From 43e57a42832ea8b4ceb0317f3c9028a4174ffa7b Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 8 Aug 2007 07:25:32 +0000 Subject: Adapted project directory structure to suit the new maven based build process. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/AuthenticationException.java | 31 + .../at/gv/egovernment/moa/id/BuildException.java | 34 + .../moa/id/ECDSAConverterException.java | 34 + .../at/gv/egovernment/moa/id/MOAIDException.java | 159 +++ .../at/gv/egovernment/moa/id/ParseException.java | 34 + .../at/gv/egovernment/moa/id/ServiceException.java | 34 + .../moa/id/auth/AuthenticationServer.java | 1019 ++++++++++++++++++++ .../moa/id/auth/AuthenticationSessionCleaner.java | 52 + .../moa/id/auth/MOAIDAuthConstants.java | 75 ++ .../moa/id/auth/MOAIDAuthInitializer.java | 163 ++++ .../moa/id/auth/WrongParametersException.java | 21 + .../builder/AuthenticationAssertionBuilder.java | 88 ++ .../AuthenticationBlockAssertionBuilder.java | 146 +++ .../AuthenticationDataAssertionBuilder.java | 156 +++ .../moa/id/auth/builder/BPKBuilder.java | 49 + .../egovernment/moa/id/auth/builder/Builder.java | 59 ++ .../CertInfoVerifyXMLSignatureRequestBuilder.java | 84 ++ .../builder/CreateXMLSignatureRequestBuilder.java | 93 ++ .../moa/id/auth/builder/DataURLBuilder.java | 83 ++ .../auth/builder/GetIdentityLinkFormBuilder.java | 150 +++ .../id/auth/builder/InfoboxReadRequestBuilder.java | 86 ++ .../builder/InfoboxValidatorParamsBuilder.java | 82 ++ .../moa/id/auth/builder/PersonDataBuilder.java | 59 ++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 60 ++ .../moa/id/auth/builder/SAMLResponseBuilder.java | 91 ++ .../moa/id/auth/builder/SelectBKUFormBuilder.java | 63 ++ .../builder/VerifyXMLSignatureRequestBuilder.java | 206 ++++ .../moa/id/auth/data/AuthenticationSession.java | 383 ++++++++ .../id/auth/data/CreateXMLSignatureResponse.java | 71 ++ .../moa/id/auth/data/ExtendedSAMLAttribute.java | 73 ++ .../id/auth/data/ExtendedSAMLAttributeImpl.java | 137 +++ .../egovernment/moa/id/auth/data/IdentityLink.java | 266 +++++ .../egovernment/moa/id/auth/data/InfoboxToken.java | 65 ++ .../moa/id/auth/data/InfoboxTokenImpl.java | 129 +++ .../moa/id/auth/data/InfoboxValidationResult.java | 57 ++ .../id/auth/data/InfoboxValidationResultImpl.java | 101 ++ .../moa/id/auth/data/InfoboxValidatorParams.java | 172 ++++ .../id/auth/data/InfoboxValidatorParamsImpl.java | 348 +++++++ .../moa/id/auth/data/SAMLAttribute.java | 79 ++ .../at/gv/egovernment/moa/id/auth/data/Schema.java | 26 + .../egovernment/moa/id/auth/data/SchemaImpl.java | 63 ++ .../id/auth/data/VerifyXMLSignatureResponse.java | 177 ++++ .../auth/invoke/SignatureVerificationInvoker.java | 92 ++ .../parser/CreateXMLSignatureResponseParser.java | 193 ++++ .../moa/id/auth/parser/ErrorResponseParser.java | 72 ++ .../parser/ExtendedInfoboxReadResponseParser.java | 157 +++ .../auth/parser/IdentityLinkAssertionParser.java | 319 ++++++ .../id/auth/parser/InfoboxReadResponseParser.java | 165 ++++ .../moa/id/auth/parser/SAMLArtifactParser.java | 58 ++ .../parser/VerifyXMLSignatureResponseParser.java | 156 +++ .../moa/id/auth/servlet/AuthServlet.java | 202 ++++ .../moa/id/auth/servlet/ConfigurationServlet.java | 75 ++ .../auth/servlet/GetAuthenticationDataService.java | 135 +++ .../moa/id/auth/servlet/SelectBKUServlet.java | 99 ++ .../auth/servlet/StartAuthenticationServlet.java | 103 ++ .../servlet/VerifyAuthenticationBlockServlet.java | 120 +++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 107 ++ .../CreateXMLSignatureResponseValidator.java | 274 ++++++ .../id/auth/validator/IdentityLinkValidator.java | 159 +++ .../moa/id/auth/validator/InfoboxValidator.java | 32 + .../moa/id/auth/validator/ValidateException.java | 35 + .../VerifyXMLSignatureResponseValidator.java | 177 ++++ .../moa/id/config/ConfigurationBuilder.java | 894 +++++++++++++++++ .../moa/id/config/ConfigurationException.java | 31 + .../moa/id/config/ConfigurationProvider.java | 128 +++ .../moa/id/config/ConnectionParameter.java | 106 ++ .../gv/egovernment/moa/id/config/OAParameter.java | 76 ++ .../id/config/auth/AuthConfigurationProvider.java | 414 ++++++++ .../moa/id/config/auth/OAAuthParameter.java | 268 +++++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 360 +++++++ .../id/config/auth/VerifyInfoboxParameters.java | 135 +++ .../moa/id/config/proxy/OAConfiguration.java | 173 ++++ .../moa/id/config/proxy/OAProxyParameter.java | 184 ++++ .../id/config/proxy/ProxyConfigurationBuilder.java | 268 +++++ .../config/proxy/ProxyConfigurationProvider.java | 188 ++++ .../moa/id/data/AuthenticationData.java | 394 ++++++++ .../java/at/gv/egovernment/moa/id/data/Cookie.java | 119 +++ .../gv/egovernment/moa/id/data/CookieManager.java | 114 +++ .../egovernment/moa/id/data/IssuerAndSerial.java | 111 +++ .../at/gv/egovernment/moa/id/data/SAMLStatus.java | 59 ++ .../id/iaik/config/CertStoreConfigurationImpl.java | 96 ++ .../moa/id/iaik/config/LoggerConfigImpl.java | 51 + .../moa/id/iaik/config/PKIConfigurationImpl.java | 66 ++ .../iaik/config/RevocationConfigurationImpl.java | 36 + .../iaik/config/ValidationConfigurationImpl.java | 51 + .../moa/id/iaik/pki/PKIProfileImpl.java | 186 ++++ .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java | 119 +++ .../iaik/servertools/observer/ObservableImpl.java | 46 + .../moa/id/proxy/ConnectionBuilder.java | 64 ++ .../moa/id/proxy/ConnectionBuilderFactory.java | 68 ++ .../moa/id/proxy/DefaultConnectionBuilder.java | 149 +++ .../id/proxy/DefaultLoginParameterResolver.java | 142 +++ .../moa/id/proxy/ElakConnectionBuilder.java | 249 +++++ .../moa/id/proxy/EnhancedConnectionBuilder.java | 211 ++++ .../moa/id/proxy/LoginParameterResolver.java | 86 ++ .../id/proxy/LoginParameterResolverException.java | 37 + .../id/proxy/LoginParameterResolverFactory.java | 82 ++ .../moa/id/proxy/MOAIDProxyInitializer.java | 95 ++ .../moa/id/proxy/NotAllowedException.java | 39 + .../XMLLoginParameterResolverEncryptedData.java | 678 +++++++++++++ .../proxy/XMLLoginParameterResolverPlainData.java | 422 ++++++++ .../moa/id/proxy/builder/SAMLRequestBuilder.java | 55 ++ .../proxy/invoke/GetAuthenticationDataInvoker.java | 143 +++ .../parser/AuthenticationDataAssertionParser.java | 158 +++ .../moa/id/proxy/parser/SAMLResponseParser.java | 100 ++ .../moa/id/proxy/servlet/ConfigurationServlet.java | 71 ++ .../moa/id/proxy/servlet/ProxyException.java | 35 + .../moa/id/proxy/servlet/ProxyServlet.java | 879 +++++++++++++++++ .../moa/id/util/AxisSecureSocketFactory.java | 212 ++++ .../gv/egovernment/moa/id/util/ECDSAConstants.java | 36 + .../moa/id/util/ECDSAKeyValueConverter.java | 572 +++++++++++ .../moa/id/util/HTTPRequestJSPForwarder.java | 76 ++ .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 68 ++ .../moa/id/util/InOrderServletRequestWrapper.java | 374 +++++++ .../moa/id/util/MOAIDMessageProvider.java | 58 ++ .../moa/id/util/ParameterInOrderFilter.java | 62 ++ .../java/at/gv/egovernment/moa/id/util/Random.java | 22 + .../at/gv/egovernment/moa/id/util/SSLUtils.java | 180 ++++ 118 files changed, 18184 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java new file mode 100644 index 000000000..96a5e0673 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown during handling of AuthenticationSession + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationException extends MOAIDException { + + /** + * Constructor for AuthenticationException. + * @param messageId + */ + public AuthenticationException(String messageId, Object[] parameters) { + super(messageId, parameters, null); + } + /** + * Constructor for AuthenticationException. + * @param messageId + * @param parameters + * @param wrapped + */ + public AuthenticationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java new file mode 100644 index 000000000..785dce7a3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while building an XML or HTML structure. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class BuildException extends MOAIDException { + + /** + * Constructor for BuildException. + * @param messageId + * @param parameters + */ + public BuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for BuildException. + * @param messageId + * @param parameters + * @param wrapped + */ + public BuildException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java new file mode 100644 index 000000000..682395a83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while converting ECDSAKeys from/to an XML structure. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class ECDSAConverterException extends MOAIDException { + + /** + * Constructor for ECDSAConverterException. + * @param messageId + * @param parameters + */ + public ECDSAConverterException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ECDSAConverterException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ECDSAConverterException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java new file mode 100644 index 000000000..bce2c4778 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -0,0 +1,159 @@ +package at.gv.egovernment.moa.id; + +import java.io.PrintStream; +import java.io.PrintWriter; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.DOMImplementation; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * Base class of technical MOA exceptions. + * + * Technical exceptions are exceptions that originate from system failure (e.g., + * a database connection fails, a component is not available, etc.) + * + * @author Patrick Peck, Ivancsics Paul + * @version $Id$ + */ +public class MOAIDException extends Exception { + /** message ID */ + private String messageId; + /** wrapped exception */ + private Throwable wrapped; + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * exception. + * @param parameters Additional message parameters. + */ + public MOAIDException(String messageId, Object[] parameters) { + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + } + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * MOAIDException. + * @param parameters Additional message parameters. + * @param wrapped The exception wrapped by this + * MOAIDException. + */ + public MOAIDException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + this.wrapped = wrapped; + } + + /** + * Print a stack trace of this exception to System.err. + * + * @see java.lang.Throwable#printStackTrace() + */ + public void printStackTrace() { + printStackTrace(System.err); + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stack trace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) + */ + public void printStackTrace(PrintStream s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stacktrace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) + */ + public void printStackTrace(PrintWriter s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * @return message ID + */ + public String getMessageId() { + return messageId; + } + + /** + * @return wrapped exception + */ + public Throwable getWrapped() { + return wrapped; + } + + /** + * Convert this MOAIDException to an ErrorResponse + * element from the MOA namespace. + * + * @return An ErrorResponse element, containing the subelements + * ErrorCode and Info required by the MOA schema. + */ + public Element toErrorResponse() { + DocumentBuilder builder; + DOMImplementation impl; + Document doc; + Element errorResponse; + Element errorCode; + Element info; + + // create a new document + try { + builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + impl = builder.getDOMImplementation(); + } catch (ParserConfigurationException e) { + return null; + } + + // build the ErrorResponse element + doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); + errorResponse = doc.getDocumentElement(); + + // add MOA namespace declaration + errorResponse.setAttributeNS( + Constants.XMLNS_NS_URI, + "xmlns", + Constants.MOA_NS_URI); + + // build the child elements + errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); + errorCode.appendChild(doc.createTextNode(messageId)); + info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); + info.appendChild(doc.createTextNode(toString())); + errorResponse.appendChild(errorCode); + errorResponse.appendChild(info); + return errorResponse; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java new file mode 100644 index 000000000..a5e0088d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while parsing an XML structure. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ParseException extends MOAIDException { + + /** + * Constructor for ParseException. + * @param messageId + * @param parameters + */ + public ParseException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ParseException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ParseException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java new file mode 100644 index 000000000..9e6ab2361 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while calling the MOA-SPSS web service. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ServiceException extends MOAIDException { + + /** + * Constructor for ServiceException. + * @param messageId + * @param parameters + */ + public ServiceException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ServiceException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ServiceException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java new file mode 100644 index 000000000..5f4ec2d29 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -0,0 +1,1019 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Calendar; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.Vector; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * API for MOA ID Authentication Service.
+ * {@link AuthenticationSession} is stored in a session store and retrieved + * by giving the session ID. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationServer implements MOAIDAuthConstants { + + /** single instance */ + private static AuthenticationServer instance; + /** session data store (session ID -> AuthenticationSession) */ + private static Map sessionStore = new HashMap(); + /** authentication data store (assertion handle -> AuthenticationData) */ + private static Map authenticationDataStore = new HashMap(); + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + /** + * Processes request to select a BKU. + *
Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}. + *
For bkuSelectionType==HTMLComplete, a returnURI for the + * "BKU Auswahl" service is returned. + *
For bkuSelectionType==HTMLSelect, an HTML form for BKU selection is returned. + * @param authURL base URL of MOA-ID Auth component + * @param target "Geschäftsbereich" + * @param oaURL online application URL requested + * @param bkuSelectionTemplateURL template for BKU selection form to be used + * in case of HTMLSelect; may be null + * @param templateURL URL providing an HTML template for the HTML form to be used + * for call startAuthentication + * @return for bkuSelectionType==HTMLComplete, the returnURI for the + * "BKU Auswahl" service; + * for bkuSelectionType==HTMLSelect, an HTML form for BKU selection + * @throws WrongParametersException upon missing parameters + * @throws AuthenticationException when the configured BKU selection service cannot be reached, + * and when the given bkuSelectionTemplateURL cannot be reached + * @throws ConfigurationException on missing configuration data + * @throws BuildException while building the HTML form + */ + public String selectBKU( + String authURL, + String target, + String oaURL, + String bkuSelectionTemplateURL, + String templateURL) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", "AuthURL"); + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA); + + ConnectionParameter bkuConnParam = + AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); + if (bkuConnParam == null) + throw new ConfigurationException( + "config.08", + new Object[] { "BKUSelection/ConnectionParameter" }); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + if (!isEmpty(target)) { + Logger.info("Ignoring target parameter thus application type is \"businessService\""); + } + target = null; + } + + AuthenticationSession session = newSession(); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); + session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); + String returnURL = + new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); + if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { + // bkuSelectionType==HTMLComplete + String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; + return redirectURL; + } else { + // bkuSelectionType==HTMLSelect + String bkuSelectTag; + try { + bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); + } catch (Throwable ex) { + throw new AuthenticationException( + "auth.11", + new Object[] { bkuConnParam.getUrl(), ex.toString()}, + ex); + } + String bkuSelectionTemplate = null; + // override template url by url from configuration file + if (oaParam.getBkuSelectionTemplateURL() != null) { + bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); + } + if (bkuSelectionTemplateURL != null) { + try { + bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuSelectionTemplateURL, ex.toString()}, + ex); + } + } + String htmlForm = + new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); + return htmlForm; + } + } + /** + * Method readBKUSelectTag. + * @param conf the ConfigurationProvider + * @param connParam the ConnectionParameter for that connection + * @return String + * @throws ConfigurationException on config-errors + * @throws PKIException on PKI errors + * @throws IOException on any data error + * @throws GeneralSecurityException on security errors + */ + private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + if (connParam.isHTTPSURL()) + return SSLUtils.readHttpsURL(conf, connParam); + else + return HTTPUtils.readHttpURL(connParam.getUrl()); + } + /** + * Processes the beginning of an authentication session. + * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; + * may be null; in this case, the default location will be used + * @param templateURL URL providing an HTML template for the HTML form generated + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication( + String authURL, + String target, + String oaURL, + String templateURL, + String bkuURL, + String sessionID) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + + if (isEmpty(sessionID)) { + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", "AuthURL"); + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = + AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA); + } + AuthenticationSession session; + OAAuthParameter oaParam; + if (sessionID != null) { + session = getSession(sessionID); + oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } else { + oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + target = null; + } + session = newSession(); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); + session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); + } + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + bkuURL = DEFAULT_BKU; + } + session.setBkuURL(bkuURL); + String infoboxReadRequest = + new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), + oaParam.getBusinessService(), + oaParam.getIdentityLinkDomainIdentifier()); + String dataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_IDENTITY_LINK, + session.getSessionID()); + String template = null; + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } else { + templateURL = session.getTemplateURL(); + } + if (templateURL != null) { + try { + template = new String(FileUtils.readURL(templateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { templateURL, ex.toString()}, + ex); + } + } + String pushInfobox = ""; + VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + if (verifyInfoboxParameters != null) { + pushInfobox = verifyInfoboxParameters.getPushInfobox(); + } + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); + String certInfoDataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_START_AUTHENTICATION, + session.getSessionID()); + String htmlForm = + new GetIdentityLinkFormBuilder().build( + template, + bkuURL, + infoboxReadRequest, + dataURL, + certInfoRequest, + certInfoDataURL, + pushInfobox); + return htmlForm; + } + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ * + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU including the <InfoboxReadResponse> + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String verifyIdentityLink(String sessionID, Map infoboxReadResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthenticationSession session = getSession(sessionID); + if (session.getTimestampIdentityLink() != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + session.setTimestampIdentityLink(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + // parses the + IdentityLink identityLink = + new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().build( + identityLink, + authConf.getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + if (identityLink.getIdentificationType().equalsIgnoreCase(Constants.URN_PREFIX_BASEID)) { + } + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has to be ignored + boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session); +// session.setAuthBlock(authBlock); + // builds the + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, + oaParam.getKeyBoxIdentifier(), + transformsInfos, + oaParam.getSlVersion12()); + return createXMLSignatureRequest; + } + /** + * Builds an authentication block <saml:Assertion> from given session data. + * @param session authentication session + * + * @return <saml:Assertion> as a String + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock( + issuer, + issueInstant, + authURL, + target, + identificationValue, + identificationType, + oaURL, + gebDat, + extendedSAMLAttributes, + session); + + return authBlock; + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param infoboxReadResponseParams The parameters returned from the BKU as response + * to an infobox read request (including the infobox + * tokens to be verified). + * @param hideStammzahl Indicates whether source pins (Stammzahlen) + * should be hidden in any SAML attribute that may be + * returned by a validator. + * + * @throws AuthenticationException If the verification of at least one infobox fails. + * @throws ConfigurationException If the OAuthParameter cannot be extracted. + */ + private void verifyInfoboxes( + AuthenticationSession session, Map infoboxReadResponseParams, boolean hideStammzahl) + throws ValidateException, ConfigurationException + { + + AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance(); + // get the default VerifyInfobox parameters + Map defaultInfoboxParameters = null; + VerifyInfoboxParameters defaultVerifyInfoboxParameters = + authConfigurationProvider.getDefaultVerifyInfoboxParameters(); + if (defaultVerifyInfoboxParameters != null) { + defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); + } + // get the OA specific VerifyInfobox parameters + Map infoboxParameters = null; + OAAuthParameter oaParam = + authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + if (verifyInfoboxParameters != null) { + Vector authAttributes = new Vector(); + Vector oaAttributes = new Vector(); + infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); + // get the list of infobox identifiers + List identifiers = verifyInfoboxParameters.getIdentifiers(); + if (identifiers != null) { + // step through the identifiers and verify the infoboxes + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + String identifier = (String)it.next(); + // get the infobox read response from the map of parameters + String infoboxReadResponse = (String)infoboxReadResponseParams.get(identifier); + // get the configuration parameters + VerifyInfoboxParameter verifyInfoboxParameter = null; + Object object = infoboxParameters.get(identifier); + // if not present, use default + if ((object == null) && (defaultInfoboxParameters != null)) { + object = defaultInfoboxParameters.get(identifier); + } + if (object != null) { + verifyInfoboxParameter = (VerifyInfoboxParameter)object; + } + if (infoboxReadResponse != null) { + if (verifyInfoboxParameter == null) { + // should not happen because of the pushinfobox mechanism; check it anyway + Logger.error("No validator for verifying \"" + identifier + "\"-infobox configured."); + throw new ValidateException("validator.41", new Object[] {identifier}); + } else { + String friendlyName = verifyInfoboxParameter.getFriendlyName(); + // get the class for validating the infobox + InfoboxValidator infoboxValidator = null; + try { + Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); + } catch (Exception e) { + Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + + "\" for \"" + identifier + "\"-infobox: " + e.getMessage()); + throw new ValidateException("validator.42", new Object[] {friendlyName}); + } + Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + + "\" for \"" + identifier + "\"-infobox."); + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // build the parameters for validating the infobox + InfoboxValidatorParams infoboxValidatorParams = + InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( + session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + // now validate the infobox + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + + Logger.info(identifier + " infobox successfully validated."); + + // get the SAML attributes to be appended to the AUTHBlock or to the final + // SAML Assertion + ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); + if (extendedSAMLAttributes != null) { + int length = extendedSAMLAttributes.length; + for (int i=0; i<CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store + * indexed by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String verifyAuthenticationBlock( + String sessionID, + String xmlCreateXMLSignatureReadResponse) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + // parses + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + try { + String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a for a MOA-SPSS call + String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + vsresp, + null, + VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + + // TODO See Bug #144 + // Compare AuthBlock Data with information stored in session, especially date and time + + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, + session.getIdentityLink()); + + // builds authentication data and stores it together with a SAML artifact + AuthenticationData authData = buildAuthenticationData(session, vsresp); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + } + /** + * Builds the AuthenticationData object together with the + * corresponding <saml:Assertion> + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + private AuthenticationData buildAuthenticationData( + AuthenticationSession session, + VerifyXMLSignatureResponse verifyXMLSigResp) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); + + authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); + if (provideStammzahl) { + authData.setIdentificationValue(identityLink.getIdentificationValue()); + } + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + try { + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + X509Certificate signerCertificate = verifyXMLSigResp.getX509certificate(); + if (signerCertificate != null) { + signerCertificateBase64 = Base64Utils.encode(signerCertificate.getEncoded()); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } + } + authData.setSignerCertificate(signerCertificateBase64); + if (businessService) { + authData.setWBPK(identityLink.getIdentificationValue()); + } else { + // only compute bPK if online applcation is a public service + String bpkBase64 = + new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } + String ilAssertion = + oaParam.getProvideIdentityLink() + ? identityLink.getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), ""); + } + String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; + String samlAssertion = + new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + businessService, + session.getExtendedSAMLAttributesOA()); + authData.setSamlAssertion(samlAssertion); + return authData; + } catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", ex.toString()}, + ex); + } + } + /** + * Retrieves AuthenticationData indexed by the SAML artifact. + * The AuthenticationData is deleted from the store upon end of this call. + * + * @return AuthenticationData + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws AuthenticationException { + String assertionHandle; + try { + assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); + } + AuthenticationData authData = null; + synchronized (authenticationDataStore) { + authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); + if (authData == null) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + authenticationDataStore.remove(assertionHandle); + } + long now = new Date().getTime(); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + return authData; + } + /** + * Stores authentication data indexed by the assertion handle contained in the + * given saml artifact. + * @param samlArtifact SAML artifact + * @param authData authentication data + * @throws AuthenticationException when SAML artifact is invalid + */ + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) + throws AuthenticationException { + + try { + SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); + // check type code 0x0001 + byte[] typeCode = parser.parseTypeCode(); + if (typeCode[0] != 0 || typeCode[1] != 1) + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); + String assertionHandle = parser.parseAssertionHandle(); + synchronized (authenticationDataStore) { + Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); + authenticationDataStore.put(assertionHandle, authData); + } + } catch (AuthenticationException ex) { + throw ex; + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); + } + } + /** + * Creates a new session and puts it into the session store. + * + * @param id Session ID + * @return AuthenticationSession created + * @exception AuthenticationException + * thrown when an AuthenticationSession is running + * already for the given session ID + */ + private static AuthenticationSession newSession() throws AuthenticationException { + String sessionID = Random.nextRandom(); + AuthenticationSession newSession = new AuthenticationSession(sessionID); + synchronized (sessionStore) { + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (session != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + sessionStore.put(sessionID, newSession); + } + return newSession; + } + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) throws AuthenticationException { + AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + } + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + synchronized (sessionStore) { + Set keys = new HashSet(sessionStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String sessionID = (String) iter.next(); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (now - session.getTimestampStart().getTime() > sessionTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.02", + new Object[] { sessionID })); + sessionStore.remove(sessionID); + } + } + } + synchronized (authenticationDataStore) { + Set keys = new HashSet(authenticationDataStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String samlArtifact = (String) iter.next(); + AuthenticationData authData = + (AuthenticationData) authenticationDataStore.get(samlArtifact); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.03", + new Object[] { samlArtifact })); + authenticationDataStore.remove(samlArtifact); + } + } + } + } + + /** + * Sets the sessionTimeOut. + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOut(long seconds) { + sessionTimeOut = 1000 * seconds; + } + /** + * Sets the authDataTimeOut. + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = 1000 * seconds; + } + + /** + * Checks a parameter. + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java new file mode 100644 index 000000000..7e5ed6ec7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.auth; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Thread cleaning the AuthenticationServer session store + * and authentication data store from garbage. