } - String replyStr = ""; - - // Make sure to read all the response from the proxy to prevent SSL negotiation failure - // Response message terminated by two sequential newlines - int newlinesSeen = 0; - boolean headerDone = false; /* Done on first newline */ - - while (newlinesSeen < 2) { - int i = tunnelInputStream.read(); - - if (i < 0) { - throw new IOException("Unexpected EOF from proxy"); - } - if (i == '\n') { - headerDone = true; - ++newlinesSeen; - } - else if (i != '\r') { - newlinesSeen = 0; - if (!headerDone) { - replyStr += String.valueOf((char) i); - } - } - } - if (!replyStr.startsWith("HTTP/1.0 200") - && !replyStr.startsWith("HTTP/1.1 200")) { - throw new IOException( - Messages.getMessage( - "cantTunnel00", - new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); - } - - // End of condensed reflective tunnel handshake method - sslSocket = sslFactory.createSocket(tunnel, host, port, true); - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "setupTunnel00", - tcp.getProxyHost(), - "" + tunnelPort)); - } - } - - ((SSLSocket) sslSocket).startHandshake(); - if (log.isDebugEnabled()) { - log.debug(Messages.getMessage("createdSSL00")); - } - return sslSocket; - } - -} diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml index 5855fc766..9c27ba581 100644 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -15,7 +15,7 @@ - + @@ -24,10 +24,10 @@ - + - + diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index d0cd08844..df38c8384 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -270,10 +270,16 @@ test - + + + + org.apache.commons + commons-dbcp2 + 2.1.1 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index a49142d87..c2f5ec962 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -27,8 +27,6 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Lob; import javax.persistence.NamedQueries; @@ -52,7 +50,7 @@ public class AssertionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index a8cc1928e..6333451b9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -31,8 +31,6 @@ import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Lob; import javax.persistence.NamedQueries; @@ -67,7 +65,7 @@ public class AuthenticatedSessionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java deleted file mode 100644 index 0d56896ff..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java +++ /dev/null @@ -1,125 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.commons.db.dao.session; - -import java.io.Serializable; -import java.util.Date; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Lob; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; - -import org.hibernate.annotations.DynamicUpdate; - - - -@Entity -@DynamicUpdate(value=true) -@Table(name = "exceptionstore") -@NamedQueries({ - @NamedQuery(name="getExceptionWithID", query = "select exceptionstore from ExceptionStore exceptionstore where exceptionstore.exid = :id"), - @NamedQuery(name="getExceptionWithTimeOut", query = "select exceptionstore from ExceptionStore exceptionstore where exceptionstore.timestamp < :timeout") -}) - -public class ExceptionStore implements Serializable{ - - private static final long serialVersionUID = 1L; - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - @Column(name = "id", unique=true, nullable=false) - private long id; - - @Column(name = "exid", unique=true, nullable=false) - private String exid; - - @Column(name = "exception", nullable=false) - @Lob private byte [] exception; - - @Column(name = "timestamp", nullable=false) - private Date timestamp; - - /** - * @return the id - */ - public long getId() { - return id; - } - - /** - * @param id the id to set - */ - public void setId(long id) { - this.id = id; - } - - /** - * @return the exid - */ - public String getExid() { - return exid; - } - - /** - * @param exid the exid to set - */ - public void setExid(String exid) { - this.exid = exid; - } - - /** - * @return the exception - */ - public byte[] getException() { - return exception; - } - - /** - * @param exception the exception to set - */ - public void setException(byte[] exception) { - this.exception = exception; - } - - /** - * @return the timestamp - */ - public Date getTimestamp() { - return timestamp; - } - - /** - * @param timestamp the timestamp to set - */ - public void setTimestamp(Date timestamp) { - this.timestamp = timestamp; - } - - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java index 54216edc4..c62e8be32 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -28,8 +28,6 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -46,7 +44,7 @@ public class InterfederationSessionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index 44ae43115..a11d94af4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -28,8 +28,6 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -46,7 +44,7 @@ public class OASessionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "idOASession", unique=true, nullable=false) private long