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationSessionCleaner implements Runnable { + + /** interval the AuthenticationSessionCleaner is run in */ + private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min + + /** + * Runs the thread. Cleans the AuthenticationServer session store + * and authentication data store from garbage, then sleeps for given interval, and restarts. + */ + public void run() { + while (true) { + try { + Logger.debug("AuthenticationSessionCleaner run"); + AuthenticationServer.getInstance().cleanup(); + } + catch (Exception e) { + Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e); + } + try { + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + } + catch (InterruptedException e) { + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + Thread sessionCleaner = + new Thread(new AuthenticationSessionCleaner()); + sessionCleaner.setName("SessionCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java new file mode 100644 index 000000000..43e88e7b5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.asn1.ObjectID; + + +/** + * Constants used throughout moa-id-auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public interface MOAIDAuthConstants { + + /** servlet parameter "Target" */ + public static final String PARAM_TARGET = "Target"; + /** servlet parameter "OA" */ + public static final String PARAM_OA = "OA"; + /** servlet parameter "bkuURI" */ + public static final String PARAM_BKU = "bkuURI"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** default BKU URL */ + public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** servlet parameter "returnURI" */ + public static final String PARAM_RETURN = "returnURI"; + /** servlet parameter "Template" */ + public static final String PARAM_TEMPLATE = "Template"; + /** servlet parameter "MOASessionID" */ + public static final String PARAM_SESSIONID = "MOASessionID"; + /** servlet parameter "XMLResponse" */ + public static final String PARAM_XMLRESPONSE = "XMLResponse"; + /** servlet parameter "SAMLArtifact" */ + public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ + public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ + public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ + public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; + /** Logging hierarchy used for controlling debug output of XML structures to files */ + public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_EXPIRES = "Expires"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_PRAGMA = "Pragma"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_PRAGMA = "no-cache"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_CACHE_CONTROL = "Cache-control"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; + /** + * the identity link signer X509Subject names of those identity link signer certificates + * not including the identity link signer OID. The authorisation for signing the identity + * link must be checked by using their issuer names. After february 19th 2007 the OID of + * the certificate will be used fo checking the authorisation for signing identity links. + */ + public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = + new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + /** + * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" + */ + public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; + /** + * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); + * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 + */ + public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java new file mode 100644 index 000000000..7964e2fb6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -0,0 +1,163 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.pki.PKIException; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Properties; + +import javax.activation.CommandMap; +import javax.activation.MailcapCommandMap; +import javax.mail.Session; +import javax.net.ssl.SSLSocketFactory; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.util.Constants; + +/** + * Web application initializer + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDAuthInitializer { + + /** a boolean identifying if the MOAIDAuthInitializer has been startet */ + public static boolean initialized = false; + + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + */ + public static void initialize() throws ConfigurationException, + PKIException, IOException, GeneralSecurityException { + if (initialized) return; + initialized = true; + Logger.setHierarchy("moa.id.auth"); + Logger.info("Default java file.encoding: " + + System.getProperty("file.encoding")); + + //JDK bug workaround according to: + // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier + // register content data handlers for S/MIME types + MailcapCommandMap mc = new MailcapCommandMap(); + CommandMap.setDefaultCommandMap(mc); + + // create some properties and get the default Session + Properties props = new Properties(); + props.put("mail.smtp.host", "localhost"); + Session session = Session.getDefaultInstance(props, null); + + // Restricts TLS cipher suites + System.setProperty( + "https.cipherSuites", + "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + // load some jsse classes so that the integrity of the jars can be + // verified + // before the iaik jce is installed as the security provider + // this workaround is only needed when sun jsse is used in conjunction + // with + // iaik-jce (on jdk1.3) + ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); + try { + cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar + } catch (ClassNotFoundException e) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage( + "init.01", null), e); + } + + // Initializes SSLSocketFactory store + SSLUtils.initialize(); + + // Initializes Namespace Map + Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); + Constants.nSMap.put(Constants.ECDSA_PREFIX, + "http://www.w3.org/2001/04/xmldsig-more#"); + Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + + // Loads the configuration + AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); + ConnectionParameter moaSPConnParam = authConf + .getMoaSpConnectionParameter(); + + // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK + if (moaSPConnParam == null) { + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + } + } + + // Initializes IAIKX509TrustManager logging + String log4jConfigURL = System.getProperty("log4j.configuration"); + if (log4jConfigURL != null) { + IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); + } + + // Initializes the Axis secure socket factory for use in calling the + // MOA-SP web service + if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, + moaSPConnParam); + AxisSecureSocketFactory.initialize(ssf); + } + + // sets the authentication session and authentication data time outs + String param = authConf + .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + if (param != null) { + long sessionTimeOut = 0; + try { + sessionTimeOut = new Long(param).longValue(); + } catch (NumberFormatException ex) { + Logger + .error(MOAIDMessageProvider + .getInstance() + .getMessage( + "config.05", + new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); + } + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOut(sessionTimeOut); + } + param = authConf + .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + if (param != null) { + long authDataTimeOut = 0; + try { + authDataTimeOut = new Long(param).longValue(); + } catch (NumberFormatException ex) { + Logger + .error(MOAIDMessageProvider + .getInstance() + .getMessage( + "config.05", + new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); + } + if (authDataTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsAuthDataTimeOut(authDataTimeOut); + } + + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java new file mode 100644 index 000000000..3ce2798ea --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.auth; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown when the AuthenticationServer API is + * called with wrong parameters provided. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class WrongParametersException extends MOAIDException { + + /** + * Constructor + */ + public WrongParametersException(String call, String parameter) { + super("auth.05", new Object[] {call, parameter}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java new file mode 100644 index 000000000..241cf0afc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -0,0 +1,88 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.text.MessageFormat; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Base class for building authentication the AUTHBlock and final OA data SAML assertions. + * Encapsulates methods used by the two specific builders + * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder} + * and + * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder} + * + * @author Harald Bratko + */ +public class AuthenticationAssertionBuilder { + + /** the NewLine representation in Java*/ + protected static String NL = "\n"; + + protected static String SAML_ATTRIBUTE = + " " + NL + + " {2}" + NL + + " "+ NL; + + /** + * Empty constructor + */ + public AuthenticationAssertionBuilder() { + } + + /** + * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion + * delivered to the online application. + * The method traverses through the list of given SAML attribute objects and builds an + * XML structure (String representation) for each of the attributes. + * + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or + * to the SAML assertion delivered to the online application. + * @return A string representation including the XML structures of + * the SAML attributes. + * + * @throws ParseException If an error occurs on serializing an SAML attribute. + */ + protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException + { + StringBuffer sb = new StringBuffer(); + if (extendedSAMLAttributes!=null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + Object value = extendedSAMLAttribute.getValue(); + String name = extendedSAMLAttribute.getName(); + String namespace = extendedSAMLAttribute.getNameSpace(); + if (value instanceof String) { + sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value})); + } else if (value instanceof Element) { + try { + String serializedValue = DOMUtils.serializeNode((Element)(value)); + serializedValue = StringUtils.removeXMLDeclaration(serializedValue); + sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue})); + } catch (TransformerException e) { + Logger.error("Error on serializing SAML attribute \"" + name + + " (namespace: \"" + namespace + "\"."); + throw new ParseException("parser.05", new Object[] { name, namespace}); + } catch (IOException e) { + Logger.error("Error on serializing SAML attribute \"" + name + + " (namespace: \"" + namespace + "\"."); + throw new ParseException("parser.05", new Object[] { name, namespace}); + } + } + } + } + return sb.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java new file mode 100644 index 000000000..60cd11ed6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -0,0 +1,146 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; +import java.util.List; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the authentication block <saml:Assertion> + * to be included in a <CreateXMLSignatureResponse>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { + + /** template for the Auth-Block */ + private static String AUTH_BLOCK = + "" + NL + + " " + NL + + " " + NL + + " {3}" + NL + + " " + NL + + "{4}" + + " " + NL + + " {5}" + NL + + " " + NL + + " " + NL + + " {6}" + NL + + " " + NL + + "{7}" + + " " + NL + + ""; + + private static String GESCHAEFTS_BEREICH_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " " + NL; + + private static String WBPK_ATTRIBUTE = + " " + NL + + " " + NL + + " " + NL + + " {0}" + NL + + " {1}" + NL + + " " + NL + + " " + NL + + " " + NL; + + /** + * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). + */ + public static final int NUM_OF_SAML_ATTRIBUTES = 3; + + /** + * Constructor for AuthenticationBlockAssertionBuilder. + */ + public AuthenticationBlockAssertionBuilder() { + super(); + } + + /** + * Builds the authentication block <saml:Assertion> + * + * @param issuer authentication block issuer; "GivenName FamilyName" + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich"; maybe null if the application + * is a business application + * @param identityLinkValue the content of the <pr:Value> + * child element of the <pr:Identification> + * element derived from the Identitylink; this is the + * value of the wbPK; + * maybe null if the application is a public service + * @param identityLinkType the content of the <pr:Type> + * child element of the <pr:Identification> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe null if the application is a public service + * @param oaURL public URL of online application requested + * @param gebDat The date of birth from the identity link. + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock. + * + * @return String representation of authentication block + * <saml:Assertion> built + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + public String buildAuthBlock( + String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + if (target == null) { + // OA is a business application + if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + } else { + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); + } + } else { + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + } + + String assertion; + try { + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + return assertion; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java new file mode 100644 index 000000000..53520c846 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; +import java.util.List; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the authentication data <saml:Assertion> + * to be provided by the MOA ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { + /** private static String NL contains the NewLine representation in Java*/ + private static final String NL = "\n"; + /** + * XML template for the <saml:Assertion> to be built + */ + private static final String AUTH_DATA = + "" + NL + + "" + NL + + " " + NL + + " " + NL + + " {4}" + NL + + " " + NL + + " " + MOA_NS_URI + "cm" + NL + + " {5}{6}" + NL + + " " + NL + + " " + NL + + " " + NL + + " {7}" + NL + + " " + NL + + " " + NL + + " {8}" + NL + + " " + NL + + " " + NL + + " {9}" + NL + + " " + NL + + "{10}" + + "{11}" + + "{12}" + + " " + NL + + ""; + /** + * XML template for the <saml:Attribute> named "isPublicAuthority", + * to be inserted into the <saml:Assertion> + */ + private static final String PUBLIC_AUTHORITY_ATT = + " " + NL + + " {0}" + NL + + " " + NL; + + private static final String SIGNER_CERTIFICATE_ATT = + " " + NL + + " {0}" + NL + + " " + NL; + + /** + * Constructor for AuthenticationDataAssertionBuilder. + */ + public AuthenticationDataAssertionBuilder() { + super(); + } + + /** + * Builds the authentication data <saml:Assertion>. + * + * @param authData the AuthenticationData to build the + * <saml:Assertion> from + * @param xmlPersonData lt;pr:Person> element as a String + * @param xmlAuthBlock authentication block to be included in a + * lt;saml:SubjectConfirmationData> element; may include + * the "Stammzahl" or not; may be empty + * @param xmlIdentityLink the IdentityLink + * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe + * an empty string if the signer certificate should not be provided. + * Will be ignored if the businessService parameter is + * set to false. + * @param businessService true if the online application is a + * business service, otherwise false + * @return the <saml:Assertion> + * @throws BuildException if an error occurs during the build process + */ + public String build( + AuthenticationData authData, + String xmlPersonData, + String xmlAuthBlock, + String xmlIdentityLink, + String bkuURL, + String signerCertificateBase64, + boolean businessService, + List extendedSAMLAttributes) + throws BuildException + { + + String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; + if (authData.isPublicAuthority()) { + String publicAuthorityIdentification = authData.getPublicAuthorityCode(); + if (publicAuthorityIdentification == null) + publicAuthorityIdentification = "True"; + publicAuthorityAttribute = MessageFormat.format( + PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); + } + + + String signerCertificateAttribute = ""; + if (signerCertificateBase64 != "") { + signerCertificateAttribute = MessageFormat.format( + SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); + } + + String pkType; + String pkValue; + if (businessService) { + pkType = authData.getIdentificationType(); + pkValue = authData.getWBPK(); + + } else { + pkType = URN_PREFIX_BPK; + pkValue = authData.getBPK(); + } + + String assertion; + try { + assertion = MessageFormat.format(AUTH_DATA, new Object[] { + authData.getAssertionID(), + authData.getIssuer(), + authData.getIssueInstant(), + pkType, + pkValue, + StringUtils.removeXMLDeclaration(xmlAuthBlock), + StringUtils.removeXMLDeclaration(xmlIdentityLink), + StringUtils.removeXMLDeclaration(xmlPersonData), + isQualifiedCertificate, + bkuURL, + publicAuthorityAttribute, + signerCertificateAttribute, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building Authentication Data Assertion: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()}); + } + return assertion; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java new file mode 100644 index 000000000..6cc8c1be8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the bPK, as defined in + * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" + * version 1.0.1 from "reference.e-government.gv.at". + * + * @author Paul Schamberger + * @version $Id$ + */ +public class BPKBuilder { + + /** + * Builds the bPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param target "Bereich lt. Verordnung des BKA" + * @return bPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the bPK + */ + public String buildBPK(String identificationValue, String target) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + target == null || + target.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",target=" + target}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java new file mode 100644 index 000000000..3a2ee07de --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Base class for HTML/XML builders providing commonly useful functions. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class Builder { + + /** + * Replaces a given number of occurences of a special tag in an XML or HTML template by a value. + * @param template html template + * @param tag special tag + * @param value value replacing the tag + * @param expected specifies if the tag is expected to present; if true and the tag + * is not present, an exception is thrown; if false and the tag is + * not present, the original string is returned + * @param maxreplacements Set -1 to replace each occurence of tag, or limit replacements by a given positive number + * @return XML or HTML code, the tag replaced + * @throws BuildException when template does not contain the tag + */ + protected String replaceTag( + String template, + String tag, + String value, + boolean expected, + int maxreplacements) + throws BuildException + { + String result = template; + int index = result.indexOf(tag); + if (index < 0) { + if (expected) { + // Substring not found but should + throw new BuildException( + "builder.01", + new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"}); + } + } else { + // replace each occurence + if (maxreplacements == -1) { + return StringUtils.replaceAll(template, tag, value); + } else { + int found = 1; + while (index > -1 && (found <= maxreplacements)) { + result = result.substring(0, index) + value + result.substring(index + tag.length()); + index = result.indexOf(tag); + if (index > -1) found += 1; + } + } + } + return result; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..06c81f49e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.text.MessageFormat; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * Builder for the <VerifyXMLSignatureRequest> structure + * used for presenting certificate information in the secure viewer of the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants { + + /** special tag in the VerifyXMLRequest template to be substituted for a <dsig:Signature> */ + private static final String SIGNATURE_TAG = ""; + + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + + /** + * XML template for the CertInfoVerifyXMLSignatureRequest to be built + */ + static final String CERTINFO_REQUEST = + "" + nl + + "<{0}:VerifyXMLSignatureRequest {2} xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl + + " <{0}:SignatureInfo>" + nl + + " <{0}:SignatureEnvironment>" + nl + + " <{1}:XMLContent xml:space=\"preserve\">" + nl + + " " + nl + + " <{0}:SignatureLocation>//dsig:Signature" + nl + + " " + nl + + ""; + + /** + * Constructor + */ + public CertInfoVerifyXMLSignatureRequestBuilder() { + super(); + } + /** + * Builds the <VerifyXMLSignatureRequest> structure. + * @return the XML structure + * @throws BuildException + */ + public String build(boolean slVersion12) throws BuildException { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + if (slVersion12) { + + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; + + } + + String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); + String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; + + + try { + String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); + certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1); + return certInfoRequest; + } + catch (IOException ex) { + throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..e9a9f308d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -0,0 +1,93 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the <CreateXMLSignatureRequest> structure + * used for requesting a signature under the authentication block from the + * security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CreateXMLSignatureRequestBuilder implements Constants { + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the <moa:CreateXMLSignatureRequest> to be built + */ + private static final String CREATE_XML_SIGNATURE_REQUEST = + "" + nl + + "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + + " <{3}:KeyboxIdentifier>{1}" + nl + + " <{3}:DataObjectInfo Structure=''detached''>" + nl + + " <{4}:DataObject Reference=''''/>" + nl + + "{2}" + + " " + nl + + " <{3}:SignatureInfo>" + nl + + " <{3}:SignatureEnvironment>" + nl + + " <{4}:XMLContent>{0}" + nl + + " " + nl + + " <{3}:SignatureLocation Index=''2''>/saml:Assertion" + nl + + " " + nl + + ""; + + + /** + * Constructor for CreateXMLSignatureRequestBuilder. + */ + public CreateXMLSignatureRequestBuilder() { + super(); + } + + /** + * Builds the <CreateXMLSignatureRequest>. + * + * @param authBlock String representation of XML authentication block + * @param keyBoxIdentifier the key box identifier which will be used (e.g. CertifiedKeypair) + * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not + * @return String representation of <CreateXMLSignatureRequest> + */ + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) { + dsigTransformInfosString += dsigTransformInfos[i]; + } + + if (slVersion12) { + + // replace the SecurityLayer namespace prefixes and URIs within the transforms + dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, + SL10_PREFIX, SL12_PREFIX, + SL10_NS_URI, SL12_NS_URI); + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; + + } + + String request = MessageFormat.format( + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, + keyBoxIdentifier, + dsigTransformInfosString, + sl11Prefix, + sl10Prefix, + slNsDeclaration }); + + return request; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java new file mode 100644 index 000000000..30cc1df5a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Builds a DataURL parameter meant for the security layer implementation + * to respond to. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class DataURLBuilder { + + /** + * Constructor for DataURLBuilder. + */ + public DataURLBuilder() { + super(); + } + + /** + * Constructs a data URL for VerifyIdentityLink or VerifyAuthenticationBlock, + * including the MOASessionID as a parameter. + * + * @param authBaseURL base URL (context path) of the MOA ID Authentication component, + * including a trailing '/' + * @param authServletName request part of the data URL + * @param sessionID sessionID to be included in the dataURL + * @return String + */ + public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { + + String individualDataURLPrefix = null; + String dataURL; + try { + //check if an individual prefix is configured + individualDataURLPrefix = AuthConfigurationProvider.getInstance(). + getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); + + if (null != individualDataURLPrefix) { + + //check individualDataURLPrefix + if(!individualDataURLPrefix.startsWith("http")) + throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); + + //when ok then use it + dataURL = individualDataURLPrefix + authServletName; + } else + dataURL = authBaseURL + authServletName; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); + dataURL = authBaseURL + authServletName; + } + + dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); + return dataURL; + } + + /** + * Method addParameter. + * @param urlString represents the url + * @param paramname is the parameter to be added + * @param value is the value of that parameter + * @return String + */ + private String addParameter(String urlString, String paramname, String value) { + String url = urlString; + if (paramname != null) { + if (url.indexOf("?") < 0) + url += "?"; + else + url += "&"; + url += paramname + "=" + value; + } + return url; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java new file mode 100644 index 000000000..0d0595b69 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting the security layer implementation + * to get the identity link from smartcard by a <InfoboxReadRequest>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetIdentityLinkFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for certificate info XML request */ + private static final String CERTINFO_XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the certificate info data URL */ + private static final String CERTINFO_DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ + private static final String PUSHINFOBOX_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Anmeldung mit Bürgerkarte" + nl + + "" + nl + + "" + nl + + "
" + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + "
" + nl + + " " + nl + + " " + nl + +// " " + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor for GetIdentityLinkFormBuilder. + */ + public GetIdentityLinkFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, + String bkuURL, + String xmlRequest, + String dataURL, + String certInfoXMLRequest, + String certInfoDataURL, + String pushInfobox) + throws BuildException + { + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; +// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); +//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); + htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL); + htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); + return htmlForm; + } + /** + * Encodes a string for inclusion as a parameter in the form. + * Double quotes are substituted by "&quot;". + * @param s the string to be encoded + * @return the string encoded + * @throws BuildException on any exception encountered + */ + public static String encodeParameter(String s) throws BuildException { + StringReader in = new StringReader(s); + StringWriter out = new StringWriter(); + try { + for (int ch = in.read(); ch >= 0; ch = in.read()) { + if (ch == '"') + out.write("""); + else if (ch == '<') + out.write("<"); + else if (ch == '>') + out.write(">"); + else if (ch == 'ä') + out.write("ä"); + else if (ch == 'ö') + out.write("ö"); + else if (ch == 'ü') + out.write("ü"); + else if (ch == 'Ä') + out.write("Ä"); + else if (ch == 'Ö') + out.write("Ö"); + else if (ch == 'Ü') + out.write("Ü"); + else if (ch == 'ß') + out.write("ß"); + else + out.write(ch); + } + } + catch (IOException ex) { + throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); + } + return out.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java new file mode 100644 index 000000000..c2bafe43b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class InfoboxReadRequestBuilder implements Constants { + + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * + * @return <InfoboxReadRequest> as String + */ + public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java new file mode 100644 index 000000000..038e549be --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class provides one method for building parameters needed for + * validating an infobox token. + * + * @author Harald Bratko + */ +public class InfoboxValidatorParamsBuilder { + + // hide the default constructor + private InfoboxValidatorParamsBuilder() { + } + + /** + * Builds the parameters passed to the validator class for validating an infobox token. + * + * @param session The actual Authentication session. + * @param verifyInfoboxParameter The configuration parameters for the infobox. + * @param infoboxTokenList Contains the infobox token to be validated. + * @param hideStammzahl Indicates whether source pins (Stammzahlen) + * should be hidden in any SAML attributes returned by + * an infobox validator. + * + * @return Parameters for validating an infobox token. + */ + public static InfoboxValidatorParams buildInfoboxValidatorParams( + AuthenticationSession session, + VerifyInfoboxParameter verifyInfoboxParameter, + List infoboxTokenList, + boolean hideStammzahl) + { + InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); + IdentityLink identityLink = session.getIdentityLink(); + + // the infobox token to validate + infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); + // configuration parameters + infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); + infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); + infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); + // authentication session parameters + infoboxValidatorParams.setBkuURL(session.getBkuURL()); + infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); + // parameters from the identity link + infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); + infoboxValidatorParams.setGivenName(identityLink.getGivenName()); + infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); + if (verifyInfoboxParameter.getProvideStammzahl()) { + infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); + } + infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); + infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); + if (verifyInfoboxParameter.getProvideIdentityLink()) { + Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); + if (!verifyInfoboxParameter.getProvideStammzahl()) { + Element identificationValueElem = + (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + if (identificationValueElem != null) { + identificationValueElem.getFirstChild().setNodeValue(""); + } + } + infoboxValidatorParams.setIdentityLink(identityLinkElem); + } + infoboxValidatorParams.setHideStammzahl(hideStammzahl); + return infoboxValidatorParams; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java new file mode 100644 index 000000000..819ed79bb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builder for the lt;pr:Person> element to be inserted + * in the authentication data lt;saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PersonDataBuilder { + + /** + * Constructor for PersonDataBuilder. + */ + public PersonDataBuilder() { + super(); + } + /** + * Builds the <pr:Person> element.
+ * Utilizes the parsed <prPerson> from the identity link + * and the information regarding inclusion of "Stammzahl" in the + * <pr:Person> data. + * + * @param identityLink IdentityLink containing the + * attribute prPerson + * @param provideStammzahl true if "Stammzahl" is to be included; + * false otherwise + * @return the <pr:Person> element as a String + * @throws BuildException on any error + */ + public String build(IdentityLink identityLink, boolean provideStammzahl) + throws BuildException { + + try { + Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); + if (! provideStammzahl) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); + //remove IdentificationValue + prIdentification.getFirstChild().setNodeValue(""); + } + String xmlString = DOMUtils.serializeNode(prPerson); + return xmlString; + } + catch (Exception ex) { + throw new BuildException( + "builder.00", + new Object[] {"PersonData", ex.toString()}, + ex); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java new file mode 100644 index 000000000..27e19e830 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.ByteArrayOutputStream; +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Builder for the SAML artifact, as defined in the + * Browser/Artifact profile of SAML. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactBuilder { + + /** + * Constructor for SAMLArtifactBuilder. + */ + public SAMLArtifactBuilder() { + super(); + } + + /** + * Builds the SAML artifact, encoded BASE64. + *
    + *
  • TypeCode: 0x0001.
    • + *
  • SourceID: SHA-1 hash of the authURL
    • + *
  • AssertionHandle: SHA-1 hash of the MOASessionID
    • + *
+ * @param authURL URL auf the MOA-ID Auth component to be used for construction + * of SourceID + * @param sessionID MOASessionID to be used for construction + * of AssertionHandle + * @return the 42-byte SAML artifact, encoded BASE64 + */ + public String build(String authURL, String sessionID) throws BuildException { + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID = md.digest(authURL.getBytes()); + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java new file mode 100644 index 000000000..64cb16181 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -0,0 +1,91 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the lt;samlp:Response> used for passing + * result and status information from the GetAuthenticationData + * web service. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseBuilder implements Constants { + /** XML - Template for samlp:Response */ + private static final String RESPONSE = + "" + + "" + + " " + + " " + + " {4}" + + " " + + " {5}" + + " " + + " {6}" + + ""; + /** XML - Template for samlp:StatusCode */ + private static final String SUB_STATUS_CODE = + ""; + + /** + * Constructor for SAMLResponseBuilder. + */ + public SAMLResponseBuilder() { + super(); + } + /** + * Builds the SAML response. + * @param responseID response ID + * @param inResponseTo request ID of lt;samlp:Request> responded to + * @param issueInstant current timestamp + * @param statusCode status code + * @param subStatusCode sub-status code refining the status code; may be null + * @param statusMessage status message + * @param samlAssertion SAML assertion representing authentication data + * @return SAML response as a DOM element + */ + public Element build( + String responseID, + String inResponseTo, + String issueInstant, + String statusCode, + String subStatusCode, + String statusMessage, + String samlAssertion) + throws BuildException { + + try { + String xmlSubStatusCode = + subStatusCode == null ? + "" : + MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); + + String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { + responseID, + inResponseTo, + issueInstant, + statusCode, + xmlSubStatusCode, + statusMessage, + StringUtils.removeXMLDeclaration(samlAssertion) }); + Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return domResponse; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "samlp:Response", ex.toString() }, + ex); + } + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java new file mode 100644 index 000000000..312179e73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java @@ -0,0 +1,63 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for the BKU selection form requesting the user to choose + * a BKU from a list. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SelectBKUFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the form action which is + * a URL of MOA-ID Auth */ + private static final String ACTION_TAG = ""; + /** special tag in the HTML template to be substituted for the <select;gt; tag + * containing the BKU selection options */ + private static final String SELECT_TAG = ""; + /** + * Template for the default html-code to be returned as security-layer-selection to be built + */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Auswahl der Bürgerkartenumgebung" + nl + + "" + nl + + "" + nl + + "
" + nl + + SELECT_TAG + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor + */ + public SelectBKUFormBuilder() { + super(); + } + /** + * Method build. Builds the form + * @param htmlTemplate to be used + * @param startAuthenticationURL the url where the startAuthenticationServlet can be found + * @param bkuSelectTag if a special bku should be used + * @return String + * @throws BuildException on any error + */ + public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) + throws BuildException { + + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1); + htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1); + return htmlForm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..758f28150 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,206 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <VerifyXMLSignatureRequestBuilder> structure + * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilder { + + /** shortcut for XMLNS namespace URI */ + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** shortcut for MOA namespace URI */ + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + /** The DSIG-Prefix */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** The document containing the VerifyXMLsignatureRequest */ + private Document requestDoc_; + /** the VerifyXMLsignatureRequest root element */ + private Element requestElem_; + + + /** + * Builds the body for a VerifyXMLsignatureRequest including the root + * element and namespace declarations. + * + * @throws BuildException If an error occurs on building the document. + */ + public VerifyXMLSignatureRequestBuilder() throws BuildException { + try { + DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + requestDoc_ = docBuilder.newDocument(); + requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + } catch (Throwable t) { + throw new BuildException( + "builder.00", + new Object[] {"VerifyXMLSignatureRequest", t.toString()}, + t); + } + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(IdentityLink identityLink, String trustProfileID) + throws ParseException + { + try { + // build the request + Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); + dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + String serializedAssertion = identityLink.getSerializedSamlAssertion(); + String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + // add the transforms + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + for (int i = 0; i < dsigTransforms.length; i++) { + Element verifyTransformsInfoProfileElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); + verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed AUTH-Block with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build( + CreateXMLSignatureResponse csr, + String[] verifyTransformsInfoProfileID, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + // insert the SAML assertion + xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java new file mode 100644 index 000000000..90d79a46d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -0,0 +1,383 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.util.Date; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * Session data to be stored between AuthenticationServer API calls. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationSession { + + private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + + /** + * session ID + */ + private String sessionID; + /** + * "Geschäftsbereich" the online application belongs to; maybe null + * if the online application is a business application + */ + private String target; + /** + * public online application URL requested + */ + private String oaURLRequested; + /** + * public online application URL prefix + */ + private String oaPublicURLPrefix; + /** + * URL of MOA ID authentication component + */ + private String authURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; + /** + * identity link read from smartcard + */ + private IdentityLink identityLink; + /** + * authentication block to be signed by the user + */ + private String authBlock; + /** + * timestamp logging when authentication session has been created + */ + private Date timestampStart; + /** + * timestamp logging when identity link has been received + */ + private Date timestampIdentityLink; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + + /** + * SAML attributes from an extended infobox validation to be appended + * to the SAML assertion delivered to the final online application. + */ + private List extendedSAMLAttributesOA; + + /** + * The boolean value for either a target or a wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + */ + private boolean samlAttributeGebeORwbpk; + + /** + * SAML attributes from an extended infobox validation to be appended + * to the SAML assertion of the AUTHBlock. + */ + private List extendedSAMLAttributesAUTH; + + /** + * The issuing time of the AUTH-Block SAML assertion. + */ + private String issueInstant; + + /** + * Constructor for AuthenticationSession. + * + * @param id Session ID + */ + public AuthenticationSession(String id) { + sessionID = id; + setTimestampStart(); + } + + /** + * Returns the identityLink. + * @return IdentityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * Returns the sessionID. + * @return String + */ + public String getSessionID() { + return sessionID; + } + + /** + * Sets the identityLink. + * @param identityLink The identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * Sets the sessionID. + * @param sessionId The sessionID to set + */ + public void setSessionID(String sessionId) { + this.sessionID = sessionId; + } + + /** + * Returns the oaURLRequested. + * @return String + */ + public String getOAURLRequested() { + return oaURLRequested; + } + + /** + * Returns the oaURLRequested. + * @return String + */ + public String getPublicOAURLPrefix() { + return oaPublicURLPrefix; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the target. + * @return String + */ + public String getTarget() { + return target; + } + + /** + * Sets the oaURLRequested. + * @param oaURLRequested The oaURLRequested to set + */ + public void setOAURLRequested(String oaURLRequested) { + this.oaURLRequested = oaURLRequested; + } + + /** + * Sets the oaPublicURLPrefix + * @param oaPublicURLPrefix The oaPublicURLPrefix to set + */ + public void setPublicOAURLPrefix(String oaPublicURLPrefix) { + this.oaPublicURLPrefix = oaPublicURLPrefix; + } + + /** + * Sets the bkuURL + * @param bkuURL The BKU URL to set + */ + public void setBkuURL(String bkuURL) { + this.bkuURL = bkuURL; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix will be stripped off. + * @param target The target to set + */ + public void setTarget(String target) { + if (target != null && target.startsWith(TARGET_PREFIX_)) + { + // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix + this.target = target.substring(TARGET_PREFIX_.length()); + Logger.debug("Target prefix stripped off; resulting target: " + this.target); + } + else + { + this.target = target; + } + } + + /** + * Returns the authURL. + * @return String + */ + public String getAuthURL() { + return authURL; + } + + /** + * Sets the authURL. + * @param authURL The authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + + /** + * Returns the authBlock. + * @return String + */ + public String getAuthBlock() { + return authBlock; + } + + /** + * Sets the authBlock. + * @param authBlock The authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + /** + * Returns the timestampIdentityLink. + * @return Date + */ + public Date getTimestampIdentityLink() { + return timestampIdentityLink; + } + + /** + * Returns the businessService. + * @return true if the corresponding online application is + * a business application, otherwise false + */ + public boolean getBusinessService() { + return businessService; + } + + /** + * Sets the businessService variable. + * @param businessService the value for setting the businessService variable. + */ + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + /** + * Returns the timestampStart. + * @return Date + */ + public Date getTimestampStart() { + return timestampStart; + } + + /** + * Sets the current date as timestampIdentityLink. + */ + public void setTimestampIdentityLink() { + timestampIdentityLink = new Date(); + } + + /** + * Sets the current date as timestampStart. + */ + public void setTimestampStart() { + timestampStart = new Date(); + } + + /** + * @return template URL + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * @param string the template URL + */ + public void setTemplateURL(String string) { + templateURL = string; + } + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe null. + */ + public List getExtendedSAMLAttributesAUTH() { + return extendedSAMLAttributesAUTH; + } + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock. + */ + public void setExtendedSAMLAttributesAUTH( + List extendedSAMLAttributesAUTH) { + this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; + } + + /** + * Returns the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. Maybe null. + * + * @return The SAML Attributes to be appended to the SAML assertion + * delivered to the online application + */ + public List getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; + } + + /** + * Sets the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. + * + * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML + * assertion delivered to the online application. + */ + public void setExtendedSAMLAttributesOA( + List extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; + } + + /** + * Returns the boolean value for either a target or a wbPK is + * provided as SAML Attribute in the SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute + * in the SAML Assertion or false if not. + */ + public boolean getSAMLAttributeGebeORwbpk() { + return this.samlAttributeGebeORwbpk; + } + + /** + * Sets the boolean value for either a target or a wbPK is + * provided as SAML Attribute in the SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk The boolean for value either a target or + * wbPK is provided as SAML Attribute in the SAML Assertion or not. + */ + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; + } + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java new file mode 100644 index 000000000..d121f2c55 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * This bean saves all information of the CreateXMLSignature-Response: + * a {@link SAMLAttribute} array, the SamlAssertion-Element and the + * saml NameIdentifier + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class CreateXMLSignatureResponse { + /** the samlNameIdentifier */ +private String samlNameIdentifier; + /** an array of saml-attributes */ +private SAMLAttribute[] samlAttributes; + /** + * the original saml:Assertion-Element + */ + private Element samlAssertion; +/** + * Returns the samlAssertion. + * @return Element + */ +public Element getSamlAssertion() { + return samlAssertion; +} + +/** + * Returns the samlAttribute. + * @return SAMLAttribute[] + */ +public SAMLAttribute[] getSamlAttributes() { + return samlAttributes; +} + +/** + * Returns the samlNameIdentifier. + * @return String + */ +public String getSamlNameIdentifier() { + return samlNameIdentifier; +} + +/** + * Sets the samlAssertion. + * @param samlAssertion The samlAssertion to set + */ +public void setSamlAssertion(Element samlAssertion) { + this.samlAssertion = samlAssertion; +} + +/** + * Sets the samlAttribute. + * @param samlAttributes The samlAttributes to set + */ +public void setSamlAttributes(SAMLAttribute[] samlAttributes) { + this.samlAttributes = samlAttributes; +} + +/** + * Sets the samlNameIdentifier. + * @param samlNameIdentifier The samlNameIdentifier to set + */ +public void setSamlNameIdentifier(String samlNameIdentifier) { + this.samlNameIdentifier = samlNameIdentifier; +} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java new file mode 100644 index 000000000..795079227 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * A SAML-Attribute to be appended to the final SAML-Assertion + * that will be passed to the online application. + */ +public interface ExtendedSAMLAttribute { + /** + * Add this attribute only to the SAML-Assertion + * passed to the online application, but not to + * the AUTH-Block. + */ + public final static int NOT_ADD_TO_AUTHBLOCK = 0; + /** + * Add this attribute to both, the AUTH-Block and the + * final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK = 1; + /** + * Add this attribute to only the AUTH-Block, but not + * to the final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK_ONLY = 2; + + /** + * The value of the SAML-Attribute. This must be either a + * org.w3c.Element or a java.lang.String + * object. Each other type will be ignored.
+ * If, for example, the type of the actual SAML-Attribute is a + * <xsd:boolean> the value must be either the String + * "true" or "false". + * Or the <xsd:integer> number 273 + * has to be the String "273". + * + * @return The value of the SAML-Attribute. Must not be null. + */ + public Object getValue(); + + /** + * The name of the SAML-Attribute. + * + * @return The name of the SAML-Attribute. Must not be null. + */ + public String getName(); + + /** + * The namespace of the SAML-Attribute. + * An application will use the context specific namespace URI for the attribute it returns. + * However, if the application cannot explicitely assign a namespace URI, the + * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI + * should be used. + * + * @return The namespace of the SAML-Attribute. Must not be null. + */ + public String getNameSpace(); + + /** + * Specifies if this SAML-Attribute should be added to the AUTH-Block. + *
+ * Depending on the returned value, this SAML-Attribute should be only added to the + * final SAML-Assertion passed to the online application (0), to both, the final + * assertion and the AUTH-Block (1) or to the AUTH-Block only (2). + * + * @return
    + *
  • 0 - add this SAML-Attribute to the final SAML-Assertion only
    • + *
  • 1 - add this SAML-Attribute to both, the final SAML-Assertion and the + * AUTH-Block
    • + *
  • 2 - add this SAML-Attribute to the AUTH-Block only + *
+ */ + public int getAddToAUTHBlock(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java new file mode 100644 index 000000000..e7e490924 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -0,0 +1,137 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This class contains SAML attributes to be appended to the SAML assertion delivered to + * the Online application. + * + * @author Harald Bratko + */ +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { + + /** + * The value of this SAML attribute. Must be either of type java.lang.String + * or org.w3c.Element. + */ + protected Object value_; + + /** + * The name of this SAML attribute. + */ + protected String name_; + + /** + * The namespace URI of this SAML attribute. + */ + protected String namespace_; + + /** + * Specifies whether this SAML attribute should be appended to AUTH Block. + */ + protected int addToAUTHBlock_; + + /** + * Sets this ExtendedSAMLAttribute. + * @param name The name of this SAML Attribute. + * @param value The value of this SAML Attribute. Must be either of type + * java.lang.String or org.w3c.dom.Element. + * @param namespace The namespace of this SAML Attribute. + * @param addToAUTHBlock Specifies if this SAML Attribute should be added to the AUTHBlock. + * The following values are allowed: + *
    + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + *
    • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + *
    • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + *
    • + *
+ * + */ + public ExtendedSAMLAttributeImpl(String name, Object value, String namespace, int addToAUTHBlock) { + name_ = name; + value_ = value; + namespace_ = namespace; + addToAUTHBlock_ = addToAUTHBlock; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue() + */ + public Object getValue() { + return value_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName() + */ + public String getName() { + return name_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace() + */ + public String getNameSpace() { + return namespace_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock() + */ + public int getAddToAUTHBlock() { + return addToAUTHBlock_; + } + + /** + * Specifies if this SAML Attribute should be added to the AUTHBlock. + * + * @param addToAUTHBlock One of the following values: + *
    + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + *
    • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + *
    • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + *
    • + *
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + */ + public void setAddToAUTHBlock(int addToAUTHBlock) { + addToAUTHBlock_ = addToAUTHBlock; + } + + /** + * Sets the name of this SAML attribute. + * + * @param name The name of this SAML attribute. + */ + public void setName(String name) { + name_ = name; + } + + /** + * Sets the namespace of this SAML attribute. + * + * @param namespace The namespace to set. + */ + public void setNamespace(String namespace) { + namespace_ = namespace; + } + + /** + * Sets the value of this SAML attribute. + * + * @param value The value of this SAML Attribute. Must be either of type + * java.lang.String or org.w3c.dom.Element. + */ + public void setValue(Object value) { + value_ = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java new file mode 100644 index 000000000..844451035 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -0,0 +1,266 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.util.DOMUtils; + + +/** + * Data contained in an identity link issued by BMI, relevant to the MOA ID component. + *
"IdentityLink" is the translation of "Personenbindung". + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLink { + /** + * "identificationValue" is the translation of "Stammzahl". + */ + private String identificationValue; + /** + * "identificationType" type of the identificationValue in the IdentityLink. + */ + private String identificationType; + /** + * first name + */ + private String givenName; + /** + * family name + */ + private String familyName; + + /** + * The name as (givenName + familyName) + */ + private String name; + /** + * date of birth + */ + private String dateOfBirth; + /** + * the original saml:Assertion-Element + */ + private Element samlAssertion; + /** + * the serializes saml:Assertion + */ + private String serializedSamlAssertion; + /** + * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person + */ + private Element prPerson; + /** + * we need for each dsig:Reference Element all + * transformation elements + */ + private Element[] dsigReferenceTransforms; + + /** + * The issuing time of the identity link SAML assertion. + */ + private String issueInstant; + + /** + * we need all public keys stored in + * the identity link + */ + private PublicKey[] publicKey; + + /** + * Constructor for IdentityLink + */ + public IdentityLink() { + } + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the name. + * @return The name. + */ + public String getName() { + if (name == null) { + name = givenName + " " + familyName; + } + return name; + } + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(String dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Returns the samlAssertion. + * @return Element + */ + public Element getSamlAssertion() { + return samlAssertion; + } + + /** + * Returns the samlAssertion. + * @return Element + */ + public String getSerializedSamlAssertion() { + return serializedSamlAssertion; + } + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + this.samlAssertion = samlAssertion; + this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); + } + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + public Element[] getDsigReferenceTransforms() { + return dsigReferenceTransforms; + } + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + this.dsigReferenceTransforms = dsigReferenceTransforms; + } + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + public PublicKey[] getPublicKey() { + return publicKey; + } + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + public void setPublicKey(PublicKey[] publicKey) { + this.publicKey = publicKey; + } + + /** + * Returns the prPerson. + * @return Element + */ + public Element getPrPerson() { + return prPerson; + } + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + public void setPrPerson(Element prPerson) { + this.prPerson = prPerson; + } + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java new file mode 100644 index 000000000..6b1f24aba --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * Contains an infobox token included in an InfoboxReadResponse. + * Depending on whether the token is extracted from an XMLContent or a + * Base64Content it is either returned as DOM element + * ({@link #getXMLToken()}) or base64 encoded string ({@link #getBase64Token()}). + * + * @author Harald Bratko + */ +public interface InfoboxToken { + + /** + * The key of the corresponding infobox. + * This is the value of Key attribute of the <Pair> child + * element in an <AssocArrayData> content of an InfoboxReadResponse. + * Maybe null if the InfoboxReadResponse conatains BinaryFileData. + * + * + * @return The key identifier of the corresponding infobox. + */ + public String getKey(); + + /** + * Specifies if this token is the first token (e.g in an array of tokens) included in an + * InfoboxReadResponse. If true this token is the token to be + * validated by a corresponding + * {@link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator InfoboxValidator}. + * If false this token maybe needed to validate the primary token. + * + * @return True if this token is the first token. + */ + public boolean isPrimary(); + + /** + * Returns the infobox token. + * Maybe null if the token is returned by method {@link #getBase64Token()} + * as base64 encoded string. + *
+ * Note that this token is not validated against the + * application specific schema (e.g. Mandates schema in the mandates context). + * Thus the validating application has to validate the token + * against the appropriate schema. + * + * @return The infobox token. If null the token is returned by method + * {@link #getBase64Token()} as base64 encoded string. + */ + public Element getXMLToken(); + + /** + * Returns the infobox token. + * Maybe null if the token is returned by method {@link #getXMLToken()} + * as a DOM element. + *
+ * Note, that the base64 encoded string actually may include more than one infobox + * elements. + * + * @return The infobox token. If null the token is returned by method + * {@link #getBase64Token()} as base64 encoded string. + */ + public String getBase64Token(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java new file mode 100644 index 000000000..f1ff30a8a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java @@ -0,0 +1,129 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * This class contains an infobox token. + * + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken + * + * @author Harald Bratko + */ +public class InfoboxTokenImpl implements InfoboxToken { + + /** + * The key of the infobox token. + */ + private String key_; + + /** + * Specifies whether this token is the primary (first in an array) token. + */ + private boolean primary_; + + /** + * The infobox token. + */ + private Element xmlToken_; + + /** + * The base64 encoded infobox token. + */ + private String base64Token_; + + /** + * Sets an XML infobox token. + * + * @param key The key of the infobox token. + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false + * @param xmlToken The infobox token. + */ + public InfoboxTokenImpl(String key, boolean primary, Element xmlToken) { + key_ = key; + primary_ = primary; + xmlToken_ = xmlToken; + base64Token_ = null; + } + + /** + * Sets a base64 encoded infobox token. + * + * @param key The key of the infobox token. + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false + * @param base64Token The base64 encoded infobox token. + */ + public InfoboxTokenImpl(String key, boolean primary, String base64Token) { + key_ = key; + primary_ = primary; + base64Token_ = base64Token; + xmlToken_ = null; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getKey() + */ + public String getKey() { + return key_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#isPrimary() + */ + public boolean isPrimary() { + return primary_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getXMLToken() + */ + public Element getXMLToken() { + return xmlToken_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getBase64Token() + */ + public String getBase64Token() { + return base64Token_; + } + + /** + * Sets the key of the infobox token. + * + * @param key The key of the infobox token. + */ + public void setKey(String key) { + key_ = key; + } + + /** + * Specifies whether this token is the primary (e.g. first in an array) token. + * + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false. + */ + public void setPrimary(boolean primary) { + primary_ = primary; + } + + /** + * Sets the base64 encoded token. + * + * @param base64Token The base64 encoded token. + */ + public void setBase64Token(String base64Token) { + base64Token_ = base64Token; + } + + /** + * Sets the infobox token. + * + * @param xmlToken The infobox token. + */ + public void setXmlToken(Element xmlToken) { + xmlToken_ = xmlToken; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java new file mode 100644 index 000000000..b8dd7f18e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.auth.data; + + +/** + * Includes the result of an extended infobox validation. + * + * If validation succeeds, an array of + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} + * maybe provided. Each of these SAML-Attributes will be either appended to the + * final SAML-Assertion passed to the online application or to the AUTH-Block, + * or to both. + *
+ * If validation fails the implementing class has to provide a short error message. + * + * @author Harald Bratko + */ +public interface InfoboxValidationResult { + + /** + * The method returns true if validation succeeds. In that case + * method {@link #getExtendedSamlAttributes()} may provide an array of + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the + * AUTH-Block or to both. + *