idOASession; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java index a85bdf2ca..195406a37 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java @@ -27,8 +27,6 @@ import java.io.Serializable; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -51,7 +49,7 @@ public class OldSSOSessionIDStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "idOldSSOSession", unique=true, nullable=false) private long idOldSSOSession; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index 97f26812f..6040d9870 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -27,8 +27,6 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; @@ -50,7 +48,7 @@ public class StatisticLog implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + //@GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml index c758e230e..fd16e8f96 100644 --- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml @@ -15,7 +15,7 @@ - + @@ -24,10 +24,10 @@ - + - + diff --git a/pom.xml b/pom.xml index 4117c52b4..f9657240e 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,8 @@ 3.2.0-OPB-Snapshot - 3.2.0-RC1 + + 3.1.0-RC2 3.2.0-OPB-Snapshot 2.0.1-Snapshot @@ -32,31 +33,35 @@ 2.0.5 1.0.0-Snapshot - - - 2.0.5-RC1 - + + - 4.2.4.RELEASE - 2.18.1 - 2.6.5 - 1.4.5 - 3.1.4 + 2.0.5 + + 4.2.5.RELEASE + 2.19.1 + + 2.6.6 + 1.4.6 + + 5.1.0.Final + 3.1.5 2.3.24.1 + 2.0.0 - 1.7.19 - 4.3.11.Final + + 1.7.19 5.1.38 - 4.11 + 4.11 2.4 3.4 4.1 3.2.2 2.7 - 2.7.0 + 2.7.3 1.3.1 - 3.1.1.RELEASE + ${org.springframework.version} @@ -337,7 +342,7 @@ - + + jaxen jaxen @@ -411,7 +417,7 @@ org.apache.httpcomponents httpclient - 4.5.1 + 4.5.2 dav4j @@ -432,11 +438,11 @@ --> - + MOA.id.server diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar new file mode 100644 index 000000000..5097e2f28 Binary files /dev/null and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar differ -- cgit v1.2.3 From 38a8abe06596847cda4e4fd9d5b4f5585c67fc52 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 Mar 2016 16:44:02 +0200 Subject: implement first parts of eIDAS module error handling and error-response messaging --- .../resources/properties/id_messages_de.properties | 12 +- .../protocol_response_statuscodes_de.properties | 11 ++ .../engine/MOAeIDASChainingMetadataProvider.java | 54 ++++++-- .../engine/MOAeIDASMetadataProviderDecorator.java | 2 + .../eidas/exceptions/EIDASEngineException.java | 25 +++- .../eidas/exceptions/eIDASAttributeException.java | 18 ++- .../eIDASAuthnRequestProcessingException.java | 80 ++++++++++++ .../eIDASAuthnRequestValidationException.java | 59 +++++++++ .../modules/eidas/exceptions/eIDASException.java | 59 +++++++++ .../exceptions/eIDASResponseBuildException.java | 62 +++++++++ .../eidas/tasks/CreateIdentityLinkTask.java | 29 +++-- .../eidas/tasks/GenerateAuthnRequestTask.java | 24 ++-- .../eidas/tasks/ReceiveAuthnResponseTask.java | 12 +- .../auth/modules/eidas/utils/SAMLEngineUtils.java | 2 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 139 +++++++++++++++++++-- .../id/protocols/eidas/EidasMetaDataRequest.java | 6 +- .../eidas/eIDASAuthenticationRequest.java | 4 +- 17 files changed, 538 insertions(+), 60 deletions(-) create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index a579dd80b..6b48750d2 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -227,7 +227,7 @@ validator.73=Das MIS-Vollmachtenservice und das ELGA-Vollmachtenservice k\u00f6n ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen stork.00=STORK SAML AuthnRequest konnte nicht signiert werden -stork.01=STORK SAML AuthnRequest nicht g\u00FCltig +stork.01=STORK SAML AuthnRequest nicht g\u00FCltig. Reason:{0} stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0} stork.04=STORK SAML Response konnte nicht decodiert werden stork.05=STORK SAML Response Validierung fehlgeschlagen @@ -256,6 +256,16 @@ stork.27=Fehler bei der Verarbeitung von STORKRequest. stork.28=Fehler bei der Umwandelung von QAA Daten. stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifier) +eIDAS.00=eIDAS Engine initialization FAILED. Reason:{0} +eIDAS.01=Received eIDAS AuthnRequest is not valid. Reason:{0} +eIDAS.02=Generate eIDAS AuthnRequest FAILED. Reason:{0} +eIDAS.03=Can not connect to eIDAS Node. Reason:No CitizenCountry selected. +eIDAS.04=Can not connect to eIDAS Node. Reason:{0} is not a valid CitizenCountry. +eIDAS.05=Can not generate eIDAS metadata. Reason:{0} +eIDAS.06=Received eIDAS AuthnRequest can not processed. Reason:{0} +eIDAS.07=Missing eIDAS-Attribute:{0} +eIDAS.08=No valid eIDAs-Node configuration for enityID:{0} + pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 653e073a2..92e231bd0 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -213,6 +213,17 @@ stork.19=1203 stork.20=1204 stork.21=1205 +eIDAS.00=TODO +eIDAS.01=TODO +eIDAS.02=TODO +eIDAS.03=TODO +eIDAS.04=TODO +eIDAS.05=TODO +eIDAS.06=TODO +eIDAS.07=TODO +eIDAS.08=TODO + + pvp2.01=6100 pvp2.06=6100 pvp2.10=6100 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 491139fb5..80a2734f2 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -18,6 +18,7 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; @@ -65,7 +66,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi private MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap(); - + } /* (non-Javadoc) @@ -92,12 +93,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi } } - if (!expiredEntities.isEmpty()) { - ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - - //get all actually loaded metadata providers - Map loadedproviders = getAllActuallyLoadedProviders(); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + boolean isUpdateRequired = false; + //get all actually loaded metadata providers + Map loadedproviders = getAllActuallyLoadedProviders(); + + if (!expiredEntities.isEmpty()) { for (String expired : expiredEntities) { if (loadedproviders.containsKey(expired)) { HTTPMetadataProvider provider = loadedproviders.get(expired); @@ -107,7 +109,8 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi //remove from map loadedproviders.remove(expired); - + isUpdateRequired = true; + /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ //chainProvider.removeMetadataProvider(provider); @@ -118,18 +121,43 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi Logger.warn("eIDAS metadata for EntityID: " + expired + " is marked as unsed, but no loaded metadata provider is found."); - } + } + } + //check signature of all metadata which are actually loaded + List nonValidMetadataProvider = new ArrayList(); + for (HTTPMetadataProvider provider : loadedproviders.values()) { + try { + provider.getMetadataFilter().doFilter(provider.getMetadata()); + + } catch (FilterException | MetadataProviderException e) { + Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI() + + " is not valid any more. Reason:" + e.getMessage()); + if (Logger.isDebugEnabled()) + Logger.warn("Reason", e); + + nonValidMetadataProvider.add(provider.getMetadataURI()); + + } + } + for (String el : nonValidMetadataProvider) { + loadedproviders.remove(el); + isUpdateRequired = true; + + } + + //update chaining metadata-provider if it is required + if (isUpdateRequired) { try { synchronized (chainProvider) { chainProvider.setProviders(new ArrayList(loadedproviders.values())); - + emitChangeEvent(); } - + } catch (MetadataProviderException e) { Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e); - + } } } @@ -184,7 +212,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi httpProvider.setMetadataFilter(filter); httpProvider.initialize(); - + return httpProvider; } catch (Throwable e) { @@ -277,7 +305,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi } - + public boolean requireValidMetadata() { return internalProvider.requireValidMetadata(); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java index e3ae5c046..7537c4d84 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java @@ -94,6 +94,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI { throws SAMLEngineException { //Do nothing, because metadata signature is already validated during //metadata provider initialization + + //TODO: maybe signature validation is needed on every request } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java index 95690bbeb..234c4e038 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java @@ -22,19 +22,21 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; +import org.opensaml.saml2.core.StatusCode; /** * @author tlenz * */ -public class EIDASEngineException extends Exception { +public class EIDASEngineException extends eIDASException { /** + * @param objects * @param string * @param e */ - public EIDASEngineException(String string, Throwable e) { - super(string, e); + public EIDASEngineException(String msg, Object[] objects, Throwable e) { + super(msg, objects, e); } /** @@ -42,4 +44,21 @@ public class EIDASEngineException extends Exception { */ private static final long serialVersionUID = 1559812927427153879L; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel() + */ + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel() + */ + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + } + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java index 7840ae2e6..b25895eca 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java @@ -22,17 +22,31 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; +import org.opensaml.saml2.core.StatusCode; + /** * @author tlenz * */ -public class eIDASAttributeException extends Exception { +public class eIDASAttributeException extends eIDASException { private static final long serialVersionUID = 1L; public eIDASAttributeException(String message) { - super(message); + super("eIDAS.07", new Object[]{message}); } + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel() + */ + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java new file mode 100644 index 000000000..c96af37ef --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java @@ -0,0 +1,80 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class eIDASAuthnRequestProcessingException