+ * The method returns false if validation fails. In that case + * method {@link #getErrorMessage()} has to provide a short error description. + * + * @return True if validation succeeds, + * otherwise false. + */ + public boolean isValid(); + + /** + * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application. + * The SAML-Attributes in that array will be added to the final + * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged + * in the array this method returns. + * + * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application, the AUTH-Block, or both. If no attributes should + * be added this array maybe null or empty. + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes(); + + /** + * A short error description that should be displayed by MOA-ID if + * validation of the InfoBoxReadResponse fails. + * + * @return An short error message if validation fails. + */ + public String getErrorMessage(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java new file mode 100644 index 000000000..97f52fb55 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -0,0 +1,101 @@ +package at.gv.egovernment.moa.id.auth.data; + + +/** + * Default implementation of the {@link InfoboxValidationResult} interface. + * + * @author Harald Bratko + */ +public class InfoboxValidationResultImpl implements InfoboxValidationResult { + + /** + * Indicates whether the validation was successful or not. + */ + protected boolean valid_; + + /** + * The error message. + */ + protected String errorMessage_; + + /** + * The SAML attributes returned by the infobox validator. + */ + protected ExtendedSAMLAttribute[] extendedSamlAttributes_; + + /** + * Empty constructor. + */ + public InfoboxValidationResultImpl() { + } + + /** + * Constructor to set all values. + * + * @param valid Global validation result. + * @param extendedSamlAttributes SAML attributes that should be appended to the final + * SAML Assertion or to the AUTH Block + * or to both. + * @param errorMessage An error message if infobox validation fails. + */ + public InfoboxValidationResultImpl( + boolean valid, + ExtendedSAMLAttribute[] extendedSamlAttributes, + String errorMessage) + { + valid_ = valid; + extendedSamlAttributes_ = extendedSamlAttributes; + errorMessage_ = errorMessage; + } + + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage() + */ + public String getErrorMessage() { + return errorMessage_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + return extendedSamlAttributes_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid() + */ + public boolean isValid() { + return valid_; + } + + /** + * Sets the error message if validation fails.. + * + * @param errorMessage The error message to set. + */ + public void setErrorMessage(String errorMessage) { + errorMessage_ = errorMessage; + } + + /** + * Sets the SAML attributes returned by the infobox validatior.. + * + * @param extendedSamlAttributes The SAML attributes returned by the infobox validator. + */ + public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) { + extendedSamlAttributes_ = extendedSamlAttributes; + } + + /** + * Sets validation result.. + * + * @param valid True if the infobox could be validated successfully, + * otherwise false. + */ + public void setValid(boolean valid) { + valid_ = valid; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java new file mode 100644 index 000000000..c7a557290 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -0,0 +1,172 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.PublicKey; +import java.util.List; + +import org.w3c.dom.Element; + +/** + * Parameters for validating an infobox. + * + * This interface is used by MOA-ID to provide parameters to an + * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator + * InfoboxValidator}. + * + * @author Harald Bratko + */ +public interface InfoboxValidatorParams { + + /** + * Returns a list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. The first token in this list is the one to be validated. Each further token + * maybe needed to validate this first token. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. + */ + public List getInfoboxTokenList(); + + /** + * Returns the ID of the trust profile to be used for validating + * certificates. Maybe ignored by a validator, if no certificates + * has to be validated. + * + * @return The ID of a trust profile. + */ + public String getTrustProfileID(); + + /** + * Returns schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link Schema} specifying the location + * of an XML schema. + * + * @return A list of {@link Schema} objects each of them specifying the + * location of an XML schema. + */ + public List getSchemaLocations(); + + /** + * Returns the URL of the BKU. + * Maybe needed by a validator. + * + * @return The url of the BKU. + */ + public String getBkuURL(); + + /** + * Returns the target parameter. + * null in the case of a business service. + * + * @return The target parameter. + */ + public String getTarget(); + + /** + * Returns true if the application is a business + * service, otherwise false. This may be useful + * for the validating application. + * + * @return True if the application is a business + * service, otherwise false + */ + public boolean getBusinessApplication(); + + /** + * Returns the family name from the identity link. + * Maybe needed by a validator. + * + * @return The family name from the identity link. + */ + public String getFamilyName(); + + /** + * Returns the given name from the identity link. + * Maybe needed by a validator. + * + * @return The given name from the identity link. + */ + public String getGivenName(); + + /** + * The date of birth from the identity link. + * The method returns the value of the + * element from the identity link. + * Maybe needed by a validator. + * + * @return The date of birth from the identity link. + */ + public String getDateOfBirth(); + + /** + * Returns he identification value from the identity + * link. This may be the Stammzahl + * in the case of a public application or the + * wbPK in the case of a business + * application. This parameter is only returned + * if specified within the config file. + * + * @return The identification value from the identity link. + */ + public String getIdentificationValue(); + + /** + * Returns the type of the identification value + * from the identity link. This may be + * especially of interest for business + * applications. + * + * @return The type of the identification value + * from the identity link. + */ + public String getIdentificationType(); + + /** + * Returns the public keys from the identity link. + * Maybe needed by the application. + * + * @return PublicKey[] The public keys from the + * identity link. + */ + public PublicKey[] getPublicKeys(); + + /** + * Returns the identity link. + * A validator may need other data from the identity link, than + * family name, given name, date of birth and identification value. + * The identity link element is only returned if specified within the + * config file. + * + * @return The identity link. + */ + public Element getIdentityLink(); + + /** + * Indicates whether source pins (Stammzahlen) should be hidden or not. + * If an online application lying behind MOA-ID is not allowed to get source pins + * (Stammzahlen), any source pins within SAML attributes + * returned by the validator must suppressed:
+ * If the parameter getHideStammzahl is true, then the validator + * MUST hide (replace by an empty string) any source pin (Stammzahl) + * that may be included in a SAML attribute returned by the validator. + * + * @return true if source pins (Stammzahlen) must be hidden, + * otherwise false. + */ + public boolean getHideStammzahl(); + + /** + * Returns application specific parameters. + * Each child element of this element contains + * a validating application specific parameter. The + * element is passed as specified within the config + * file and its up to the implementing class to + * parse and interprete its children. + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams(); + +} + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java new file mode 100644 index 000000000..80ba5995f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -0,0 +1,348 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.PublicKey; +import java.util.List; + +import org.w3c.dom.Element; + +/** + * Parameters for validating an infobox. + * + * This interface is used by MOA-ID to provide parameters to an + * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator + * InfoboxValidator}. + * + * @author Harald Bratko + */ +public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { + + /** + * A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects. + * The first token in this list is the one to be validated. Each further token + * maybe needed to validate this first token. + */ + protected List infoboxTokenList_; + + /** + * The ID of the trust profile used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The locations of schemas that maybe needed for validating infobox tokens. + */ + protected List schemaLocations_; + + /** + * The URL of the BKU. + */ + protected String bkuURL_; + + /** + * Specifies whether the current online application is a business or a public application. + */ + protected boolean businessApplication_; + + /** + * The target parameter. + */ + protected String target_; + + /** + * The family name from the identity link. + */ + protected String familyName_; + + /** + * The given name from the identity link. + */ + protected String givenName_; + + /** + * The date of birth from the identity link. + */ + protected String dateOfBirth_; + + /** + * The date of identification value. + */ + protected String identificationValue_; + + /** + * The identification type. + */ + protected String identificationType_; + + /** + * The public keys from the identity link. + */ + protected PublicKey[] publicKeys_; + + /** + * The identity link. + */ + protected Element identityLink_; + + /** + * Indicates whether source pins (Stammzahlen) must be hidden or not. + */ + protected boolean hideStammzahl_; + + /** + * Application specific parameters. + */ + protected Element applicationSpecificParams_; + + /** + * Empty constructor. + */ + public InfoboxValidatorParamsImpl() { + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getInfoboxTokenList() + */ + public List getInfoboxTokenList() { + return infoboxTokenList_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTrustProfileID() + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getSchemaLocations() + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBkuURL() + */ + public String getBkuURL() { + return bkuURL_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTarget() + */ + public String getTarget() { + return target_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() + */ + public boolean getBusinessApplication() { + return businessApplication_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getFamilyName() + */ + public String getFamilyName() { + return familyName_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getGivenName() + */ + public String getGivenName() { + return givenName_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDateOfBirth() + */ + public String getDateOfBirth() { + return dateOfBirth_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationValue() + */ + public String getIdentificationValue() { + return identificationValue_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationType() + */ + public String getIdentificationType() { + return identificationType_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getPublicKeys() + */ + public PublicKey[] getPublicKeys() { + return publicKeys_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentityLink() + */ + public Element getIdentityLink() { + return identityLink_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl() + */ + public boolean getHideStammzahl() { + return hideStammzahl_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams() + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Sets the bku URL. + * + * @param bkuURL The bku URL to set. + */ + public void setBkuURL(String bkuURL) { + bkuURL_ = bkuURL; + } + + /** + * Sets the business application parameter. + * + * @param businessApplication The business application parameter to set. + * (True if the application is a business + * application, otherwies false). + */ + public void setBusinessApplication(boolean businessApplication) { + businessApplication_ = businessApplication; + } + + /** + * Sets the date of birth. + * + * @param dateOfBirth The date of birth. + */ + public void setDateOfBirth(String dateOfBirth) { + dateOfBirth_ = dateOfBirth; + } + + /** + * Sets the family name. + * + * @param familyName The family name. + */ + public void setFamilyName(String familyName) { + familyName_ = familyName; + } + + /** + * Sets the given name. + * + * @param givenName The given name. + */ + public void setGivenName(String givenName) { + givenName_ = givenName; + } + + /** + * Sets the identification type. + * + * @param identificationType The identification type. + */ + public void setIdentificationType(String identificationType) { + identificationType_ = identificationType; + } + + /** + * Sets the identification value. + * + * @param identificationValue The identification value. + */ + public void setIdentificationValue(String identificationValue) { + identificationValue_ = identificationValue; + } + + /** + * Sets the identity link. + * + * @param identityLink The identity link. + */ + public void setIdentityLink(Element identityLink) { + identityLink_ = identityLink; + } + + /** + * Sets the infobox token to be validated. + * + * @param infoboxTokenList A list {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. + */ + public void setInfoboxTokenList(List infoboxTokenList) { + infoboxTokenList_ = infoboxTokenList; + } + + /** + * Sets the public Keys. + * + * @param publicKeys The public keys. + */ + public void setPublicKeys(PublicKey[] publicKeys) { + publicKeys_ = publicKeys; + } + + /** + * Sets the schema locations. + * + * @param schemaLocations The schema locations. A list of + * {@link Schema} objects. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Sets the target. + * + * @param target The target. + */ + public void setTarget(String target) { + target_ = target; + } + + /** + * Sets the ID of the trust profile used for validating certificates. + * + * @param trustProfileID the ID of the trust profile used for validating certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins + * (Stammzahlen) must be hidden or not. + * + * @param hideStammzahl True if source pins (Stammzahlen) should + * be hidden, otherwise false. + */ + public void setHideStammzahl(boolean hideStammzahl) { + hideStammzahl_ = hideStammzahl; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java new file mode 100644 index 000000000..76ba6366d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This bean saves all data of a single SAMLAttribute: + * the name, value and namespace + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class SAMLAttribute { + + /** the name to be stored */ + private String name; + /** the namespace to be stored */ + private String namespace; + /** the value to be stored */ + private Object value; + + /** + * Constructor for SAMLAttribute. + */ + public SAMLAttribute(String name, String namespace, Object value) { + + this.name = name; + this.namespace = namespace; + this.value = value; + + } + + /** + * Returns the name. + * @return String + */ + public String getName() { + return name; + } + + /** + * Returns the namespace. + * @return String + */ + public String getNamespace() { + return namespace; + } + + /** + * Returns the value. + * @return String + */ + public Object getValue() { + return value; + } + + /** + * Sets the name. + * @param name The name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * Sets the namespace. + * @param namespace The namespace to set + */ + public void setNamespace(String namespace) { + this.namespace = namespace; + } + + /** + * Sets the value. + * @param value The value to set + */ + public void setValue(Object value) { + this.value = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java new file mode 100644 index 000000000..c113f16b8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java @@ -0,0 +1,26 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * Specifies the location of a schema. + * + * @author Harald Bratko + */ +public interface Schema { + + /** + * The namespace URI of this schema. + * + * @return The namespace of this schema. + */ + public String getNamespace(); + + /** + * The location URI of this schema. + * Relative paths have to be interpreted relative to the + * location of the MOA-ID config file. + * + * @return The location URI of this schema. + */ + public String getSchemaLocation(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java new file mode 100644 index 000000000..964725416 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java @@ -0,0 +1,63 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This class specifies the location of a schema. + * + * @author Harald Bratko + */ +public class SchemaImpl implements Schema { + + /** + * The namespace of this schema. + */ + protected String namespace_; + + /** + * The location (URI) of this schema; + */ + protected String schemaLocation_; + + /** + * Sets the namespace and schema location URIS of this schema. + * + * @param namespace The namespace URI of this schema. + * @param schemaLocation The location URI of this schema. + */ + public SchemaImpl(String namespace, String schemaLocation) { + namespace_ = namespace; + schemaLocation_ = schemaLocation; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.Schema#getNamespace() + */ + public String getNamespace() { + return namespace_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.Schema#getSchemaLocation() + */ + public String getSchemaLocation() { + return schemaLocation_; + } + + /** + * Sets the namespace. + * + * @param namespace The namespace to set. + */ + public void setNamespace(String namespace) { + namespace_ = namespace; + } + + /** + * Sets the location URI of this schema. + * + * @param schemaLocation The schemaLocation to set. + */ + public void setSchemaLocation(String schemaLocation) { + schemaLocation_ = schemaLocation; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java new file mode 100644 index 000000000..8233d1478 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -0,0 +1,177 @@ +package at.gv.egovernment.moa.id.auth.data; + +import iaik.x509.X509Certificate; + +/** + * This bean saves all information of the MOA-SP-Answer + * after the verification of any signature + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class VerifyXMLSignatureResponse { + /** The xmlDsigSubjectName to be stored */ + private String xmlDsigSubjectName; + /** The signatureCheckCode to be stored */ + private int signatureCheckCode; + /** The xmlDSIGManifestCheckCode to be stored */ + private int xmlDSIGManifestCheckCode; + /** The xmlDSIGManigest to be stored */ + private boolean xmlDSIGManigest; + /** The certificateCheckCode to be stored */ + private int certificateCheckCode; + /** The publicAuthority to be stored */ + private boolean publicAuthority; + /** The publicAuthorityCode to be stored */ + private String publicAuthorityCode; + /** The qualifiedCertificate to be stored */ + private boolean qualifiedCertificate; + /** The x509certificate to be stored */ + private X509Certificate x509certificate; + + /** + * Returns the certificateCheckCode. + * @return int + */ + public int getCertificateCheckCode() { + return certificateCheckCode; + } + + /** + * Returns the signatureCheckCode. + * @return int + */ + public int getSignatureCheckCode() { + return signatureCheckCode; + } + + /** + * Returns the xmlDSIGManifestCheckCode. + * @return int + */ + public int getXmlDSIGManifestCheckCode() { + return xmlDSIGManifestCheckCode; + } + + /** + * Returns the xmlDsigSubjectName. + * @return String + */ + public String getXmlDsigSubjectName() { + return xmlDsigSubjectName; + } + + /** + * Sets the certificateCheckCode. + * @param certificateCheckCode The certificateCheckCode to set + */ + public void setCertificateCheckCode(int certificateCheckCode) { + this.certificateCheckCode = certificateCheckCode; + } + + /** + * Sets the signatureCheckCode. + * @param signatureCheckCode The signatureCheckCode to set + */ + public void setSignatureCheckCode(int signatureCheckCode) { + this.signatureCheckCode = signatureCheckCode; + } + + /** + * Sets the xmlDSIGManifestCheckCode. + * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set + */ + public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { + this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; + } + + /** + * Sets the xmlDsigSubjectName. + * @param xmlDsigSubjectName The xmlDsigSubjectName to set + */ + public void setXmlDsigSubjectName(String xmlDsigSubjectName) { + this.xmlDsigSubjectName = xmlDsigSubjectName; + } + + /** + * Returns the publicAuthorityCode. + * @return int + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityCode The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityCode) { + this.publicAuthorityCode = publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the x509certificate. + * @return X509Certificate + */ + public X509Certificate getX509certificate() { + return x509certificate; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the x509certificate. + * @param x509certificate The x509certificate to set + */ + public void setX509certificate(X509Certificate x509certificate) { + this.x509certificate = x509certificate; + } + + /** + * Returns the xmlDSIGManigest. + * @return boolean + */ + public boolean isXmlDSIGManigest() { + return xmlDSIGManigest; + } + + /** + * Sets the xmlDSIGManigest. + * @param xmlDSIGManigest The xmlDSIGManigest to set + */ + public void setXmlDSIGManigest(boolean xmlDSIGManigest) { + this.xmlDSIGManigest = xmlDSIGManigest; + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java new file mode 100644 index 000000000..a18cf7322 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -0,0 +1,92 @@ +package at.gv.egovernment.moa.id.auth.invoke; + +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.SignatureVerificationService; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; + +/** + * Invoker of the SignatureVerification web service of MOA-SPSS.
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class SignatureVerificationInvoker { + /** This QName Object identifies the SignatureVerification endpoint of the web service */ + private static final QName SERVICE_QNAME = new QName("SignatureVerification"); + + /** + * Method verifyXMLSignature. + * @param request to be sent + * @return Element with the answer + * @throws ServiceException if an error occurs + */ + public Element verifyXMLSignature(Element request) throws ServiceException { + return doCall(SERVICE_QNAME, request); + } + + /** + * Method doCall. + * @param serviceName the name of the service + * @param request the request to be sent + * @return Element the answer + * @throws ServiceException if an error occurs + */ + protected Element doCall(QName serviceName, Element request) throws ServiceException { + ConnectionParameter authConnParam = null; + try { + Service service = ServiceFactory.newInstance().createService(serviceName); + Call call = service.createCall(); + SOAPBodyElement body = new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] { body }; + Vector responses; + SOAPBodyElement response; + + String endPoint; + AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); + authConnParam = authConfigProvider.getMoaSpConnectionParameter(); + //If the ConnectionParameter do NOT exist, we try to get the api to work.... + if (authConnParam != null) { + endPoint = authConnParam.getUrl(); + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(serviceName, params); + response = (SOAPBodyElement) responses.get(0); + return response.getAsDOM(); + } + else { + SignatureVerificationService svs = SignatureVerificationService.getInstance(); + VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); + + VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); + Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); + + Logger.setHierarchy("moa.id.auth"); + return result.getDocumentElement(); + } + } + catch (Exception ex) { + if (authConnParam != null) { + throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); + } else { + throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); + } + } + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java new file mode 100644 index 000000000..a8b870f04 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -0,0 +1,193 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <InfoboxReadResponse> returned from + * the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class CreateXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = Constants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ":CreateXMLSignatureResponse/"; + /** Xpath expression to the SAML:Assertion element */ + private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; + /** Xpath expression to the SAML:NameIdentifier element */ + private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier"; + /** Xpath expression to the AttributeStatement element */ + private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the AttributeValue element */ + private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; + + + /** This is the root element of the CreateXMLsignatureResponse */ + private Element sigResponse_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <CreateXMLSignatureResponse> as String + * + * @throws AuthenticationException if any authentication error occurs + * @throws ParseException if an element cannot be parsed + */ + public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException { + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <InfoboxReadResponse> as InputStream + * + * @throws AuthenticationException If any authentication error occurs + * @throws ParseException If an element cannot be parsed + */ + public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException { + init(is); + } + + /** + * Constructor for CreateXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <InfoboxReadResponse> as InputStream + */ + public CreateXMLSignatureResponseParser(Element xmlResponse) { + sigResponse_ = xmlResponse; + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The CreateXMLSignatureResponse as stream. + * @throws AuthenticationException if an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + */ + private void init(InputStream is) throws AuthenticationException, ParseException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) { + sigResponse_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); + } + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Unmarshalls the <@link sigResponse> to an + * <CreateXMLSignatureResponse> object. + * + * @return a <CreateXMLSignatureResponse> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponse() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + String slPrefix = XPathUtils.getSlPrefix(sigResponse_); + cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); + cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH)); + NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH); + Element samlAttr; + List samlAttributes = new ArrayList(); + while ((samlAttr = (Element) attrIter.nextNode()) != null) { + String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); + String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); + Object attrValue; + Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH); + attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes()); + if (attrValue == null) { + if (null!=attrValueElem.getFirstChild()) { + attrValue = attrValueElem.getFirstChild().getNodeValue(); + } else { + attrValue = ""; + } + } + samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); + } + SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; + samlAttributes.toArray(result); + cResp.setSamlAttributes(result); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } + +// public CreateXMLSignatureResponse parseResponse() throws ParseException { +// CreateXMLSignatureResponse cResp; +// try { +// cResp = new CreateXMLSignatureResponse(); +// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0); +// cResp.setSamlAssertion(samlAssertion); +// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0); +// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0); +// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0); +// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue()); +// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute"); +// List samlAttributes = new ArrayList(); +// for (int i=0; i<ErrorResponse>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class ErrorResponseParser { + + /** + * The error code included in this error response. + * 1000 is used as default value, if some problems occur on + * evaluating the error response. + */ + private String errorCode_ = "1000"; + + /** + * The error info included in this error response. + * <Unklassifizierter Fehler.> is used as default value, + * if some problems occur on evaluating the error response. + */ + private String errorInfo_ = "Unklassifizierter Fehler."; + + + /** + * This Constructor extracts the error code and error info included in this + * error response. + * + * @param errorElement The error element. This is the root element of + * the error response. + */ + public ErrorResponseParser(Element errorElement) throws ParseException { + if (errorElement != null) { + String namespace = errorElement.getNamespaceURI(); + NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode"); + if (nl.getLength() == 1) { + errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + nl = errorElement.getElementsByTagNameNS(namespace, "Info"); + if (nl.getLength() == 1) { + errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + } + } + + /** + * Returns the error code included in this error response. + */ + public String getErrorCode() { + return errorCode_ ; + } + + /** + * Returns the information included in this error response. + * @return The error infomation String + */ + public String getErrorInfo() { + return errorInfo_ ; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java new file mode 100644 index 000000000..e493f07fb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -0,0 +1,157 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.util.Iterator; +import java.util.List; +import java.util.Vector; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Parses and unmarshales InfoboxReadResponse. + * This parser is especially used for parsing additional responses (additional to that + * one containing the IdentityLink retuned from the BKU as an answer of + * a <PushInfobox> request. + */ +public class ExtendedInfoboxReadResponseParser { + + /** + * Hide default constructor. + */ + private ExtendedInfoboxReadResponseParser() { + } + + /** + * Parses and unmarshales the given infoboxReadResponse to a list of + * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects. + * The method parses the given infoboxReadResponse + * + * @param infoboxReadResponse The infobox read response to be unmarshaled. + * @param infoboxName The name of the infobox the reponse corresponds to. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. Maybe empty. + * + * @throws ParseException If an error occurs on parsing and unmarshaling the response. + */ + public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName) + throws ParseException + { + Element infoboxReadResponseElem = null; + try { + Document doc = + DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null); + infoboxReadResponseElem = doc.getDocumentElement(); + } catch (Exception e) { + Logger.error("InfoboxReadResponse for \"" + infoboxName + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"}); + } + + Vector infoboxTokenList = new Vector(); + + if (infoboxReadResponseElem != null) { + // avoid using namespace URI or prefix, because it might change within the response + // (e.g.: sl11-namespace, some child sl10-namespace + List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem); + String key = null; + boolean primary = true; + Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0); + String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName(); + if (infoboxReadResponseChildName.equals("AssocArrayData")) { + // get the child elements from the element + List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild); + Iterator assocArrayPairIt = assocArrayPairs.iterator(); + int pairCount = 0; + // step through the elemnts + while (assocArrayPairIt.hasNext()) { + Element assocArrayPair = (Element)assocArrayPairIt.next(); + // check if the element actually a "Pair" element and not only a "key" + if (assocArrayPair.getLocalName().equals("Key")) { + // do not accept only a Key + throw new ParseException("parser.07", new Object[] {infoboxName}); + } + key = assocArrayPair.getAttribute("Key"); + if (pairCount > 0) { + primary = false; + } + pairCount++; + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary)); + } + + } else if (infoboxReadResponseChildName.equals("BinaryFileData")) { + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true)); + } + } + return infoboxTokenList; + } + + /** + * Unmarshales the <XMLContent> or + * <Base64Content> child of the given element to a list of + * infobox token. + * + * @param contentParent The elment including the <XMLContent> or + * <Base64Content> child to unmarshal the + * infobox token from. + * @param infoboxName The name of the infobox. + * @param key The key of an AssocArrayData-Pair. + * Maybe null. + * @param primary Specifies whether this token is the first (e.g. in an + * AssocArrayData) token. + * + * @return A infobox token list. + * + * @throws ParseException If the contentParent has no <XMLContent> + * or <Base64Content> child or the + * <XMLContent> is empty. + */ + public static List getTokenFromXMLOrBase64Content( + Element contentParent, + String infoboxName, + String key, + boolean primary) + throws ParseException + { + Vector tokenList = new Vector(); + // get the or + List content = DOMUtils.getChildElements(contentParent); + if (content.size() == 1) { + Element contentElem = (Element)content.get(0); + if (contentElem.getLocalName().equals("XMLContent")) { + List xmlContentChildren = DOMUtils.getChildElements(contentElem); + if (xmlContentChildren.size() == 0) { + throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"}); + } + int xmlCount = 0; + Iterator contentIt = xmlContentChildren.iterator(); + while (contentIt.hasNext()) { + Element xmlToken = (Element)contentIt.next(); + if (xmlCount > 0) { + primary = false; + } + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken); + tokenList.add(infoboxToken); + xmlCount++; + } + } else { + String base64Token = contentElem.getFirstChild().getNodeValue(); + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token); + tokenList.add(infoboxToken); + } + } else { + throw new ParseException("parser.06", + new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()}); + } + return tokenList; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java new file mode 100644 index 000000000..d8a57fd2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -0,0 +1,319 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.ECDSAConverterException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an identity link <saml:Assertion> + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLinkAssertionParser { + + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = Constants.PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = Constants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDS Namespaces */ + private static final String ECDSA = Constants.ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAMLSubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; + /** Xpath expression to the PersonData element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + + "/" + + PDATA + + "Person"; + /** Xpath expression to the PersonData GivenName element */ + private static final String PERSON_GIVEN_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "GivenName"; + /** Xpath expression to the PersonData FamilyName element */ + private static final String PERSON_FAMILY_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "FamilyName"; + /** Xpath expression to the PersonData DateOfBirth element */ + private static final String PERSON_DATE_OF_BIRTH_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "DateOfBirth"; + /** Xpath expression to the Identification element */ + private static final String PERSON_IDENT_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification"; + + /** Xpath expression to the Identification Value element */ + public static final String PERSON_IDENT_VALUE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Value"; + + /** Xpath expression to the Identification Value element */ + private static final String PERSON_IDENT_TYPE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Type"; + + /** Xpath expression to the RSAKeyValue element */ + private static final String RSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + DSIG + + "RSAKeyValue"; + + /** Xpath expression to the ECKeyValue element */ + private static final String ECDSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + ECDSA + + "ECDSAKeyValue"; + + + /** Xpath expression to the RSA Modulus element */ + private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus"; + /** Xpath expression to the RSA Exponent element */ + private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent"; + /** Xpath expression to the DSIG X509Certificate element */ + private static final String DSIG_CERTIFICATES_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "KeyInfo/" + + DSIG + + "X509Data/" + + DSIG + + "X509Certificate"; + /** Xpath expression to the DSIG Transforms element */ + private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "SignedInfo/" + + DSIG + + "Reference/" + + DSIG + + "Transforms"; + + /** The IssueInstant attribute of the SAML assertion */ + private static final String ISSUE_INSTANT_ATTR = "IssueInstant"; + + /**This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element assertionElem; + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming String will be created + * @param xmlAssertion <saml:Assertion> as String + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException { + try { + InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8")); + assertionElem = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Sets the <@link assertionElem>. + * @param xmlAssertion the assertion element + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(Element xmlAssertion) throws ParseException { + assertionElem = xmlAssertion; + } + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlAssertion <saml:Assertion> as InputStream + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception { + try { + assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public IdentityLink parseIdentityLink() throws ParseException { + IdentityLink identityLink; + try { + identityLink = new IdentityLink(); + identityLink.setSamlAssertion(assertionElem); + identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR)); + identityLink.setPrPerson((Element) + XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); + identityLink.setIdentificationValue( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); + identityLink.setIdentificationType( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); + identityLink.setGivenName( + XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); + identityLink.setFamilyName( + XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); + identityLink.setDateOfBirth( + XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); + NodeIterator dsigRefTransforms = + XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH); + List transElems = new ArrayList(); + Element transformsElem; + while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) { + transElems.add(transformsElem); + } + Element[] result = new Element[transElems.size()]; + transElems.toArray(result); + identityLink.setDsigReferenceTransforms(result); + + identityLink.setPublicKey(getPublicKeys()); + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + + return identityLink; + } + + /** + * Parses an array of Public Keys from the <InfoboxReadResponse> + * @return RSAPublicKey[] + * @throws IOException can occur when decoding the base64 values of the modulus and exponent + */ + public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{ + + + List pubKeys = new ArrayList(); + //Try to get RSA-Keys + NodeIterator rsaIter = + XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH); + Element rsaElem; + + while ((rsaElem = (Element) rsaIter.nextNode()) != null) { + String modulus = + XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, ""); + String exponent = + XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, ""); + + RSAPublicKey resPub = + new iaik.security.rsa.RSAPublicKey( + new BigInteger(1, Base64Utils.decode(modulus, true)), + new BigInteger(1, Base64Utils.decode(exponent, true))); + pubKeys.add(resPub); + } + + //Try to get ECDSA-Keys + NodeIterator ecdsaIter = + XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH); + Element ecdsaElem; + PublicKey ecPubKey = null; + while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) { + try { + ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem); + pubKeys.add(ecPubKey); + } + catch(Exception e) { + throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e); + } + } + + PublicKey[] result = new PublicKey[pubKeys.size()]; + pubKeys.toArray(result); + return result; + + } + /** + * Parses a string array of decoded base64 certificates from + * the <InfoboxReadResponse> found in the dsig-signature + * @return String[] with raw-certificates from the dsig-signature keyinfo + * @throws Exception + */ + public String[] getCertificates() throws Exception { + List certs = new ArrayList(); + NodeIterator rsaIter = + XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH); + Element certElem; + while ((certElem = (Element) rsaIter.nextNode()) != null) { + String content = DOMUtils.getText(certElem); + certs.add(new String(Base64Utils.decode(content, true))); + } + String[] result = new String[certs.size()]; + certs.toArray(result); + return result; + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java new file mode 100644 index 000000000..e59c88ddc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -0,0 +1,165 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <InfoboxReadResponse>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class InfoboxReadResponseParser { + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element infoBoxElem_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <InfoboxReadResponse> as String + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + */ + public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException { + + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <InfoboxReadResponse> as InputStream + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + */ + public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException { + init(is); + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The InfoBoxReadResponse as stream. + * @throws AuthenticationException If an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + */ + private void init(InputStream is) throws AuthenticationException, ParseException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { + infoBoxElem_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); + } + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + + + /** + * Parses the embedded <saml:Assertion> element from <InfoboxReadResponse> + * @return <saml:Assertion> as String + * @throws ParseException on any parsing error + */ +// public String parseSAMLAssertion() throws ParseException { +// try { +// +// String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); +// StringBuffer sb = new StringBuffer("/"); +// sb.append(slPrefix); +// sb.append(":InfoboxReadResponse/"); +// sb.append(slPrefix); +// sb.append(":BinaryFileData/"); +// sb.append(slPrefix); +// sb.append(":XMLContent/"); +// sb.append(Constants.SAML_PREFIX); +// sb.append(":Assertion"); +// String samlAssertionXPath = sb.toString(); +// Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); +// return DOMUtils.serializeNode(samlAssertion); +// +// } +// catch (Throwable t) { +// throw new ParseException("parser.01", new Object[] { t.toString()}, t); +// } +// } + + /** + * Parses the embedded <saml:Assertion> element from <InfoboxReadResponse> + * @return <saml:Assertion> as String + * @throws ParseException on any parsing error + */ + public Element parseSAMLAssertion() throws ParseException { + try { + + String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":InfoboxReadResponse/"); + sb.append(slPrefix); + sb.append(":BinaryFileData/"); + sb.append(slPrefix); + sb.append(":XMLContent/"); + sb.append(Constants.SAML_PREFIX); + sb.append(":Assertion"); + String samlAssertionXPath = sb.toString(); + Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); + return samlAssertion; + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + +// public IdentityLink parseIdentityLink() throws ParseException { +// String samlAssertionString = parseSAMLAssertion(); +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); +// return ilParser.parseIdentityLink(); +// } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + public IdentityLink parseIdentityLink() throws ParseException { + Element samlAssertion = parseSAMLAssertion(); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + return ilParser.parseIdentityLink(); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java new file mode 100644 index 000000000..7c4c01abe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.IOException; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Parser for a SAML artifact. + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactParser { + /** byte array containing the SamlArtifact bytes */ + private byte[] samlArtifactBytes; + + /** + * Constructor + * @param samlArtifact as String + * @throws ParseException on any parsing error + */ + public SAMLArtifactParser(String samlArtifact) throws ParseException { + try { + samlArtifactBytes = Base64Utils.decode(samlArtifact, false); + } + catch (IOException ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + /** + * Parses the type code. + * @return type code + * @throws ParseException when SAML artifact is invalid + */ + public byte[] parseTypeCode() throws ParseException { + try { + byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]}; + return typeCode; + } + catch (Throwable ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + /** + * Parses the assertion handle. + * @return assertion handle + * @throws ParseException when SAML artifact is invalid + */ + public String parseAssertionHandle() throws ParseException { + try { + return new String(samlArtifactBytes, 22, 20); + } + catch (Throwable ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java new file mode 100644 index 000000000..4c49afb76 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses a <VerifyXMLSignatureResponse> returned by + * MOA-SPSS. + * This class implements the Singleton pattern + * + * @author Stefan Knirsch + * @version $Id$ + */ + + +public class VerifyXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching MOA Namespaces */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** Xpath prefix for reaching DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; + + /** Xpath expression to the X509SubjectName element */ + private static final String DSIG_SUBJECT_NAME_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509SubjectName"; + /** Xpath expression to the X509Certificate element */ + private static final String DSIG_X509_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509Certificate"; + /** Xpath expression to the PublicAuthority element */ + private static final String PUBLIC_AUTHORITY_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "PublicAuthority"; + /** Xpath expression to the PublicAuthorityCode element */ + private static final String PUBLIC_AUTHORITY_CODE_XPATH = + PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; + /** Xpath expression to the QualifiedCertificate element */ + private static final String QUALIFIED_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "QualifiedCertificate"; + + /** Xpath expression to the SignatureCheckCode element */ + private static final String SIGNATURE_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureCheck/" + MOA + "Code"; + /** Xpath expression to the XMLDSIGManifestCheckCode element */ + private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the CertificateCheckCode element */ + private static final String CERTIFICATE_CHECK_CODE_XPATH = + ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element verifyXMLSignatureResponse; + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming String will be created + * @param xmlResponse <InfoboxReadResponse> as String + * @throws ParseException on any parsing error + */ + public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlResponse <InfoboxReadResponse> as InputStream + * @throws Exception on any parsing error + */ + public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception + { + try { + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <InfoboxReadResponse> as Element + */ + public VerifyXMLSignatureResponseParser(Element xmlResponse) + { + verifyXMLSignatureResponse =xmlResponse; + + } + + /** + * Parse identity link from <InfoboxReadResponse> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public VerifyXMLSignatureResponse parseData() throws ParseException { + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + + try { + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) + { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } + else + respData.setXmlDSIGManigest(false); + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + return respData; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java new file mode 100644 index 000000000..96e8e6dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -0,0 +1,202 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLDecoder; + +/** + * Base class for MOA-ID Auth Servlets, providing standard error handling + * and constant names. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { + + + /** + * Handles an error.
+ *
    + *
  • Logs the error
    • + *
  • Places error message and exception thrown into the request + * as request attributes (to be used by "/errorpage-auth.jsp")
    • + *
  • Sets HTTP status 500 (internal server error)
    • + *
+ * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response + */ + protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-auth.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + + } + /** + * Handles a WrongParametersException. + * @param req servlet request + * @param resp servlet response + */ + protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { + Logger.error(ex.toString()); + req.setAttribute("WrongParameters", ex.getMessage()); + + // forward this to errorpage-auth.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } + + /** + * Logs all servlet parameters for debugging purposes. + */ + protected void logParameters(HttpServletRequest req) { + for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { + String parname = (String)params.nextElement(); + Logger.debug("Parameter " + parname + req.getParameter(parname)); + } + } + + /** + * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 + * (no standard exists how browsers should encode them). + * + * @param req servlet request + * + * @return mapping parameter name -> value + * + * @throws IOException if parsing request parameters fails. + * + * @throws FileUploadException if parsing request parameters fails. + */ + protected Map getParameters(HttpServletRequest req) + throws IOException, FileUploadException { + + Map parameters = new HashMap(); + + + if (ServletFileUpload.isMultipartContent(req)) + { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) + { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) + { + // Process only form fields - no file upload items + parameters.put(item.getFieldName(), item.getString("UTF-8")); + Logger.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + "\nValue: " + + item.getString("UTF-8")); + } + } + } + + else + { + // request is encoded as application/x-www-urlencoded + InputStream in = req.getInputStream(); + + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); + parameters.put(paramName, paramValue); + } + } + while (paramName.length() > 0); + in.close(); + } + + return parameters; + } + + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * @param in input stream + * @param delimiter delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (! done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java new file mode 100644 index 000000000..f33377547 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for updating the MOA-ID Auth configuration from configuration file + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationServlet extends HttpServlet { + + /** + * Handle a HTTP GET request, used to indicated that the MOA + * configuration needs to be updated (reloaded). + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); + + try { + MOAIDAuthInitializer.initialized=false; + MOAIDAuthInitializer.initialize(); + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); + + Logger.info(message); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response); + + } catch (Throwable t) { + String errorMessage = msg.getMessage("config.04", null); + Logger.error(errorMessage, t); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response); + } + } + + /** + * Do the same as doGet. + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } + +} + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java new file mode 100644 index 000000000..c41b514c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.util.Calendar; + +import org.apache.axis.AxisFault; +import org.w3c.dom.Element; + +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Web service for picking up authentication data created in the MOA-ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData + */ +public class GetAuthenticationDataService implements Constants { + + /** + * Constructor for GetAuthenticationDataService. + */ + public GetAuthenticationDataService() { + super(); + } + + /** + * Takes a lt;samlp:Request> containing a + * SAML artifact and returns the corresponding + * authentication data lt;saml:Assertion> + * (obtained from the AuthenticationServer), + * enclosed in a lt;samlp:Response>. + *
Bad requests are mapped into various lt;samlp:StatusCode>s, + * possibly containing enclosed sub-lt;samlp:StatusCode>s. + * The status codes are defined in the SAML specification. + * + * @param requests request elements of type lt;samlp:Request>; + * only 1 request element is allowed + * @return response element of type lt;samlp:Response>, + * packed into an Element[] + * @throws AxisFault thrown when an error occurs in assembling the + * lt;samlp:Response> + */ + public Element[] Request(Element[] requests) + throws AxisFault { + + Element request = requests[0]; + Element[] responses = new Element[1]; + String requestID = ""; + String statusCode = ""; + String subStatusCode = null; + String statusMessageCode = null; + String statusMessage = null; + String samlAssertion = ""; + if (requests.length > 1) { + // more than 1 request given as parameter + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1201"; + } + else { + try { + DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); + NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); + if (samlArtifactList.getLength() == 0) { + // no SAML artifact given in request + statusCode = "samlp:Requester"; + statusMessageCode = "1202"; + } + else if (samlArtifactList.getLength() > 1) { + // too many SAML artifacts given in request + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1203"; + } + else { + Element samlArtifactElem = (Element)samlArtifactList.item(0); + requestID = samlArtifactElem.getAttribute("RequestID"); + String samlArtifact = DOMUtils.getText(samlArtifactElem); + try { + AuthenticationData authData = AuthenticationServer.getInstance(). + getAuthenticationData(samlArtifact); + // success + samlAssertion = authData.getSamlAssertion(); + statusCode = "samlp:Success"; + statusMessageCode = "1200"; + } + catch (AuthenticationException ex) { + // no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + } + } + catch (Throwable t) { + // invalid request format + statusCode = "samlp:Requester"; + statusMessageCode = "1204"; + } + } + try { + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + if (statusMessage == null) + statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); + responses[0] = new SAMLResponseBuilder().build( + responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + } + catch (MOAIDException e) { + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + catch (Throwable t) { + MOAIDException e = new MOAIDException("1299", null, t); + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + return responses; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java new file mode 100644 index 000000000..4dc69c70b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -0,0 +1,99 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for selecting a BKU. + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, + * the browser is redirected to the configured "BKU-Auswahl-URL". + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, + * the list of available BKU's is fetched from a BKU-Auswahl server, and presented + * to the user in an HTML form. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SelectBKUServlet extends AuthServlet { + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + /** + * Responds with an HTML form which requests the user to choose a BKU. + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET SelectBKU"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); + String templateURL = req.getParameter(PARAM_TEMPLATE); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + + try { + String returnValue = AuthenticationServer.getInstance().selectBKU( + authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); + if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { + // bkuSelectionType==HTMLComplete + String redirectURL = returnValue; + resp.setContentType("text/html"); + resp.sendRedirect(redirectURL); + Logger.info("REDIRECT TO: " + redirectURL); + } else { + // bkuSelectionType==HTMLSelect + String htmlForm = returnValue; + resp.setContentType("text/html;charset=UTF-8"); + Logger.debug("HTML-Form: " + htmlForm); + Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); + out.write(htmlForm); + out.flush(); + Logger.debug("Finished GET SelectBKU"); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (Throwable ex) { + handleError(null, ex, req, resp); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java new file mode 100644 index 000000000..6098f5138 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -0,0 +1,103 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for starting a MOA ID authentication session. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + * @see AuthenticationServer#startAuthentication + */ +public class StartAuthenticationServlet extends AuthServlet { + + /** + * Responds with an HTML form which upon submit requests the identity link + * from the security layer implementation. + *
+ * Response: + *
    + *
  • Content type: "text/html"
    • + *
  • Content: see return value of {@link AuthenticationServer#startAuthentication}
    • + *
  • Error status: 500 + *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET StartAuthentication"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String sessionID = req.getParameter(PARAM_SESSIONID); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + try { + String getIdentityLinkForm = + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + + /** + * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doGet(req, resp); + } + + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java new file mode 100644 index 000000000..6ec4a247d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -0,0 +1,120 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the signed authentication block + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyAuthenticationBlockServlet extends AuthServlet { + + + /** + * Constructor for VerifyAuthenticationBlockServlet. + */ + public VerifyAuthenticationBlockServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyAuthenticationBlock"); + } + + /** + * Verifies the signed authentication block and redirects the browser + * to the online application requested, adding a parameter needed for + * retrieving the authentication data. + *
+ * Request parameters: + *
    + *
  • MOASessionID: ID of associated authentication session
    • + *
  • XMLResponse: <CreateXMLSignatureResponse>
    • + *
+ * Response: + *
    + *
  • Status: 302
    • + *
  • Header "Location": URL of the online application requested, with + * parameters "Target"(only if the online application is + * a public service) and "SAMLArtifact" added
    • + *
  • Error status: 500 + *
+ * @see AuthenticationServer#verifyAuthenticationBlock + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyAuthenticationBlock"); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + String samlArtifactBase64 = + AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + String redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + } + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java new file mode 100644 index 000000000..2134c1444 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -0,0 +1,107 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Enumeration; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the identity link + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyIdentityLinkServlet extends AuthServlet { + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public VerifyIdentityLinkServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyIdentityLink"); + } + + /** + * Verifies the identity link and responds with a new + * CreateXMLSignatureRequest. + *
+ * Request parameters: + *
    + *
  • MOASessionID: ID of associated authentication session
    • + *
  • XMLResponse: <InfoboxReadResponse>
    • + *
+ * Response: + *
    + *
  • Content type: "text/xml"
    • + *
  • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
    • + *
  • Error status: 500 + *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyIdentityLink"); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequest = + AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + resp.addHeader("Location", dataURL); + + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequest.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST VerifyIdentityLink"); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java new file mode 100644 index 000000000..e6c9f4bee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -0,0 +1,274 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * + * This class is used to validate an {@link CreateXMLSignatureResponse} + * returned by the security layer. + * This class implements the Singleton pattern. + * @author Stefan Knirsch + * @version $Id$ + */ +public class CreateXMLSignatureResponseValidator { + + + /** Xpath expression to the dsig:Signature element */ + private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + + + /** Singleton instance. null, if none has been created. */ + private static CreateXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton CreateXMLSignatureResponseValidator. + * @return an instance of CreateXMLSignatureResponseValidator + * @throws ValidateException if no instance can be created + */ + public static synchronized CreateXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new CreateXMLSignatureResponseValidator(); + } + return instance; + } + + + /** + * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} + * @param createXMLSignatureResponse + * @param session + * @throws ValidateException + */ + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + throws ValidateException { + + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + + String gbTarget = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + boolean businessService = session.getBusinessService(); + + IdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (session.getSAMLAttributeGebeORwbpk()) { + // check the first attribute ("Geschaeftsbereich" or "wbPK") + samlAttribute = samlAttributes[0]; + if (businessService) { + if (!samlAttribute.getName().equals("wbPK")) { + if (samlAttribute.getName().equals("Geschaeftsbereich")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundWBPK = true; + try { + Element attrValue = (Element)samlAttribute.getValue(); + String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); + String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); + if (!value.equals(identityLink.getIdentificationValue())) { + throw new ValidateException("validator.28", null); + } + if (!type.equals(identityLink.getIdentificationType())) { + throw new ValidateException("validator.28", null); + } + } catch (Exception ex) { + throw new ValidateException("validator.29", null); + } + } else { + throw new ValidateException("validator.30", null); + } + } else { + if (!samlAttribute.getName().equals("Geschaeftsbereich")) { + if (samlAttribute.getName().equals("wbPK")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundGB = true; + if (!gbTarget.equals((String)samlAttribute.getValue())) { + throw new ValidateException("validator.13", null); + } + } else { + throw new ValidateException("validator.12", null); + } + } + } else { + offset--; + } + + // check the second attribute (must be "OA") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + if (businessService) { + if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null); + } else { + if (!foundGB) throw new ValidateException("validator.11", null); + } + + //Check if dsig:Signature exists +// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); +// if (nl.getLength() != 1) { +// throw new ValidateException("validator.05", null); +// } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java new file mode 100644 index 000000000..444f706e4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -0,0 +1,159 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class is used to validate an {@link IdentityLink} + * returned by the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class IdentityLinkValidator implements Constants { + + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDSA Namespaces */ + private static final String ECDSA = ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAML:SubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; +/** Xpath expression to the PersonData:Person element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; + /** Xpath expression to the SAML:Attribute element */ + private static final String ATTRIBUTE_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the SAML:AttributeName attribute */ + private static final String ATTRIBUTE_NAME_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; + /** Xpath expression to the SAML:AttributeNamespace attribute */ + private static final String ATTRIBUTE_NAMESPACE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/@AttributeNamespace"; + /** Xpath expression to the SAML:AttributeValue element */ + private static final String ATTRIBUTE_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue"; + + /** Singleton instance. null, if none has been created. */ + private static IdentityLinkValidator instance; + + /** + * Constructor for a singleton IdentityLinkValidator. + * @return a new IdentityLinkValidator instance + * @throws ValidateException if no instance can be created + */ + public static synchronized IdentityLinkValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new IdentityLinkValidator(); + } + return instance; + } + + /** + * Method validate. Validates the {@link IdentityLink} + * @param identityLink The identityLink to validate + * @throws ValidateException on any validation error + */ + public void validate(IdentityLink identityLink) throws ValidateException { + + Element samlAssertion = identityLink.getSamlAssertion(); + //Search the SAML:ASSERTION Object (A2.054) + if (samlAssertion == null) { + throw new ValidateException("validator.00", null); + } + + // Check how many saml:Assertion/saml:AttributeStatement/ + // saml:Subject/ saml:SubjectConfirmation/ + // saml:SubjectConfirmationData/pr:Person of type + // PhysicalPersonType exist (A2.056) + NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); + // If we have just one Person-Element we don't need to check the attributes + int counterPhysicalPersonType = 0; + if (nl.getLength() > 1) + for (int i = 0; i < nl.getLength(); i++) { + String xsiType = + ((Element) nl.item(i)) + .getAttributeNodeNS( + "http://www.w3.org/2001/XMLSchema-instance", + "type") + .getNodeValue(); + // We have to check if xsiType contains "PhysicalPersonType" + // An equal-check will fail because of the Namespace-prefix of the attribute value + if (xsiType.indexOf("PhysicalPersonType") > -1) + counterPhysicalPersonType++; + } + if (counterPhysicalPersonType > 1) + throw new ValidateException("validator.01", null); + + //Check the SAML:ATTRIBUTES + nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); + for (int i = 0; i < nl.getLength(); i++) { + String attributeName = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeName", + null); + String attributeNS = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeNamespace", + null); + if (attributeName.equals("CitizenPublicKey")) { + + if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || + attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { + Element attributeValue = + (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue == null) + throw new ValidateException("validator.02", null); + + } + else + throw new ValidateException("validator.03", new Object [] {attributeNS} ); + } + else + throw new ValidateException("validator.04", new Object [] {attributeName} ); + } + + //Check if dsig:Signature exists + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); + if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java new file mode 100644 index 000000000..c776418ab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; + +/** + * Validates an InfoboxReadResponse. + * An implementing class has to validate the content of the InfoboxReadResponse + * according to the type specific rules and guidelines of the underlying + * application. + */ +public interface InfoboxValidator { + + /** + * This method validates an InfoboxReadResponse. + * The method validates the content of the passed infoboxReadResponse + * according to the type specific rules and guidelines of the underlying + * application. + * + * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams + * Parameters} needed by the validator. + * + * @return True if validation succeeds, + * otherwise false. + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (InfoboxValidatorParams params) + throws ValidateException; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java new file mode 100644 index 000000000..a6685fca8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while validating an incoming XML structure + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ValidateException extends MOAIDException { + + /** + * Constructor for ValidateException. + * @param messageId + * @param parameters + */ + public ValidateException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ValidateException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ValidateException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java new file mode 100644 index 000000000..1f2ebc37c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -0,0 +1,177 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import iaik.asn1.structures.Name; +import iaik.security.ecc.ecdsa.ECPublicKey; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * This class is used to validate an {@link VerifyXMLSignatureResponse} + * returned by MOA-SPSS + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureResponseValidator { + + /** Identification string for checking identity link */ + public static final String CHECK_IDENTITY_LINK = "IdentityLink"; + /** Identification string for checking authentication block */ + public static final String CHECK_AUTH_BLOCK = "AuthBlock"; + + /** Singleton instance. null, if none has been created. */ + private static VerifyXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton VerifyXMLSignatureResponseValidator. + */ + public static synchronized VerifyXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new VerifyXMLSignatureResponseValidator(); + } + return instance; + } + + /** + * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. + * + * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> + * @param identityLinkSignersSubjectDNNames subject names configured + * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @param ignoreManifestValidationResult specifies whether the validation result of the + * manifest has to be ignored (identityLink validation if + * the OA is a business service) or not + * @throws ValidateException on any validation error + */ + public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, + List identityLinkSignersSubjectDNNames, + String whatToCheck, + boolean ignoreManifestValidationResult) + throws ValidateException { + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) + throw new ValidateException("validator.06", null); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String checkFailedReason =""; + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); + + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + else + throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + } + + if (ignoreManifestValidationResult) { + Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); + } else { + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + } + + + // TODO See Bug #322 + // Check result of SignatureManifestCheck + + + //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not + if (identityLinkSignersSubjectDNNames != null) { + String subjectDN = ""; + X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); + try { + subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); + } + catch (RFC2253NameParserException e) { + throw new ValidateException("validator.17", null); + } + // check the authorisation to sign the identity link + if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { + // subject DN check failed, try OID check: + try { + if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { + throw new ValidateException("validator.18", new Object[] { subjectDN }); + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check failed, but OID check successfully passed."); + } + } catch (X509ExtensionInitException e) { + throw new ValidateException("validator.49", null); + } + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check successfully passed."); + } + + } + } + + /** + * Method validateCertificate. + * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse + * @param idl The Identitylink + * @throws ValidateException + */ + public void validateCertificate( + VerifyXMLSignatureResponse verifyXMLSignatureResponse, + IdentityLink idl) + throws ValidateException { + + X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); + PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); + + PublicKey pubKeySignature = x509Response.getPublicKey(); + + boolean found = false; + for (int i = 0; i < pubKeysIdentityLink.length; i++) { + + //compare RSAPublicKeys + if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && + (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { + + RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; + RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; + + if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) + && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) + found = true; + } + + //compare ECDSAPublicKeys + if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && + (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { + + ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; + ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + } + } + + if (!found) + throw new ValidateException("validator.09", null); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java new file mode 100644 index 000000000..90b780526 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -0,0 +1,894 @@ +package at.gv.egovernment.moa.id.config; + +import iaik.pki.pathvalidation.ChainingModes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.math.BigInteger; +import java.security.Principal; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.id.auth.data.SchemaImpl; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathException; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class that builds configuration data from a DOM based representation. + * + * @author Patrick Peck + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConfigurationBuilder { + + // + // XPath namespace prefix shortcuts + // + /** an XPATH-Expression */ + protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; + /** an XPATH-Expression */ + protected static final String DSIG = Constants.DSIG_PREFIX + ":"; + + // + // chaining mode constants appearing in the configuration file + // + /** an XPATH-Expression */ + protected static final String CM_CHAINING = "chaining"; + /** an XPATH-Expression */ + protected static final String CM_PKIX = "pkix"; + /** an XPATH-Expression */ + protected static final String DEFAULT_ENCODING = "UTF-8"; + + // + // XPath expressions to select certain parts of the configuration + // + /** an XPATH-Expression */ + protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; + + /** an XPATH-Expression */ + protected static final String AUTH_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; + /** an XPATH-Expression */ + protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String AUTH_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; + + /** an XPATH-Expression */ + protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; + + /** an XPATH-Expression */ + public static final String AUTH_VERIFY_INFOBOXES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; + + /** an XPATH-Expression */ + protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; + /** an XPATH-Expression */ + protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_URL_XPATH = + CONF + "ConnectionParameter/@URL"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = + CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = + CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = + CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; + /** an XPATH-Expression */ + protected static final String GENERIC_CONFIGURATION_XPATH = + ROOT + CONF + "GenericConfiguration"; + + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_XPATH = + ROOT + CONF + "ChainingModes"; + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_DEFAULT_XPATH = + CHAINING_MODES_XPATH + "/@systemDefaultMode"; + /** an XPATH-Expression */ + protected static final String TRUST_ANCHOR_XPATH = + ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; + /** an XPATH-Expression */ + protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; + /** an XPATH-Expression */ + protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; + /** an XPATH-Expression */ + protected static final String TRUSTED_CA_CERTIFICATES_XPATH = + ROOT + CONF + "TrustedCACertificates"; + + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + + + + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir_; + + /** The root element of the MOA-ID configuration */ + protected Element configElem_; + + /** + * Creates a new MOAConfigurationProvider. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ConfigurationBuilder(Element configElem, String rootConfigDir) { + configElem_ = configElem; + rootConfigFileDir_ = rootConfigDir; + } + + /** + * Returns the root element of the MOA-ID configuration. + * + * @return The root element of the MOA-ID configuration. + */ + public Element getConfigElem() { + return configElem_; + } + + /** + * Build a ConnectionParameter object containing all information + * of the moa-sp element in the authentication component + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildAuthBKUConnectionParameter() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return buildConnectionParameter(authBKU); + } + + /** + * Method buildAuthBKUSelectionType. + * + * Build a string with the configuration value of BKUSelectionAlternative + * + * @return String + */ + public String buildAuthBKUSelectionType() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return (authBKU).getAttribute("BKUSelectionAlternative"); + } + + /** + * Build a string array with all filenames leading + * to the Transforms Information for the Security Layer + * @param contextNode The node from which should be searched + * @param xpathExpr The XPATH expression for the search + * @return String[] of filenames to the Security Layer Transforms Information + * or null if no transforms are included + */ + public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { + + List transformsInfoFileNames = new ArrayList(); + + try { + NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Attr tiElem; + while ((tiElem = (Attr) tiIter.nextNode()) != null) { + String tiFileName = tiElem.getNodeValue(); + transformsInfoFileNames.add(tiFileName); + } + + String[] result = new String[transformsInfoFileNames.size()]; + transformsInfoFileNames.toArray(result); + + return result; + } catch (XPathException xpe) { + return new String[0]; + } + } + + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ + public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { + + String[] transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + } + return transformsInfos; + } + + /** + * Build a ConnectionParameter bean containing all information + * of the authentication component moa-sp element + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildMoaSpConnectionParameter() { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + } + + /** + * Return a string with a url-reference to the VerifyIdentityLink trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + */ + public String getMoaSpIdentityLinkTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, + ""); + } + /** + * Return a string representation of an URL pointing to trusted CA Certificates + * @return String representation of an URL pointing to trusted CA Certificates + */ + public String getTrustedCACertificates() { + return XPathUtils.getElementValue( + configElem_, + TRUSTED_CA_CERTIFICATES_XPATH,null); + } + + /** + * Return a string with a url-reference to the VerifyAuthBlock trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyAuthBlock trust profile ID + */ + public String getMoaSpAuthBlockTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, + ""); + } + /** + * Build a string array with references to all verify transform info + * IDs within the moa-sp part of the authentication component + * @return A string array containing all urls to the + * verify transform info IDs + */ + public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { + + List verifyTransformsInfoIDs = new ArrayList(); + NodeIterator vtIter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); + Element vtElem; + + while ((vtElem = (Element) vtIter.nextNode()) != null) { + + String vtInfoIDs = DOMUtils.getText(vtElem); + verifyTransformsInfoIDs.add(vtInfoIDs); + } + String[] result = new String[verifyTransformsInfoIDs.size()]; + verifyTransformsInfoIDs.toArray(result); + + return result; + } + + + /** + * Returns a list containing all X509 Subject Names + * of the Identity Link Signers + * @return a list containing the configured identity-link signer X509 subject names + */ + public List getIdentityLink_X509SubjectNames() { + + Vector x509SubjectNameList = new Vector(); + NodeIterator x509Iter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); + Element x509Elem; + + while ((x509Elem = (Element) x509Iter.nextNode()) != null) { + String vtInfoIDs = DOMUtils.getText(x509Elem); + x509SubjectNameList.add(vtInfoIDs); + } + + // now add the default identity link signers + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i=0; inull. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return An OAProxyParameter array containing beans + * with all relevant information for the authentication component of the online + * application + */ + public OAAuthParameter[] buildOnlineApplicationAuthParameters( + VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + String bkuSelectionTemplateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); + String templateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + + List OA_set = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + Element authComponent = + (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); + + OAAuthParameter oap = new OAAuthParameter(); + String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); + oap.setPublicURLPrefix(publicURLPrefix); + oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); + + // get the type of the online application + String oaType = oAElem.getAttribute("type"); + oap.setOaType(oaType); + String slVersion = "1.1"; + if ("businessService".equalsIgnoreCase(oaType)) { + if (authComponent==null) { + Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberElem = + (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); + if (identificationNumberElem==null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); + if (identificationNumberChild == null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { + oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); + } else { + // If we have business service and want to dealt with GDA, the security layer can be advised to calulate + // the Health Professional Identifier HPI instead of the wbPK + Logger.info("OA uses HPI for Identification"); + oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI); + } + + // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file + Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); + slVersion = "1.2"; + + } else { + + if (authComponent!=null) { + slVersion = authComponent.getAttribute("slVersion"); + } + + } + oap.setSlVersion(slVersion); + //Check if there is an Auth-Block to read from configuration + + if (authComponent!=null) + { + oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); + oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); + oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); + oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); + oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + // load OA specific transforms if present + String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); + try { + oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); + } catch (Exception ex) { + Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); + } + Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); + oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + } + OA_set.add(oap); + } + OAAuthParameter[] result = + new OAAuthParameter[OA_set.size()]; + OA_set.toArray(result); + + return result; + + } + + /** + * Builds the URL for a BKUSelectionTemplate or a Template. The method selects + * the uri string from the MOA ID configuration file via the given xpath expression + * and returns either this string or the default value. + * + * @param oaAuthComponent The AuthComponent element to get the template from. + * @param xpathExpr The xpath expression for selecting the template uri. + * @param defaultURL The default template url. + * @return The template url. This may either the via xpath selected uri + * or, if no template is specified within the online appliacation, + * the default url. Both may be null. + */ + protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) { + String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL); + if (templateURL != null) { + templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); + } + return templateURL; + } + + + /** + * Method buildConnectionParameter: internal Method for creating a + * ConnectionParameter object with all data found in the incoming element + * @param root This Element contains the ConnectionParameter + * @return ConnectionParameter + */ + protected ConnectionParameter buildConnectionParameter(Element root) + { + ConnectionParameter result = new ConnectionParameter(); + result.setAcceptedServerCertificates( + XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); + + result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( + result.getAcceptedServerCertificates(), rootConfigFileDir_)); + + result.setUrl( + XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); + result.setClientKeyStore( + XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); + + result.setClientKeyStore(FileUtils.makeAbsoluteURL( + result.getClientKeyStore(), rootConfigFileDir_)); + + result.setClientKeyStorePassword( + XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); + + if ((result.getAcceptedServerCertificates()==null) + && (result.getUrl()=="") + && (result.getClientKeyStore()==null) + && (result.getClientKeyStorePassword()=="")) + return null; + + return result; + } + + + /** + * Build the mapping of generic configuration properties. + * + * @return a {@link Map} of generic configuration properties (a name to value + * mapping) from the configuration. + */ + public Map buildGenericConfiguration() { + + Map genericConfiguration = new HashMap(); + NodeIterator gcIter = + XPathUtils.selectNodeIterator( + configElem_, + GENERIC_CONFIGURATION_XPATH); + Element gcElem; + + while ((gcElem = (Element) gcIter.nextNode()) != null) { + String gcName = gcElem.getAttribute("name"); + String gcValue = gcElem.getAttribute("value"); + + genericConfiguration.put(gcName, gcValue); + } + + return genericConfiguration; + } + + + /** + * Returns the default chaining mode from the configuration. + * + * @return The default chaining mode. + */ + public String getDefaultChainingMode() { + String defaultChaining = + XPathUtils.getAttributeValue( + configElem_, + CHAINING_MODES_DEFAULT_XPATH, + CM_CHAINING); + + return translateChainingMode(defaultChaining); + + } + /** + * Build the chaining modes for all configured trust anchors. + * + * @return The mapping from trust anchors to chaining modes. + */ + public Map buildChainingModes() { + Map chainingModes = new HashMap(); + NodeIterator trustIter = + XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH); + Element trustAnchorElem; + + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { + IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); + String mode = trustAnchorElem.getAttribute("mode"); + + if (issuerAndSerial != null) { + chainingModes.put(issuerAndSerial, translateChainingMode(mode)); + } + } + + return chainingModes; + } + + /** + * Build an IssuerAndSerial from the DOM representation. + * + * @param root The root element (being of type dsig: + * X509IssuerSerialType. + * @return The issuer and serial number contained in the root + * element or null if could not be built for any reason. + */ + protected IssuerAndSerial buildIssuerAndSerial(Element root) { + String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); + String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); + + if (issuer != null && serial != null) { + try { + RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + Principal issuerDN = nameParser.parse(); + + return new IssuerAndSerial(issuerDN, new BigInteger(serial)); + } catch (RFC2253NameParserException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } catch (NumberFormatException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } + } + return null; + } + + /** + * Translate the chaining mode from the configuration file to one used in the + * IAIK MOA API. + * + * @param chainingMode The chaining mode from the configuration. + * @return The chaining mode as provided by the ChainingModes + * interface. + * @see iaik.pki.pathvalidation.ChainingModes + */ + protected String translateChainingMode(String chainingMode) { + if (chainingMode.equals(CM_CHAINING)) { + return ChainingModes.CHAIN_MODE; + } else if (chainingMode.equals(CM_PKIX)) { + return ChainingModes.PKIX_MODE; + } else { + return ChainingModes.CHAIN_MODE; + } + } + + /** + * Builds the IdentityLinkDomainIdentifier as needed for providing it to the + * SecurityLayer for computation of the wbPK. + *

e.g.:
+ * input element: + *
+ * <pr:Firmenbuchnummer Identifier="FN">000468 i</pr:Firmenbuchnummer> + *

+ * return value: urn:publicid:gv.at+wbpk+FN468i + * + * @param number The element holding the identification number of the business + * company. + * @return The domain identifier + */ + protected String buildIdentityLinkDomainIdentifier(Element number) { + if (number == null) { + return null; + } + String identificationNumber = number.getFirstChild().getNodeValue(); + String identifier = number.getAttribute("Identifier"); + // remove all blanks + identificationNumber = StringUtils.removeBlanks(identificationNumber); + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + // delete zeros from the beginning of the number + identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); + // remove hyphens + identificationNumber = StringUtils.removeToken(identificationNumber, "-"); + } + StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); + identityLinkDomainIdentifier.append("+"); + if (!identificationNumber.startsWith(identifier)) { + identityLinkDomainIdentifier.append(identifier); + } + identityLinkDomainIdentifier.append("+"); + identityLinkDomainIdentifier.append(identificationNumber); + return identityLinkDomainIdentifier.toString(); + } + + /** + * Builds the parameters for verifying additional infoboxes (additional to the + * IdentityLink infobox). + * + * @param verifyInfoboxesElem The VerifyInfoboxes element from the + * config file. This maybe the global element or the + * elment from an Online application. + * @param defaultVerifyInfoboxParameters Default parameters to be used, if no + * VerifyInfoboxes element is present. + * This only applies to parameters + * of an specific online application and is set to + * null when building the global parameters. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters} + * object needed for verifying additional infoboxes. + * + * @throws ConfigurationException If the trust profile for validating the identity link + * signer certificate is used for validating another infobox. + */ + public VerifyInfoboxParameters buildVerifyInfoboxParameters( + Node verifyInfoboxesElem, + VerifyInfoboxParameters defaultVerifyInfoboxParameters, + String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) { + return null; + } + Vector identifiers = new Vector(); + List defaultIdentifiers = null; + Map defaultInfoboxParameters = null; + if (defaultVerifyInfoboxParameters != null) { + defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers(); + defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); + } + Hashtable infoboxParameters = new Hashtable(); + if (verifyInfoboxesElem != null) { + // get the DefaultTrustProfileID + String defaultTrustProfileID = null; + Node defaultTrustProfileNode = + XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH); + if (defaultTrustProfileNode != null) { + Node trustProfileIDNode = + XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH); + defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); + if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) { + throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID}); + } + } + // get the Infoboxes + NodeList infoboxes = + XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH); + for (int i=0; iMOAConfigurationException. + */ + public ConfigurationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Create a MOAConfigurationException. + */ + public ConfigurationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java new file mode 100644 index 000000000..e65c47bad --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -0,0 +1,128 @@ +package at.gv.egovernment.moa.id.config; + +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Map; + +import at.gv.egovernment.moa.id.data.IssuerAndSerial; + +/** + * Base class for AuthConfigurationProvider and ProxyConfigurationProvider, + * providing functions common to both of them. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationProvider { + + /** + * Constructor + */ + public ConfigurationProvider() { + super(); + } + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.id.configuration"; + + /** + * The name of the generic configuration property giving the certstore directory path. + */ + public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off + */ + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + + + /** + * A Map which contains generic configuration information. Maps a + * configuration name (a String) to a configuration value (also a + * String). + */ + protected Map genericConfiguration; + + /** The default chaining mode. */ + protected String defaultChainingMode; + + /** + * A Map which contains the IssuerAndSerial to + * chaining mode (a String) mapping. + */ + protected Map chainingModes; + + /** + * the URL for the trusted CA Certificates + */ + protected String trustedCACertificates; + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir; + + /** + * Returns the main configuration file directory used to configure MOA-ID + * + * @return the directory + */ + public String getRootConfigFileDir() { + return rootConfigFileDir; + } + + /** + * Returns the mapping of generic configuration properties. + * + * @return The mapping of generic configuration properties (a name to value + * mapping) from the configuration. + */ + public Map getGenericConfiguration() { + return genericConfiguration; + } + + /** + * Returns the value of a parameter from the generic configuration section. + * + * @return the parameter value; null if no such parameter + */ + public String getGenericConfigurationParameter(String parameter) { + if (! genericConfiguration.containsKey(parameter)) + return null; + return (String)genericConfiguration.get(parameter); + } + + /** + * Return the chaining mode for a given trust anchor. + * + * @param trustAnchor The trust anchor for which the chaining mode should be + * returned. + * @return The chaining mode for the given trust anchor. If the trust anchor + * has not been configured separately, the system default will be returned. + */ + public String getChainingMode(X509Certificate trustAnchor) { + Principal issuer = trustAnchor.getIssuerDN(); + BigInteger serial = trustAnchor.getSerialNumber(); + IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); + + String mode = (String) chainingModes.get(issuerAndSerial); + return mode != null ? mode : defaultChainingMode; + } + + /** + * Returns the trustedCACertificates. + * @return String + */ + public String getTrustedCACertificates() { + + return trustedCACertificates; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java new file mode 100644 index 000000000..30b09cfe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -0,0 +1,106 @@ +package at.gv.egovernment.moa.id.config; + +/** + * This bean class is used to store data for various connectionParameter + * within the MOA-ID configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConnectionParameter { + + /** + * Server URL + */ + private String url; + /** + * File URL for a directory containing PKCS#12 server SSL certificates. + * From these certificates, a X509 trust store will be assembled for use + * by a JSSE TrustManager. + * This field will only be used in case of an HTTPS URL. + */ + private String acceptedServerCertificates; + /** + * File URL of a X509 key store containing the private key to be used + * for an HTTPS connection when the server requires client authentication. + * This field will only be used in case of an HTTPS URL. + */ + private String clientKeyStore; + /** + * Password protecting the client key store. + */ + private String clientKeyStorePassword; + + /** + * Checks whether the URL scheme is "https". + * @return true in case of an URL starting with "https" + */ + public boolean isHTTPSURL() { + return getUrl().indexOf("https") == 0; + } + + /** + * Returns the url. + * @return String + */ + public String getUrl() { + return url; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public String getAcceptedServerCertificates() { + return acceptedServerCertificates; + } + + /** + * Sets the acceptedServerCertificates. + * @param acceptedServerCertificates The acceptedServerCertificates to set + */ + public void setAcceptedServerCertificates(String acceptedServerCertificates) { + this.acceptedServerCertificates = acceptedServerCertificates; + } + + /** + * Sets the url. + * @param url The url to set + */ + public void setUrl(String url) { + this.url = url; + } + + /** + * Returns the clientKeyStore. + * @return String + */ + public String getClientKeyStore() { + return clientKeyStore; + } + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + /** + * Sets the clientKeyStore. + * @param clientKeyStore The clientKeyStore to set + */ + public void setClientKeyStore(String clientKeyStore) { + this.clientKeyStore = clientKeyStore; + } + + /** + * Sets the clientKeyStorePassword. + * @param clientKeyStorePassword The clientKeyStorePassword to set + */ + public void setClientKeyStorePassword(String clientKeyStorePassword) { + this.clientKeyStorePassword = clientKeyStorePassword; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java new file mode 100644 index 000000000..19a27b463 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -0,0 +1,76 @@ +package at.gv.egovernment.moa.id.config; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (true if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns true is the OA is a businss application, otherwise + * false. + * @return true is the OA is a businss application, otherwise + * false + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of businessService + * ({@link #getBusinessService()}) is also set to true + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java new file mode 100644 index 000000000..b4af6592c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -0,0 +1,414 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class providing access to the Auth Part of the MOA-ID configuration data. + * + *

Configuration data is read from an XML file, whose location is given by + * the moa.id.configuration system property.

+ *

This class implements the Singleton pattern. The reload() + * method can be used to update the configuration data. Therefore, it is not + * guaranteed that consecutive calls to getInstance() will return + * the same AuthConfigurationProvider all the time. During the + * processing of a web service request, the current + * TransactionContext should be used to obtain the + * AuthConfigurationProvider local to that request.