extends eIDASException { + + private String subStatusCode = null; + + /** + * + */ + private static final long serialVersionUID = 1083563877689098041L; + + /** + * @param messageId + * @param parameters + */ + public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) { + super(messageId, parameters); + this.subStatusCode = subStatusCode; + } + + public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e ); + } + + public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e ); + this.subStatusCode = subStatusCode; + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.REQUESTER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + if (MiscUtil.isNotEmpty(subStatusCode)) + return subStatusCode; + + else + return StatusCode.REQUEST_DENIED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java new file mode 100644 index 000000000..2a15ee18a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java @@ -0,0 +1,59 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +/** + * @author tlenz + * + */ +public class eIDASAuthnRequestValidationException extends eIDASException { + + /** + * + */ + private static final long serialVersionUID = 4353716509546972267L; + + /** + * @param messageId + * @param parameters + */ + public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.REQUESTER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.RESOURCE_NOT_RECOGNIZED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java new file mode 100644 index 000000000..f42004abc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java @@ -0,0 +1,59 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +/** + * @author tlenz + * + */ +public abstract class eIDASException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + + public abstract String getStatusCodeFirstLevel(); + public abstract String getStatusCodeSecondLevel(); + + + /** + * @param messageId + * @param parameters + */ + public eIDASException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param messageId + * @param parameters + */ + public eIDASException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java new file mode 100644 index 000000000..0ffcf11ef --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java @@ -0,0 +1,62 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +/** + * @author tlenz + * + */ +public class eIDASResponseBuildException extends eIDASException { + + /** + * + */ + private static final long serialVersionUID = 4446851988854996919L; + + /** + * @param messageId + * @param parameters + */ + public eIDASResponseBuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 7a696cd2f..5d7430dd7 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -22,19 +22,15 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; -import java.io.IOException; import java.io.InputStream; -import java.text.ParseException; import java.text.SimpleDateFormat; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.ParserConfigurationException; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; @@ -94,28 +90,28 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // - set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) - throw new eIDASAttributeException("PersonalIdentifier is missing"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0); prIdentification.getFirstChild().setNodeValue(eIdentifier); // - set last name Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)) - throw new eIDASAttributeException("currentFamilyName is missing"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0); prFamilyName.getFirstChild().setNodeValue(familyName); // - set first name Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME)) - throw new eIDASAttributeException("currentGivenName is missing"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0); prGivenName.getFirstChild().setNodeValue(givenName); // - set date of birth Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH)) - throw new eIDASAttributeException("dateOfBirth is missing"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0); dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth)); prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth); @@ -149,15 +145,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //store MOA-session to database authenticatedSessionStorage.storeSession(moasession); - - } catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) { - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - + } catch (eIDASAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); - - } - + + } catch (MOAIDException | MOADatabaseException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index c953e40ef..c82636a8f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -22,7 +22,6 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; -import java.io.IOException; import java.io.StringWriter; import java.util.Collection; @@ -86,13 +85,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country - throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() }); + throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode}); - throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode}); + throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); } Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination @@ -184,24 +183,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { revisionsLogger.logEvent(oaConfig, pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getSamlId()); - - } catch (IOException e) { - Logger.error("Velocity IO error: " + e.getMessage()); - throw new MOAIDException("stork.15", null); // TODO + } catch (Exception e) { Logger.error("Velocity general error: " + e.getMessage()); - throw new MOAIDException("stork.15", null); // TODO + throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); + } }catch (EIDASSAMLEngineException e){ - Logger.error("eIDAS AuthnRequest generation FAILED.", e); throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", - new EIDASEngineException("Could not generate token for Saml Request", e)); + new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); - } catch (EIDASEngineException | MOAIDException e) { + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); - } + } catch (Exception e) { + Logger.error("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5d1b7fb6f..b73c2a873 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -88,14 +88,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { Logger.error("eIDAS AuthnRequest generation FAILED.", e); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", - new EIDASEngineException("Could not validate eIDAS response", e)); + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", + new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); - } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { + } catch (MOAIDException | MOADatabaseException e) { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + } catch (Exception e) { + Logger.error("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 8fe44f4d6..eeb8305cf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -66,7 +66,7 @@ public class SAMLEngineUtils { } catch (EIDASSAMLEngineException e) { Logger.error("eIDAS SAMLengine initialization FAILED!", e); - throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e); + throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 1996c3d7c..24134f1d9 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -23,17 +23,30 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.io.IOException; +import java.io.StringWriter; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; @@ -44,8 +57,11 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EIDASAuthnRequest; +import eu.eidas.auth.commons.EIDASAuthnResponse; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.auth.engine.metadata.MetadataUtil; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; /** * eIDAS Protocol Support for outbound authentication and metadata generation @@ -140,7 +156,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { First request step - send it to BKU selection for user authentication. After the user credentials and other info are obtained, in the second step the request will be processed and the user redirected */ - public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException { + private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException { Logger.info("received an eIDaS request"); @@ -177,13 +193,36 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list pendingReq.setEidasRequest(samlReq); + //validate destination against metadata + String reqDestination = samlReq.getDestination(); + if (MiscUtil.isNotEmpty(reqDestination)) { + boolean isValid = false; + List allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()) + .getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices(); + + for (AssertionConsumerService el : allowedAssertionConsumerUrl) { + if (reqDestination.equals(el.getLocation())) + isValid = true; + + } + + if (!isValid) { + Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute"); + throw new eIDASAuthnRequestValidationException("stork.01", + new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"}); + } + + } + + // - memorize OA url pendingReq.setOAURL(samlReq.getIssuer()); // - memorize OA config IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL()); if (oaConfig == null) - throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()}); + throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()}); + pendingReq.setOnlineApplicationConfiguration(oaConfig); String spType = samlReq.getSPType(); @@ -194,16 +233,102 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } Logger.debug("eIDAS request has SPType:" + spType); + + } catch (MOAIDException e) { + Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + throw e; + + } catch (EIDASSAMLEngineException e) { + Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e); } catch(Exception e) { - Logger.error("error in preprocessing step", e); - throw new MOAIDException("error in