+ * + * @author Patrick Peck + * @author Stefan Knirsch + * + * @version $Id$ + */ +public class AuthConfigurationProvider extends ConfigurationProvider { + + /** DEFAULT_ENCODING is "UTF-8" */ + private static final String DEFAULT_ENCODING="UTF-8"; + /** + * The name of the generic configuration property giving the authentication session time out. + */ + public static final String AUTH_SESSION_TIMEOUT_PROPERTY = + "AuthenticationSession.TimeOut"; + /** + * The name of the generic configuration property giving the authentication data time out. + */ + public static final String AUTH_DATA_TIMEOUT_PROPERTY = + "AuthenticationData.TimeOut"; + + /** + * BKUSelectionType HTMLComplete, according to schema type BKUSelectionType + */ + public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = + "HTMLComplete"; + + /** + * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType + */ + public static final String BKU_SELECTION_TYPE_HTMLSELECT = + "HTMLSelect"; + + /** + * The name of the generic configuration property allowing https connection to + * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) + */ + public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = + "FrontendServlets.EnableHTTPConnection"; + + /** + * The name of the generic configuration property allowing to set a individual + * DATA URL used to communicate with the BKU (SecurityLayer) + */ + public static final String INDIVIDUAL_DATA_URL_PREFIX = + "FrontendServlets.DataURLPrefix"; + + /** Singleton instance. null, if none has been created. */ + private static AuthConfigurationProvider instance; + + // + // configuration data + // + + /** + * configuration files containing transformations for rendering in the + * secure viewer of the security layer implementation; + * multiple files can be given for different mime types + */ + private String[] transformsInfoFileNames; + + /** + * transformations for rendering in the secure viewer of the security layer implementation, + * read from {@link transformsInfoFileNames}; + * multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + + /** + * parameters for connection to MOA SP component + */ + private ConnectionParameter moaSpConnectionParameter; + /** + * trust profile ID to be used for verifying the identity link signature via MOA ID SP + */ + private String moaSpIdentityLinkTrustProfileID; + /** + * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP + */ + private String moaSpAuthBlockTrustProfileID; + /** + * transformations to be used for verifying the AUTH block signature via MOA ID SP + */ + private String[] moaSpAuthBlockVerifyTransformsInfoIDs; + /** + * X509 SubjectNames which will be trusted + */ + private List identityLinkX509SubjectNames; + /** + * default parameters for verifying additional infoboxes. + */ + private VerifyInfoboxParameters defaultVerifyInfoboxParameters; + + /** + * configuration parameters for online applications + */ + private OAAuthParameter[] onlineApplicationAuthParameters; + /** + * the Selection Type of the bku Selection Element + */ + private String bKUSelectionType; + /** + * is the bku Selection Element present? + */ + private boolean bKUSelectable; + /** + * the bku Selection Connection Parameters + */ + private ConnectionParameter bKUConnectionParameter; + + /** + * Return the single instance of configuration data. + * + * @return AuthConfigurationProvider The current configuration data. + * @throws ConfigurationException + */ + public static synchronized AuthConfigurationProvider getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * Reload the configuration data and set it if successful. + * + * @return AuthConfigurationProvider The loaded configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized AuthConfigurationProvider reload() + throws ConfigurationException { + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + if (fileName == null) { + throw new ConfigurationException("config.01", null); + } + Logger.info("Loading MOA-ID-AUTH configuration " + fileName); + + instance = new AuthConfigurationProvider(fileName); + return instance; + } + + /** + * Constructor for AuthConfigurationProvider. + * @param fileName + * @throws ConfigurationException + */ + public AuthConfigurationProvider(String fileName) + throws ConfigurationException { + + load(fileName); + } + + /** + * Load the configuration data from XML file with the given name and build + * the internal data structures representing the MOA ID configuration. + * + * @param fileName The name of the XML file to load. + * @throws ConfigurationException The MOA configuration could not be + * read/built. + */ + private void load(String fileName) throws ConfigurationException { + InputStream stream = null; + Element configElem; + ConfigurationBuilder builder; + + try { + // load the main config file + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseXmlValidating(stream); + } catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + finally { + try { + if (stream != null) { + stream.close(); + } + } catch (IOException e) { + } + } + try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + // build the internal datastructures + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); + bKUSelectable = (bKUConnectionParameter!=null); + bKUSelectionType = builder.buildAuthBKUSelectionType(); + genericConfiguration = builder.buildGenericConfiguration(); + transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); + transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); + moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); + moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); + moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); + moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); + defaultVerifyInfoboxParameters = null; + Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); + if (defaultVerifyInfoboxParamtersElem != null) { + defaultVerifyInfoboxParameters = + builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); + } + onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); + identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + } catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ +// private void loadTransformsInfos() throws Exception { +// +// transformsInfos = new String[transformsInfoFileNames.length]; +// for (int i = 0; i < transformsInfoFileNames.length; i++) { +// String fileURL = transformsInfoFileNames[i]; +// +// //if fileURL is relative to rootConfigFileDir make it absolute +// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); +// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); +// transformsInfos[i] = transformsInfo; +// } +// } + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ + private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { + + String[] transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + } + return transformsInfos; + } + /** + * Return a string array with all filenames leading + * to the Transforms Information for the Security Layer + * @return String[] of filenames to the Security Layer Transforms Information + */ + public String[] getTransformsInfoFileNames() { + return transformsInfoFileNames; + } + + /** + * Build an array of the OnlineApplication Parameters containing information + * about the authentication component + * @return An OAProxyParameter array containing beans + * with all relevant information for theauthentication component of the online + * application + */ + public OAAuthParameter[] getOnlineApplicationParameters() { + return onlineApplicationAuthParameters; + } + + /** + * Provides configuration information regarding the online application behind + * the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an OAAuthParameter, or null + * if none is applicable + */ + public OAAuthParameter getOnlineApplicationParameter(String oaURL) { + OAAuthParameter[] oaParams = getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAAuthParameter oaParam = oaParams[i]; + if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) + return oaParam; + } + return null; + } + + /** + * Return a string with a url-reference to the VerifyAuthBlock trust + * profile id within the moa-sp part of the authentication component + * + * @return String with a url-reference to the VerifyAuthBlock trust profile ID + */ + public String getMoaSpAuthBlockTrustProfileID() { + return moaSpAuthBlockTrustProfileID; + } + + /** + * Return a string array with references to all verify transform info + * IDs within the moa-sp part of the authentication component + * @return A string array containing all urls to the + * verify transform info IDs + */ + public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { + return moaSpAuthBlockVerifyTransformsInfoIDs; + } + + /** + * Return a ConnectionParameter bean containing all information + * of the authentication component moa-sp element + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter getMoaSpConnectionParameter() { + return moaSpConnectionParameter; + } + + /** + * Return a string with a url-reference to the VerifyIdentityLink trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + */ + public String getMoaSpIdentityLinkTrustProfileID() { + return moaSpIdentityLinkTrustProfileID; + } + /** + * Returns the transformsInfos. + * @return String[] + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the identityLinkX509SubjectNames. + * @return List + */ + public List getIdentityLinkX509SubjectNames() { + return identityLinkX509SubjectNames; + } + + /** + * Returns the bKUConnectionParameter. + * @return ConnectionParameter + */ + public ConnectionParameter getBKUConnectionParameter() { + return bKUConnectionParameter; + } + + /** + * Returns the bKUSelectable. + * @return boolean + */ + public boolean isBKUSelectable() { + return bKUSelectable; + } + + /** + * Returns the bKUSelectionType. + * @return String + */ + public String getBKUSelectionType() { + return bKUSelectionType; + } + + /** + * Returns the defaultVerifyInfoboxParameters. + * + * @return The defaultVerifyInfoboxParameters. + */ + public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { + return defaultVerifyInfoboxParameters; + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java new file mode 100644 index 000000000..ba3b61f9d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -0,0 +1,268 @@ +package at.gv.egovernment.moa.id.config.auth; + +import at.gv.egovernment.moa.id.config.OAParameter; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g urn:publicid:gv.at+wbpk+FN468i for a "Firmenbuchnummer") + *
+ * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Returns true if the Security Layer version is version 1.2, + * otherwise false. + * @return true if the Security Layer version is version 1.2, + * otherwise false + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns true if the certificate should be provided within the + * authentication data, otherwise false. + * @return true if the certificate should be provided, + * otherwise false + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or null if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or null if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe null. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets slVersion12 ({@link #getSlVersion12()}) + * to true if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + /** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java new file mode 100644 index 000000000..fbd42f975 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -0,0 +1,360 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "Stellvertretungen" + * for "Mandates" or "GDAToken" for + * "EHSPToken". + *
If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the identity link should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return True if the identity link should be passed to the verifying + * application, otherwise false. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink True if the identity link should be passed to + * the verifying application, otherwise false. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + * + * @return True if the Stammzahl should be passed to the + * verifying application, otherwise false. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl True if the Stammzahl should be + * passed to the verifying application, otherwise false. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return True if the infobox is required to be returned by the BKU, + * otherwise false. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required True if the infobox is required to be returned by the + * BKU, otherwise false. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe null. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" "); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" "); + buffer.append(friendlyName_); + buffer.append(""); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" "); + buffer.append(trustProfileID_); + buffer.append(""); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" "); + buffer.append(validatorClassName_); + buffer.append(""); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" "); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" \n"); + } + buffer.append(" "); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" "); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java new file mode 100644 index 000000000..15c0c328c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the PushInfobox parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * infoboxParameters map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java new file mode 100644 index 000000000..d25cb3b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java @@ -0,0 +1,173 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import java.util.HashMap; +import java.util.Map; + +/** + * Holds configuration data concerning an online application for use by the MOA-ID Proxy component. + * These include the login type (stateful or stateless), the HTTP authentication type, + * and information needed to add authentication parameters or headers for a URL connection + * to the remote online application. + * @see MOAIDConfiguration-1.1.xsd, element Configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class OAConfiguration { + + /** Constant for an login method */ + public static final String LOGINTYPE_STATEFUL = "stateful"; + /** Constant for an login method */ + public static final String LOGINTYPE_STATELESS = "stateless"; + + /** Constant for an auth method */ + public static final String BASIC_AUTH = "basic"; + /** Constant for an auth method */ + public static final String HEADER_AUTH = "header"; + /** Constant for an auth method */ + public static final String PARAM_AUTH = "param"; + + + /** Constant for binding */ + public static final String BINDUNG_USERNAME = "userName"; + /** Constant for binding */ + public static final String BINDUNG_FULL = "full"; + /** Constant for binding */ + public static final String BINDUNG_NONE = "none"; + /** Constant for binding */ + public static final String BINDUNG_NOMATCH = "noMatch"; + + /** login type: stateful or stateless */ + String loginType; + /** authentication type: basic, header, or param */ + String authType; + /** + * mapping of parameter names to AuthenticationData field names + * in case of authentication type "header-auth" + */ + Map paramAuthMapping; + /** + * mapping of parameter names to AuthenticationData field names + * in case of authentication type "param-auth" + */ + Map headerAuthMapping; + /** mapping for user ID to be used in case of authentication type "basic-auth" */ + String basicAuthUserIDMapping; + /** mapping for password to be used in case of authentication type "basic-auth" */ + String basicAuthPasswordMapping; + /** Binding for basic authentication */ + String binding; + + /** + * Returns the basicAuthPasswordMapping. + * @return String + */ + public String getBasicAuthPasswordMapping() { + return basicAuthPasswordMapping; + } + + /** + * Returns the basicAuthUserIDMapping. + * @return String + */ + public String getBasicAuthUserIDMapping() { + return basicAuthUserIDMapping; + } + + /** + * Returns the headerAuthMapping. + * @return HashMap + */ + public Map getHeaderAuthMapping() { + return headerAuthMapping; + } + + /** + * Returns the loginType. + * @return String + */ + public String getLoginType() { + return loginType; + } + + /** + * Returns the paramAuthMapping. + * @return HashMap + */ + public Map getParamAuthMapping() { + return paramAuthMapping; + } + + /** + * Returns the binding. + * @return String + */ + public String getBinding() { + return binding; + } + + /** + * Sets the basicAuthPasswordMapping. + * @param basicAuthPassword The basicAuthPasswordMapping to set + */ + public void setBasicAuthPasswordMapping(String basicAuthPassword) { + this.basicAuthPasswordMapping = basicAuthPassword; + } + + /** + * Sets the basicAuthUserIDMapping. + * @param basicAuthUserID The basicAuthUserIDMapping to set + */ + public void setBasicAuthUserIDMapping(String basicAuthUserID) { + this.basicAuthUserIDMapping = basicAuthUserID; + } + + /** + * Sets the headerAuthMapping. + * @param headerAuth The headerAuthMapping to set + */ + public void setHeaderAuthMapping(HashMap headerAuth) { + this.headerAuthMapping = headerAuth; + } + + /** + * Sets the loginType. + * @param loginType The loginType to set + */ + public void setLoginType(String loginType) { + this.loginType = loginType; + } + + /** + * Sets the paramAuthMapping. + * @param paramAuth The paramAuthMapping to set + */ + public void setParamAuthMapping(HashMap paramAuth) { + this.paramAuthMapping = paramAuth; + } + + /** + * Returns the authType. + * @return String + */ + public String getAuthType() { + return authType; + } + + /** + * Sets the authType. + * @param authLoginType The authType to set + */ + public void setAuthType(String authLoginType) { + this.authType = authLoginType; + } + + /** + * Sets the binding. + * @param binding The binding to be set. + */ + public void setBinding (String binding) { + this.binding = binding; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java new file mode 100644 index 000000000..83ab73dcd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -0,0 +1,184 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.OAParameter; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Proxy component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class OAProxyParameter extends OAParameter { + +// /** +// * public URL prefix of the online application +// */ +// private String publicURLPrefix; + /** + * URL of online application configuration file; + * defaults to relative URL /moaconfig.xml + */ + private String configFileURL; + /** + * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface + * to be used for authenticating the online application; + * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} + */ + private String loginParameterResolverImpl; + + /** + * Configuration Parameter of LoginParameterResolver + */ + private String loginParameterResolverConfiguration; + + /** + * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface + * to be used for connecting to the online application; + * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder} + */ + private String connectionBuilderImpl; + /** + * session time out to be used in case of a stateless online application + */ + private int sessionTimeOut; + /** + * parameters regarding the connection from the proxy to the online application + */ + private ConnectionParameter connectionParameter; + /** + * parameters for logging into the online application + */ + private OAConfiguration oaConfiguration; + + + /** + * Returns the configFileURL. + * @return String + */ + public String getConfigFileURL() { + return configFileURL; + } + + /** + * Returns the sessionTimeOut. + * @return int + */ + public int getSessionTimeOut() { + return sessionTimeOut; + } + + /** + * Returns the connectionParameter. + * @return ConnectionParameter + */ + public ConnectionParameter getConnectionParameter() { + return connectionParameter; + } + + /** + * Sets the configFileURL for the proxy. + * @param oaProxyConfigFileURL The configFileURL to set + */ + public void setConfigFileURL(String oaProxyConfigFileURL) { + this.configFileURL = oaProxyConfigFileURL; + } + + /** + * Sets the sessionTimeOut for the proxy. + * @param oaProxySessionTimeOut The sessionTimeOut to set + */ + public void setSessionTimeOut(int oaProxySessionTimeOut) { + this.sessionTimeOut = oaProxySessionTimeOut; + } + + /** + * Sets the connectionParameter for the proxy. + * @param proxyConnectionParameter The connectionParameter to set + */ + public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) { + this.connectionParameter = proxyConnectionParameter; + } + +// /** +// * Returns the publicURLPrefix. +// * @return String +// */ +// public String getPublicURLPrefix() { +// return publicURLPrefix; +// } +// +// /** +// * Sets the publicURLPrefix. +// * @param publicURLPrefix The publicURLPrefix to set +// */ +// public void setPublicURLPrefix(String url) { +// this.publicURLPrefix = url; +// } + + /** + * Returns the connectionBuilderImpl. + * @return String + */ + public String getConnectionBuilderImpl() { + return connectionBuilderImpl; + } + + /** + * Returns the loginParameterResolverImpl. + * @return String + */ + public String getLoginParameterResolverImpl() { + return loginParameterResolverImpl; + } + + /** + * Returns the loginParameterResolverConfiguration. + * @return String + */ + public String getLoginParameterResolverConfiguration() { + return loginParameterResolverConfiguration; + } + + /** + * Sets the connectionBuilderImpl for the proxy. + * @param connectionBuilderImpl The connectionBuilderImpl to set + */ + public void setConnectionBuilderImpl(String connectionBuilderImpl) { + this.connectionBuilderImpl = connectionBuilderImpl; + } + + /** + * Sets the loginParameterResolverImpl for the proxy. + * @param loginParameterResolverImpl The loginParameterResolverImpl to set + */ + public void setLoginParameterResolverImpl(String loginParameterResolverImpl) { + this.loginParameterResolverImpl = loginParameterResolverImpl; + } + + /** + * Sets the loginParameterResolverConfiguration for the proxy. + * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set + */ + public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { + this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; + } + + /** + * Returns the oaConfiguration. + * @return OAConfiguration + */ + public OAConfiguration getOaConfiguration() { + return oaConfiguration; + } + + /** + * Sets the oaConfiguration. + * @param oaConfiguration The oaConfiguration to set + */ + public void setOaConfiguration(OAConfiguration oaConfiguration) { + this.oaConfiguration = oaConfiguration; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java new file mode 100644 index 000000000..f578ea634 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -0,0 +1,268 @@ +// Copyright (C) 2002 IAIK +// http://jce.iaik.tugraz.at +// +// Copyright (C) 2007 Stiftung Secure Information and +// Communication Technologies SIC +// http://www.sic.st +// +// All rights reserved. +// +// This source is provided for inspection purposes and recompilation only, +// unless specified differently in a contract with IAIK. This source has to +// be kept in strict confidence and must not be disclosed to any third party +// under any circumstances. Redistribution in source and binary forms, with +// or without modification, are permitted in any case! +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +// SUCH DAMAGE. + +package at.gv.egovernment.moa.id.config.proxy; + +import java.io.ByteArrayInputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builds the configuration for MOA-ID Proxy. + */ +public class ProxyConfigurationBuilder extends ConfigurationBuilder { + + /** + * Default online application configuration file name + * (used when /OnlineApplication/ProxyComponent@configFileURL is null). + */ + public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; + + /** an XPATH-Expression */ + private static final String PROXY_AUTH_XPATH = + ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String ROOTOA = "/" + CONF + "Configuration/"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; + /** an XPATH-Expression */ + private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; + /** an XPATH-Expression */ + private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; + /** an XPATH-Expression */ + protected static final String OACONF_LOGIN_TYPE_XPATH = + ROOTOA + CONF + "LoginType"; + /** an XPATH-Expression */ + protected static final String OACONF_BINDING_TYPE_XPATH = + ROOTOA + CONF + "Binding"; + /** an XPATH-Expression */ + protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = + ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; + /** an XPATH-Expression */ + protected static final String OACONF_USER_ID_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; + /** an XPATH-Expression */ + protected static final String OACONF_PASSWORD_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; + /** an XPATH-Expression */ + protected static final String OACONF_HEADER_AUTH_HEADER_XPATH = + ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; + + /** + * Creates a new MOAConfigurationProvider. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) { + super(configElem, rootConfigDir); + } + + /** + * Method buildOAConfiguration. + * + * Build an {@link OAConfiguration} Object from the given configuration DOM element + * + * @param root + * @return OAConfiguration + * @throws ConfigurationException + */ + public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ + + OAConfiguration oaConfiguration = new OAConfiguration(); + + //The LoginType hast to be "stateless" or "stateful" to be valid + + oaConfiguration.setLoginType( + XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); + + oaConfiguration.setBinding( + XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); + + //Try to build the Parameter Auth Parameters + NodeIterator paramAuthIter = + XPathUtils.selectNodeIterator( + root, + OACONF_PARAM_AUTH_PARAMETER_XPATH); + Element paramAuthElem; + HashMap paramAuthMap = new HashMap(); + while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { + String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); + String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); + if (paramAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + paramAuthMap.put(name, value); + } + oaConfiguration.setParamAuthMapping(paramAuthMap); + // Try to build the BasicAuthParameters + oaConfiguration.setBasicAuthUserIDMapping( + XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); + oaConfiguration.setBasicAuthPasswordMapping( + XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); + + //Try to build the Parameter Auth Parameters + NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); + + Element headerAuthElem; + HashMap headerAuthMap = new HashMap(); + while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { + String name = + XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); + String value = + XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); + // Contains Key (Neue Config-Exception: doppelte werte) + if (headerAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + headerAuthMap.put(name, value); + } + oaConfiguration.setHeaderAuthMapping(headerAuthMap); + + if (paramAuthMap.size() == 0) { + if (oaConfiguration.getBasicAuthUserIDMapping() == null) { + oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); + + return oaConfiguration; + } + + + /** + * Build an array of OnlineApplication Parameter Beans containing information + * about the proxy component + * @return An OAProxyParameter array containing beans + * with all relevant information for the proxy component of the online + * application + */ + public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ + + List oA_list = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + + Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); + if (proxyComponentElem != null) { + OAProxyParameter oap = new OAProxyParameter(); + + oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); + oap.setOaType(oAElem.getAttribute("type")); + oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); + oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_)); + // default session time out: 3600 sec = 1 h + oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); + oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); + oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); + oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); + oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); + + ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); + oap.setConnectionParameter(conPara); + + OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); + oap.setOaConfiguration(oaConf); + + oA_list.add(oap); + } + } + OAProxyParameter[] result = + new OAProxyParameter[oA_list.size()]; + oA_list.toArray(result); + + return result; + + } + + /** + * Reads the configuration file of the online application, and creates a DOM tree from it. + * If /OnlineApplication/ProxyComponent@configFileURL is not given, + * uses default configuration file location. + * + * @param oap configuration data of online application, meant for use by MOA-ID-PROXY + * @return Element DOM tree root element + * @throws ConfigurationException on any exception thrown + */ + private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException + { + try { + String configFileURL = oap.getConfigFileURL(); + if (configFileURL == null) { + // use default config file URL, when config file URL is not given + configFileURL = oap.getConnectionParameter().getUrl(); + if (configFileURL.charAt(configFileURL.length() - 1) != '/') + configFileURL += "/"; + configFileURL += DEFAULT_OA_CONFIG_FILENAME; + } + Logger.info("Loading MOA-OA configuration " + configFileURL); + Element configElem = DOMUtils.parseXmlValidating( + new ByteArrayInputStream(FileUtils.readURL(configFileURL))); + return configElem; + } + catch (Throwable t) { + throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); + } + } + + /** + * Build a bean containing all information about the ProxyComponent + * @return The ConnectionParameter for the Proxy Component + */ + public ConnectionParameter buildAuthComponentConnectionParameter() + { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java new file mode 100644 index 000000000..572ce5708 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -0,0 +1,188 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.MalformedURLException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * A class providing access to the Proxy Part of the MOA-ID configuration data. + * + *

Configuration data is read from an XML file, whose location is given by + * the moa.id.configuration system property.

+ *

This class implements the Singleton pattern. The reload() + * method can be used to update the configuration data. Therefore, it is not + * guaranteed that consecutive calls to getInstance() will return + * the same ProxyConfigurationProvider all the time. During the + * processing of a web service request, the current + * TransactionContext should be used to obtain the + * ProxyConfigurationProvider local to that request.