preprocessing step", null); + Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e); + throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e); } } - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - return false; + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable { + if (pendingReq != null && pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + if (eidasReq.getEidasRequest() == null) { + Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found."); + return false; + } + + try { + EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse(); + eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + + if (e instanceof eIDASException) { + eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel()); + eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel()); + eIDASResp.setMessage(e.getMessage()); + + } else if (e instanceof MOAIDException ) { + eIDASResp.setStatusCode(StatusCode.RESPONDER_URI); + eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI); + eIDASResp.setMessage(e.getMessage()); + + } else { + eIDASResp.setStatusCode(StatusCode.RESPONDER_URI); + eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI); + eIDASResp.setMessage(e.getMessage()); + + } + + + EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(); + + if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) { + String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata( + new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), + engine, + eidasReq.getEidasRequest()); + eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl); + + } + //get eIDAS SAML-engine + + eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp, + eidasReq.getRemoteAddress(), true); + + String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml()); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("RelayState", eidasReq.getRemoteRelayState()); + + context.put("SAMLResponse", token); + Logger.debug("SAMLResponse original: " + token); + + Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL()); + context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL()); + Logger.trace("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.trace("Doing template merge"); + template.merge(context, writer); + Logger.trace("Template merge done"); + + Logger.trace("Sending html content : " + new String(writer.getBuffer())); + + response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); + response.setContentType(MediaType.TEXT_HTML.getType()); + + return true; + + } catch (Exception e1 ) { + Logger.error("Generate eIDAS Error-Response failed.", e); + + } + + } + + return false; } public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 60ffb3673..b4db5c83d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -71,8 +71,10 @@ public class EidasMetaDataRequest implements IAction { httpResp.setContentType(MediaType.APPLICATION_XML.getType()); httpResp.getWriter().print(metaData); httpResp.flushBuffer(); - } catch (Exception e) { - e.printStackTrace(); + } catch (Exception e) { + Logger.error("eIDAS Metadata generation FAILED.", e); + throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e); + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index d9663092f..9943cc5fb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -122,19 +122,21 @@ public class eIDASAuthenticationRequest implements IAction { // but we need to set the appropriate request issuer engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer()); - // check if we have the destination available, supply it if not + if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) { String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata( new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), engine, eidasRequest.getEidasRequest()); eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl); + } response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true); token = EIDASUtil.encodeSAMLToken(response.getTokenSaml()); + } catch(Exception e) { e.printStackTrace(); } -- cgit v1.2.3 From a2c787edb81084a0f7a1f01d79607121ff5ec2a4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 31 Mar 2016 14:37:09 +0200 Subject: add errorcodes to eIDAS module functionality --- id/server/doc/handbook/protocol/protocol.html | 46 +++++++++++++++ .../resources/properties/id_messages_de.properties | 8 ++- .../protocol_response_statuscodes_de.properties | 22 +++---- .../eIDASResponseNotSuccessException.java | 67 ++++++++++++++++++++++ .../eidas/tasks/ReceiveAuthnResponseTask.java | 24 ++++++-- 5 files changed, 148 insertions(+), 19 deletions(-) create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index ff7921ad5..6713bd7a3 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -270,6 +270,13 @@ Redirect Binding + + + + + + + @@ -646,6 +653,45 @@ Redirect Binding
9104 Fehler bei der Auswahl oder Initialisierung des gewünschten Anmeldeprozesses
9105Fehler bei der Fortführung des Anmeldeprozesses
9199 Allgemeiner interner Fehler

Gesamte Personenbindung in BASE64 kodiert.

Hinweis: Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.
urn:oid:1.2.40.0.10.2.1.1.261.106MANDATE-TYPE-OIDmandate Bezeichnung als OID des verwendeten Vollmachten-Profils
urn:oid:1.2.40.0.10.2.1.1.261.68 MANDATE-TYPE Der geforderte QAA Level ist höher als der QAA Level der gewählten Authentifizierungsmethode
+
1.3.1.4 eIDAS (13xxx)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
StatuscodeBeschreibung
1300Fehler beim Erstellen des eIDAS Authentifizierungsrequests
1301Fehler beim Validieren der eIDAS Authentifizierungsresponse
1302Response vom eIDAS Node enthält einen Fehler
1303eIDAS Response beinhaltet nicht alle minimal erforderlichen Attribute
1304Der ausgewählte eIDAS Node existiert nicht oder ist nicht konfiguriert
1305eIDAS Request konnte nicht gültig verarbeitet werden
1306Generierung dereIDAS Metadaten fehlgeschlagen
1399Interner Fehler in der eIDAS SAML-Engine

1.3.2 Statuscodes 4xxxx

Alles Statuscodes beginnend mit der Zahl vier beschreiben Fehler die während der Kommunikation mit externen Services aufgetreten sind.

1.3.2.1 BKU (40xxxx)
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 6b48750d2..400b0bc25 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -128,7 +128,7 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe proxy.00=MOA ID Proxy wurde erfolgreich gestartet proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} -proxy.02=Unbekannter URL {0}.
Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. +proxy.02=Unbekannter URL {0}.
Es wurde keine \u00dcbereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. proxy.04=URL {0} : {1} proxy.05=Fehler beim Aufbauen der SSLSocketFactory f\u00FCr {0} \: {1} proxy.06=Fehler beim Starten des Service MOA ID Proxy @@ -265,8 +265,10 @@ eIDAS.05=Can not generate eIDAS metadata. Reason:{0} eIDAS.06=Received eIDAS AuthnRequest can not processed. Reason:{0} eIDAS.07=Missing eIDAS-Attribute:{0} eIDAS.08=No valid eIDAs-Node configuration for enityID:{0} +eIDAS.09=Received eIDAS Response is not valid. Reason:{0} +eIDAS.10=Internal server error. Reason:{0} +eIDAS.11=Received eIDAS Error-Response. Reason:{0} -pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat pvp2.03=Vollmachtattribute nicht in Metadaten verfuegbar @@ -325,4 +327,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin process.01=Fehler beim Ausf\u00FChren des Prozesses. process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}. -process.03=Fehler beim Weiterführen es Prozesses. Msg:{0} +process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 92e231bd0..bfaf5ffb1 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -213,16 +213,18 @@ stork.19=1203 stork.20=1204 stork.21=1205 -eIDAS.00=TODO -eIDAS.01=TODO -eIDAS.02=TODO -eIDAS.03=TODO -eIDAS.04=TODO -eIDAS.05=TODO -eIDAS.06=TODO -eIDAS.07=TODO -eIDAS.08=TODO - +eIDAS.00=1399 +eIDAS.01=1305 +eIDAS.02=1300 +eIDAS.03=1304 +eIDAS.04=1304 +eIDAS.05=1306 +eIDAS.06=1305 +eIDAS.07=1303 +eIDAS.08=1304 +eIDAS.09=1301 +eIDAS.10=9199 +eIDAS.11=1302 pvp2.01=6100 pvp2.06=6100 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java new file mode 100644 index 000000000..d10ca1c88 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +/** + * @author tlenz + * + */ +public class eIDASResponseNotSuccessException extends eIDASException { + + /** + * + */ + private static final long serialVersionUID = 6145402939313568907L; + + public eIDASResponseNotSuccessException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param messageId + * @param parameters + * @param e + */ + public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel() + */ + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel() + */ + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index b73c2a873..fae06031a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.saml2.core.StatusCode; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -11,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -58,7 +60,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //TODO: check if additional decryption operation is required } - + + //check response StatusCode + if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() + + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage()); + throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()}); + + } + //MOA-ID specific response validation //TODO: implement MOA-ID specific response validation @@ -89,18 +99,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", - new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); - - } catch (MOAIDException | MOADatabaseException e) { + new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); + + } catch (MOADatabaseException e) { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.error("eIDAS Response processing FAILED.", e); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); } -- cgit v1.2.3