+ * + * @author Stefan Knirsch + */ +public class ProxyConfigurationProvider extends ConfigurationProvider { + + /** Singleton instance. null, if none has been created. */ + private static ProxyConfigurationProvider instance; + + + // + // configuration data + // + /** + * connection parameters for connection to MOA ID Auth component + */ + private ConnectionParameter authComponentConnectionParameter; + /** + * configuration parameters for online applications + */ + private OAProxyParameter[] onlineApplicationProxyParameter; + + /** + * Return the single instance of configuration data. + * + * @return ProxyConfigurationProvider The current configuration data. + * @throws ConfigurationException + */ + public static synchronized ProxyConfigurationProvider getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * Reload the configuration data and set it if successful. + * + * @return ProxyConfigurationProvider The loaded configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized ProxyConfigurationProvider reload() + throws ConfigurationException { + String fileName = System.getProperty(CONFIG_PROPERTY_NAME); + if (fileName == null) { + throw new ConfigurationException("config.01", null); + } + Logger.info("Loading MOA-ID-PROXY configuration " + fileName); + + instance = new ProxyConfigurationProvider(fileName); + return instance; + } + + /** + * Constructor for ProxyConfigurationProvider. + */ + public ProxyConfigurationProvider(String fileName) + throws ConfigurationException { + + load(fileName); + } + + /** + * Load the configuration data from XML file with the given name and build + * the internal data structures representing the MOA configuration. + * + * @param fileName The name of the XML file to load. + * @throws ConfigurationException The MOA configuration could not be + * read/built. + */ + private void load(String fileName) throws ConfigurationException { + FileInputStream stream = null; + Element configElem; + ProxyConfigurationBuilder builder; + + try { + // load the main config file + stream = new FileInputStream(fileName); + configElem = DOMUtils.parseXmlValidating(stream); + } + catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + finally { + try { + if (stream != null) { + stream.close(); + } + } + catch (IOException e) { + } + } + try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + // build the internal datastructures + builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir); + authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); + + onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); + for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { + onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); + } + + genericConfiguration = builder.buildGenericConfiguration(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + } + catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + /** + * Return a bean containing all information about the ProxyComponent + * @return The ConnectionParameter for the Proxy Component + */ + public ConnectionParameter getAuthComponentConnectionParameter() { + return authComponentConnectionParameter; + } + + /** + * Build an array of OnlineApplication Parameter Beans containing all + * information about the proxy component of the online application + * @return An OAProxyParameter array containing beans + * with all relevant information for the proxy component of the online + * application + */ + public OAProxyParameter[] getOnlineApplicationParameters() { + return onlineApplicationProxyParameter; + } + /** + * Provides configuration information regarding the online application behind + * the given URL, relevant to the MOA-ID Proxy component. + * + * @param oaURL URL requested for an online application + * @return an OAProxyParameter, or null + * if none is applicable + */ + public OAProxyParameter getOnlineApplicationParameter(String oaURL) { + OAProxyParameter[] oaParams = getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAProxyParameter oaParam = oaParams[i]; + if (oaURL.startsWith(oaParam.getPublicURLPrefix())) + return oaParam; + } + return null; + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java new file mode 100644 index 000000000..4fc35c1e6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -0,0 +1,394 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.Date; + +/** + * Encapsulates authentication data contained in a <saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public class AuthenticationData { + /** + * major version number of the SAML assertion + */ + private int majorVersion; + /** + * minor version number of the SAML assertion + */ + private int minorVersion; + /** + * identifier for this assertion + */ + private String assertionID; + /** + * URL of the MOA-ID Auth component issueing this assertion + */ + private String issuer; + /** + * time instant of issue of this assertion + */ + private String issueInstant; + /** + * user identification value (Stammzahl); null, + * if the authentication module is configured not to return this data + */ + private String identificationValue; + /** + * user identification type + */ + private String identificationType; + /** + * application specific user identifier (bPK) + */ + private String bPK; + /** + * private sector-specific personal identifier (wbPK) + */ + private String wbPK; + /** + * given name of the user + */ + private String givenName; + /** + * family name of the user + */ + private String familyName; + /** + * date of birth of the user + */ + private String dateOfBirth; + /** + * says whether the certificate is a qualified certificate or not + */ + private boolean qualifiedCertificate; + /** + * says whether the certificate is a public authority or not + */ + private boolean publicAuthority; + /** + * public authority code (Behördenkennzeichen - BKZ) + */ + private String publicAuthorityCode; + /** + * The base64 encoded signer certificate. + */ + private String signerCertificate; + /** + * URL of the BKU + */ + private String bkuURL; + /** + * the corresponding lt;saml:Assertion> + */ + private String samlAssertion; + /** + * creation timestamp + */ + Date timestamp; + + /** + * Constructor for AuthenticationData. + */ + public AuthenticationData() { + timestamp = new Date(); + } + + /** + * Returns the minorVersion. + * @return int + */ + public int getMinorVersion() { + return minorVersion; + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Returns the publicAuthorityCode. + * @return String + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the bPK. + * @return String + */ + public String getBPK() { + return bPK; + } + + /** + * Returns the wbPK. + * @return String the wbPK. + */ + public String getWBPK() { + return wbPK; + } + + /** + * Sets the minorVersion. + * @param minorVersion The minorVersion to set + */ + public void setMinorVersion(int minorVersion) { + this.minorVersion = minorVersion; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + /** + * Sets the wbPK. + * @param wbPK The wbPK to set + */ + public void setWBPK(String wbPK) { + this.wbPK = wbPK; + } + + /** + * Returns the assertionID. + * @return String + */ + public String getAssertionID() { + return assertionID; + } + + /** + * Returns the dateOfBirth. + * @return String + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the identificationValue. + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Returns the issueInstant. + * @return String + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Returns the issuer. + * @return String + */ + public String getIssuer() { + return issuer; + } + + /** + * Returns the majorVersion. + * @return int + */ + public int getMajorVersion() { + return majorVersion; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the signer certificate. + * @return String + */ + public String getSignerCertificate() { + return signerCertificate; + } + + /** + * Sets the assertionID. + * @param assertionID The assertionID to set + */ + public void setAssertionID(String assertionID) { + this.assertionID = assertionID; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(String dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Sets the issueInstant. + * @param issueInstant The issueInstant to set + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + + /** + * Sets the issuer. + * @param issuer The issuer to set + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Sets the majorVersion. + * @param majorVersion The majorVersion to set + */ + public void setMajorVersion(int majorVersion) { + this.majorVersion = majorVersion; + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + /** + * Sets the signer certificate + * @param signerCertificate The signer certificate + */ + public void setSignerCertificate(String signerCertificate) { + this.signerCertificate = signerCertificate; + } + + /** + * Returns the samlAssertion. + * @return String + */ + public String getSamlAssertion() { + return samlAssertion; + } + + /** + * Sets the samlAssertion. + * @param samlAssertion The samlAssertion to set + */ + public void setSamlAssertion(String samlAssertion) { + this.samlAssertion = samlAssertion; + } + + /** + * Returns the timestamp. + * @return Date + */ + public Date getTimestamp() { + return timestamp; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java new file mode 100644 index 000000000..6ed133c5a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.id.data; +import java.util.HashMap; +import java.util.Iterator; +import java.util.StringTokenizer; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * The Cookie-class provides methods to save and return cookies for + * each single session + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class Cookie { + /** A HahsMap containing all our cookies */ + HashMap cookies = new HashMap(); + /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication + * to send them back to the client/browser as soon as possible */ + HashMap cookies401 = new HashMap(); + + /** + * Adds a Cookie from a response with response-code 401 to the cookie-pool + * for sending it back to the browser / client + * @param cookieString The complete 'Set-Cookie' - String + */ + public void add401(String cookieString) + { + cookies401.put(getKey(cookieString),cookieString); + } + + /** + * Get the HashMap containing all cookies to be sent to the browser / client + * @return HashMap with all cookies + */ + public HashMap get401() + { + return cookies401; + } + + /** + * Clear the 401 cookie-pool + */ + public void clear401() + { + cookies401.clear(); + } + + /** + * Set a cookie that comes from the Online-Application + * and save it in our "normal" cookie-pool + * @param value The complete "Set-Cookie" - String from the Online-Application + */ + public void setCookie(String value) { + cookies.put(getKey(value), getValue(value)); + } + + /** + * Method saveOldCookies. + * @param value The complete "Set-Cookie" - String from the Online-Application + */ + public void saveOldCookies(String value) { + StringTokenizer st = new StringTokenizer(value,";"); + while (st.hasMoreTokens()) + { + // We have to trim because the Tokenizer returns cookies including spaces at the beginning + StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"="); + String cookieKey = st2.nextToken().trim(); + if (st2.hasMoreTokens()) + { + String cookieValue = st2.nextToken().trim(); + if (!cookies.containsKey(cookieKey)) + cookies.put(cookieKey , cookieValue); + } + } + Logger.debug("Found these cookies: " + getCookies()); + } + + /** + * Get a String containing all cookies saved in that session seperated by '; ' + * to be sent back to the Online-Application + * @return String containing all cookies saved in that session seperated by '; ' + */ + public String getCookies() { + String result = ""; + if (cookies.size()==0) + return null; + Iterator i = cookies.keySet().iterator(); + while (i.hasNext()) { + String key = (String) i.next(); + result += key + "=" + (String)cookies.get(key) + "; "; + } + return result.substring(0, result.length() - 2); + } + + /** + * Returns the key of a key-value-pair of a cookie + * getKey("CookieA=1234") returns CookieA + * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie + * @return String the key of a key-value-pair of a cookie + */ + private String getKey(String input) { + return input.substring(0, input.indexOf("=")); + } + + /** + * Returns the value of a key-value-pair of a cookie + * getKey("CookieA=1234") returns 1234 + * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie + * @return String the value of a key-value-pair of a cookie + */ + private String getValue(String input) { + if (input.indexOf(";") == -1) + return input.substring(input.indexOf("=") + 1, input.getBytes().length); + return input.substring(input.indexOf("=") + 1, input.indexOf(";")); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java new file mode 100644 index 000000000..1762a52b7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java @@ -0,0 +1,114 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.HashMap; + +/** + * The CookieManager is a singleton to manage a Cookie-Object for + * each session + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class CookieManager { + /** the singleton instance of the CookieManager */ + private static CookieManager instance; + /** a HashMap to bind a Cookie-object to every single session*/ + private static HashMap cookies = new HashMap(); + + /** + * Create a singleton of the CookieManager + * @return CookieManager + */ + public static CookieManager getInstance() + { + if(instance==null) instance=new CookieManager(); + return instance; + } + + /** + * Save a cookie to a specified session-id + * @param id The session id + * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication + */ + public void saveCookie(String id, String cookie_string) + { + getCookieWithID(id).setCookie(cookie_string); + } + + /** + * Method saveOldCookies. + * @param id + * @param cookie_string + */ + public void saveOldCookies(String id,String cookie_string) + { + getCookieWithID(id).saveOldCookies(cookie_string); + } + + /** + * Get a Cookie-Object for a specified session-id + * @param id The session id + * @return Cookie object containing all saved cookies for this session + */ + public Cookie getCookieWithID(String id) + { + Cookie c = null; + if(cookies.containsKey(id)) + c = (Cookie)cookies.get(id); + else + { + c = new Cookie(); + cookies.put(id,c); + } + return c; + } + + + /** + * Get a String containing all cookies of a specified session-id + * saved in that session seperated by '; ' to be sent back to + * the Online-Application + * @param id the session-id + * @return String containing all cookies saved in that session seperated by '; ' + */ + public String getCookie(String id) + { + Cookie result = (Cookie)cookies.get((String)id); + if (result==null) + return null; + return result.getCookies(); + + } + + /** + * Adds a Cookie for a special session from a response with + * response-code 401 to the cookie-pool for sending it back + * to the browser / client + * @param id The session-id + * @param value The complete 'Set-Cookie' - String + */ + public void add401(String id,String value) + { + getCookieWithID(id).add401(value); + } + + /** + * Clear the 401 cookie-pool of a session + * @param id the session-id + */ + public void clear401(String id) + { + getCookieWithID(id).clear401(); + } + + /** + * Get the HashMap containing all cookies of a session to be sent to the browser / client + * @param id the session-id + * @return HashMap with all cookies + */ + public HashMap get401(String id) + { + return getCookieWithID(id).get401(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java new file mode 100644 index 000000000..a47dd8b29 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java @@ -0,0 +1,111 @@ +package at.gv.egovernment.moa.id.data; + +import java.math.BigInteger; +import java.security.Principal; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +/** + * A class containing the issuer and serial number of a certificate, which can + * be used to uniquely identify the certificate. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IssuerAndSerial { + /** store the issuer as String*/ + private String issuerDN; + /** store the serial as BigInteger*/ + private BigInteger serial; + + /** + * Create an IssuerAndSerial object. + * + * The name of the issuer is converted to RFC2253. If it cannot be parsed, the + * DN contained in the issuer is set. + * + * @param issuer The isser of a certificate. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(Principal issuer, BigInteger serial) { + RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); + + try { + this.issuerDN = ((Name) parser.parse()).getRFC2253String(); + } catch (RFC2253NameParserException e) { + this.issuerDN = issuer.getName(); + } + this.serial = serial; + } + + /** + * Create an IssuerAndSerial object. + * + * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(String issuerDN, BigInteger serial) { + this.issuerDN = issuerDN; + this.serial = serial; + } + + /** + * Return the issuer DN in RFC2253 format. + * + * @return The issuer part of this object. + */ + public String getIssuerDN() { + return issuerDN; + } + + /** + * Return the serial number. + * + * @return The serial number of this object. + */ + public BigInteger getSerial() { + return serial; + } + + /** + * Compare this IssuerAndSerial to another object. + * + * @return true, if other is an + * IssuerAndSerial object and the issuer and + * serial fields are both equal. false otherwise. + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object other) { + if (other instanceof IssuerAndSerial) { + IssuerAndSerial ias = (IssuerAndSerial) other; + return getIssuerDN().equals(ias.getIssuerDN()) + && getSerial().equals(ias.getSerial()); + } + return false; + } + + /** + * Return the hash code of this IssuerAndSerial. + * + * @return The hash code of this IssuerAndSerial. + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return issuerDN.hashCode() ^ serial.hashCode(); + } + + /** + * Return a String representation of this + * IssuerAndSerial object. + * + * @return The String representation. + * @see java.lang.Object#toString() + */ + public String toString() { + return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) + + ("> Serial<" + serial.toString() + ">)"); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java new file mode 100644 index 000000000..ed61827b6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.data; + +/** + * Data contained in a <samlp:Status> + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLStatus { + + /** main status code */ + private String statusCode; + /** sub status code */ + private String subStatusCode; + /** status message */ + private String statusMessage; + + /** + * @return status code + */ + public String getStatusCode() { + return statusCode; + } + + /** + * @return status message + */ + public String getStatusMessage() { + return statusMessage; + } + + /** + * @return enclosed sub-status code + */ + public String getSubStatusCode() { + return subStatusCode; + } + + /** + * @param string the status code + */ + public void setStatusCode(String string) { + statusCode = string; + } + + /** + * @param string the status message + */ + public void setStatusMessage(String string) { + statusMessage = string; + } + + /** + * @param string the enclosed sub-status code + */ + public void setSubStatusCode(String string) { + subStatusCode = string; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java new file mode 100644 index 000000000..c338e96fc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -0,0 +1,96 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import java.io.File; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; +import at.gv.egovernment.moa.util.FileUtils; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.CertStoreTypes; +import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class CertStoreConfigurationImpl extends ObservableImpl + implements CertStoreConfiguration, DirectoryCertStoreParameters { + /** identifies the rootDirectory */ + private String rootDirectory; + /** ConfigurationProvider */ + private ConfigurationProvider conf; + /** Array for storing all CertStoreParameters */ + private CertStoreParameters[] parameters; + + /** + * Create a new CertStoreConfigurationImpl. + * + * @param conf The MOA configuration from which the configuration data is + * @throws ConfigurationException an any config-error + * being read. + */ + public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + this.conf=conf; + String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; + String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + if (certStoreRootDirParam == null) + throw new ConfigurationException( + "config.08", new Object[] {paramName}); + + rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); + if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); + File f = new File(rootDirectory); + if (!f.isDirectory()) + throw new ConfigurationException( + "config.05", new Object[] {paramName}); + + parameters = new CertStoreParameters[] { this }; + } + + /** + * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() + */ + public CertStoreParameters[] getParameters() { + return parameters; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return false; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return "MOA ID Directory CertStore"; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return false; + } + + /** + * @return CertStoreTypes.DIRECTORY + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java new file mode 100644 index 000000000..3cd02a2b5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.logging.LogConfigurationException; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Properties; + +/** + * Implementation of interface TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class LoggerConfigImpl implements iaik.logging.LoggerConfig { + + /** logging properties **/ + private Properties loggingProperties; + + /** + * Constructor + */ + public LoggerConfigImpl(String propertyFileURL) throws IOException { + InputStream in = new URL(propertyFileURL).openStream(); + loggingProperties = new Properties(); + loggingProperties.load(in); + in.close(); + } + + /** + * @see iaik.logging.LoggerConfig#getFactory() + */ + public String getFactory() { + return "iaik.logging.impl.Log4jFactory"; + } + + /** + * @see iaik.logging.LoggerConfig#getProperties() + */ + public Properties getProperties() throws LogConfigurationException { + return loggingProperties; + } + + /** + * @see iaik.logging.LoggerConfig#getNodeId() + */ + public String getNodeId() { + return "iaik"; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java new file mode 100644 index 000000000..b41de3c44 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import iaik.pki.PKIConfiguration; +import iaik.pki.pathvalidation.ValidationConfiguration; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.revocation.archive.ArchiveConfiguration; + +/** + * Implementation of interface PKIConfiguration needed to + * initialize an IAIK JSSE TrustManager + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PKIConfigurationImpl implements PKIConfiguration { + /** The configuration for the CertStore */ + private CertStoreConfiguration certStoreConfiguration; + /** The configuration for the RevocationChecks */ + private RevocationConfiguration revocationConfiguration; + /** The configuration for the Validation */ + private ValidationConfiguration validationConfiguration; + + /** + * Constructor + * @param conf the Configuration for the PKIConfig + * @throws ConfigurationException for any config error + */ + public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + + certStoreConfiguration = new CertStoreConfigurationImpl(conf); + revocationConfiguration = new RevocationConfigurationImpl(); + validationConfiguration = new ValidationConfigurationImpl(conf); + } + + /** + * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() + */ + public CertStoreConfiguration getCertStoreConfiguration() { + return certStoreConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() + */ + public RevocationConfiguration getRevocationConfiguration() { + return revocationConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() + */ + public ArchiveConfiguration getArchiveConfiguration() { + return null; + } + + /** + * @see iaik.pki.PKIConfiguration#getValidationConfiguration() + */ + public ValidationConfiguration getValidationConfiguration() { + return validationConfiguration; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java new file mode 100644 index 000000000..fff75775d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.pki.revocation.RevocationConfiguration; + +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; +import java.util.Set; + +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration { + + /** + * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date) + */ + public Set getAlternativeDistributionPoints( + X509Certificate arg0, + X509Certificate arg1, + Date arg2) { + return Collections.EMPTY_SET; + } + + /** + * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String) + */ + public boolean archiveRevocationInfo(String arg0, String arg1) { + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java new file mode 100644 index 000000000..c500e2e8e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.pki.pathvalidation.ValidationConfiguration; + +import java.security.cert.X509Certificate; +import java.security.spec.AlgorithmParameterSpec; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class ValidationConfigurationImpl extends ObservableImpl + implements ValidationConfiguration { + /** The ConfigurationProvider for the validation*/ + private ConfigurationProvider conf; + + /** + * Constructor + * @param conf with the configuration + */ + public ValidationConfigurationImpl(ConfigurationProvider conf) { + this.conf = conf; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) + */ + public String getChainingMode(X509Certificate trustAnchor) { + String chainingMode = conf.getChainingMode(trustAnchor); + return chainingMode; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate) + */ + public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) { + return null; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate) + */ + public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java new file mode 100644 index 000000000..3c37706e1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -0,0 +1,186 @@ +package at.gv.egovernment.moa.id.iaik.pki; + +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Set; + +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; + +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of the PKIProfile interface and subinterfaces + * providing information needed for certificate path validation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PKIProfileImpl extends ObservableImpl + implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { + + /** + * URI to the truststore + */ + private String trustStoreURI; + + /** + * revocation checking; + */ + private boolean revocationChecking; + + /** + * The trust profile identifier. + */ + private String id; + + + /** + * Create a new PKIProfileImpl. + * + * @param trustStoreURI trust store URI + */ + public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) { + this.trustStoreURI = trustStoreURI; + this.revocationChecking = revocationChecking; + String id = String.valueOf(System.currentTimeMillis()); + setId("id-" + id); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + public boolean autoAddCertificates() { + return true; + } + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + public RevocationProfile getRevocationProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + public TrustStoreProfile getTrustStoreProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + public ValidationProfile getValidationProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + public boolean useAuthorityInfoAccess() { + return true; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) + */ + public long getMaxRevocationAge(String arg0) { + return 0; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() + */ + public String getOCSPRequestHashAlgorithm() { + return null; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) + */ + public String[] getPreferredServiceOrder(X509Certificate arg0) { + return new String[] {RevocationSourceTypes.CRL}; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getType() + */ + public String getType() { + return TrustStoreTypes.DIRECTORY; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() + */ + public String getURI() { + return trustStoreURI; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() + */ + public boolean getInitialAnyPolicyInhibit() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() + */ + public boolean getInitialExplicitPolicy() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() + */ + public boolean getInitialPolicyMappingInhibit() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() + */ + public Set getInitialPolicySet() { + return Collections.EMPTY_SET; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() + */ + public boolean getNameConstraintsProcessing() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() + */ + public boolean getPolicyProcessing() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() + */ + public boolean getRevocationChecking() { + return this.revocationChecking; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getId() + */ + public String getId() { + return id; + } + /** + * Sets the trust profile identifier. + * @param id The id to set. + */ + public void setId(String id) { + this.id = id; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java new file mode 100644 index 000000000..9da006d35 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.id.iaik.pki.jsse; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; + +import iaik.pki.jsse.IAIKX509TrustManager; + +/** + * TrustManager implementation featuring CRL checking (inherited from + * IAIKX509TrustManager), plus server-end-SSL-certificate checking. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDTrustManager extends IAIKX509TrustManager { + + /** an x509Certificate array containing all accepted server certificates*/ + private X509Certificate[] acceptedServerCertificates; + + /** + * Constructor + * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store + * @throws GeneralSecurityException occurs on security errors + * @throws IOException occurs on IO errors + */ + public MOAIDTrustManager(String acceptedServerCertificateStoreURL) + throws IOException, GeneralSecurityException { + + if (acceptedServerCertificateStoreURL != null) + buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); + else + acceptedServerCertificates = null; + } + + + /** + * Initializes the LoggingContextManager logging context. + * Fixes a bug occuring in the case MOA-SP is called by API. + * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. + * This method must be called before a MOAIDTrustManager is constructed, + * from every thread. + */ + public static void initializeLoggingContext() { + if (LoggingContextManager.getInstance().getLoggingContext() == null) + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext(Thread.currentThread().getName())); + } + + + /** + * Builds an Array of accepted server certificates from an URL, + * and stores it in acceptedServerCertificates. + * @param acceptedServerCertificateStoreURL file URL pointing to the directory + * containing accepted server X509 certificates + * @throws GeneralSecurityException on security errors + * @throws IOException on any IO errors + */ + private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) + throws IOException, GeneralSecurityException { + + List certList = new ArrayList(); + URL storeURL = new URL(acceptedServerCertificateStoreURL); + File storeDir = new File(storeURL.getFile()); + // list certificate files in directory + File[] certFiles = storeDir.listFiles(); + for (int i = 0; i < certFiles.length; i++) { + // for each: create an X509Certificate and store it in list + File certFile = certFiles[i]; + FileInputStream fis = new FileInputStream(certFile.getPath()); + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); + fis.close(); + certList.add(cert); + } + // store acceptedServerCertificates + acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); + } + + /** + * Does additional server-end-SSL-certificate checking. + * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[]) + */ + public boolean isServerTrusted(X509Certificate[] certChain) { + boolean trusted = super.isServerTrusted(certChain); + if (! trusted || acceptedServerCertificates == null) + return trusted; + else { + // check server-end-SSL-certificate with acceptedServerCertificates + X509Certificate serverCert = certChain[0]; + for (int i = 0; i < acceptedServerCertificates.length; i++) { + X509Certificate acceptedServerCert = acceptedServerCertificates[i]; + if (serverCert.equals(acceptedServerCert)) + return true; + } + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); + return false; + } + } + /** + * In rare cases, this method is being called although it should not be. + * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) + */ + public boolean isClientTrusted(java.security.cert.X509Certificate arg0[]) + { + return true; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java new file mode 100644 index 000000000..8f36ac5c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java @@ -0,0 +1,46 @@ +package at.gv.egovernment.moa.id.iaik.servertools.observer; + +import iaik.pki.store.observer.NotificationData; +import iaik.pki.store.observer.Observable; +import iaik.pki.store.observer.Observer; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + + +/** + * Implementation of interface TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class ObservableImpl implements Observable { + /** a List for all observers */ + private List observers = new ArrayList(); + + /** + * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData) + */ + public void notify(NotificationData data) { + Iterator iter = observers.iterator(); + for (iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(data); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java new file mode 100644 index 000000000..731212ef8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +/** + * Builder for {@link java.net.URLConnection} objects used to forward requests + * to the remote online application. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public interface ConnectionBuilder { + + /** + * Builds an HttpURLConnection to a {@link java.net.URL} which is derived + * from an {@link HttpServletRequest} URL, by substitution of a + * public URL prefix for the real URL prefix.
+ * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but + * it has not yet been connected to by {@link java.net.URLConnection#connect}.
+ * The field settings of the HttpURLConnection are: + *
    + *
  • allowUserInteraction = false
    • + *
  • doInput = true
    • + *
  • doOutput = true
    • + *
  • requestMethod = request.getMethod()
    • + *
  • useCaches = false
    • + *
+ * + * @param request the incoming request which shall be forwarded + * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix + * @param realURLPrefix the URL prefix to substitute the public URL prefix + * @param sslSocketFactory factory to be used for creating an SSL socket in case + * of a URL for scheme "https:"; + *
if null, the default SSL socket factory would be used + * @param parameters parameters to be forwarded + * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to + * the requested URL with publicURLPrefix substituted by realURLPrefix + * @throws IOException if an I/O exception occurs during opening the connection + * @see java.net.URL#openConnection() + * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory() + */ + public HttpURLConnection buildConnection( + HttpServletRequest request, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) throws IOException; + + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param con the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection con); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java new file mode 100644 index 000000000..ff7787839 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; + +/** + * Factory delivering a {@link ConnectionBuilder} implementation for + * an online application, initialized from configuration data. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConnectionBuilderFactory { + + /** default connection builder to be used for online application + * where no special implementation of the ConnectionBuilder + * interface is configured + */ + private static ConnectionBuilder defaultConnectionBuilder; + /** mapping from online application public URL prefix to an implementation + * of the ConnectionBuilder interface to be used; + * if no mapping is given for an online application, the + * DefaultConnectionBuilder will be used */ + private static Map connectionBuilderMap; + + /** + * Initializes the ConnectionBuilder map from the configuration data. + * @throws ConfigurationException when the configuration cannot be read, + * or when a class name configured cannot be instantiated + */ + public static void initialize() throws ConfigurationException { + defaultConnectionBuilder = new DefaultConnectionBuilder(); + connectionBuilderMap = new HashMap(); + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; + String publicURLPrefix = oaParam.getPublicURLPrefix(); + String className = oaParam.getConnectionBuilderImpl(); + if (className != null) { + try { + ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance(); + connectionBuilderMap.put(publicURLPrefix, cb); + } + catch (Throwable ex) { + throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); + } + } + } + } + + /** + * Gets the ConnectionBuilder implementation to be used for the given + * online application. + * @param publicURLPrefix public URL prefix of the online application + * @return ConnectionBuilder implementation + */ + public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) { + ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix); + if (cb == null) + return defaultConnectionBuilder; + else + return cb; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java new file mode 100644 index 000000000..151b1cec3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -0,0 +1,149 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.URL; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +/** + * Defaultimplementierung von ConnectionBuilder. + * @author Paul Ivancsics + * @version $Id$ + */ +public class DefaultConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + + /** + * Constructor for DefaultConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public DefaultConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public HttpURLConnection buildConnection( + HttpServletRequest req, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) + throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + + //Temporary allow http:// urls instead of the https:// in publicURLPrefix + //if (req.getSession().getAttribute("authorizationkey")==null) { + // if (! requestedURL.startsWith(publicURLPrefix)) + // throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + // "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + //} + + // in case of GET request, append query string to requested URL; + // otherwise, HttpURLConnection would perform a POST request + if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { + requestedURL = appendQueryString(requestedURL, parameters); + } + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + URL url = new URL(realURLString); + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + conn.setRequestMethod(req.getMethod()); + conn.setDoInput(true); + conn.setDoOutput(true); + //conn.setUseCaches(false); + //conn.setAllowUserInteraction(true); + conn.setInstanceFollowRedirects(false); + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } + return conn; + } + + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection conn) { + conn.disconnect(); + } + + + /** + * @param requestedURL + * @param parameters + * @return + */ + private String appendQueryString(String requestedURL, Vector parameters) { + String newURL = requestedURL; + String parameter[] = new String[2]; + String paramValue =""; + String paramName =""; + String paramString =""; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + try { + parameter = (String[]) iter.next(); + //next two lines work not with OWA-SSL-Login-form + paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); + paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); + + } catch (UnsupportedEncodingException e) { + //UTF-8 should be supported + } + paramString = "&" + paramName + "=" + paramValue + paramString; + } + if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); + return newURL; + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java new file mode 100644 index 000000000..3df76656b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -0,0 +1,142 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * Implementation of interface LoginParameterResolver + * @author Paul Ivancsics + * @version $Id$ + */ +public class DefaultLoginParameterResolver implements LoginParameterResolver { + + /** + * Constructor + */ + public DefaultLoginParameterResolver() { + } + + /** + * Configuration mehtod (not used) + */ + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + } + + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) { + + Map result = new HashMap(); + + if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) { + String useridPredicate = oaConf.getBasicAuthUserIDMapping(); + String userid = resolveValue(useridPredicate, authData, clientIPAddress); + String passwordPredicate = oaConf.getBasicAuthPasswordMapping(); + String password = resolveValue(passwordPredicate, authData, clientIPAddress); + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + result.put("Authorization", "Basic " + credentials); + } + catch (IOException ignore) { + } + } + else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) { + for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) { + String key = (String) iter.next(); + String predicate = (String) oaConf.getHeaderAuthMapping().get(key); + String resolvedValue = resolveValue(predicate, authData, clientIPAddress); + result.put(key, resolvedValue); + } + } + + return result; + } + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) { + + Map result = new HashMap(); + + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { + for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { + String key = (String) iter.next(); + String predicate = (String) oaConf.getParamAuthMapping().get(key); + String resolvedValue; + try { + resolvedValue = + URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1"); + } catch (UnsupportedEncodingException e) { + //ISO-8859-1 is supported + resolvedValue = null; + } + result.put(key, resolvedValue); + } + } + + return result; + } + + /** + * Resolves a login header or parameter value. + * @param predicate header or parameter predicate name from online application configuration + * @param authData authentication data for current login + * @param clientIPAddress client IP address + * @return header or parameter value resolved; null if unknown name is given + */ + private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { + if (predicate.equals(MOAGivenName)) + return authData.getGivenName(); + if (predicate.equals(MOAFamilyName)) + return authData.getFamilyName(); + if (predicate.equals(MOADateOfBirth)) + return authData.getDateOfBirth(); + if (predicate.equals(MOABPK)) + return authData.getBPK(); + if (predicate.equals(MOAWBPK)) + return authData.getWBPK(); + if (predicate.equals(MOAPublicAuthority)) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals(MOABKZ)) + return authData.getPublicAuthorityCode(); + if (predicate.equals(MOAQualifiedCertificate)) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals(MOAStammzahl)) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals(MOAIPAddress)) + return clientIPAddress; + else return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java new file mode 100644 index 000000000..909e2d51e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -0,0 +1,249 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; + +import com.ibm.webdav.HTTPHeaders; +import com.ibm.webdav.protocol.URLStreamHandlerFactory; +import com.ibm.webdav.protocol.http.WebDAVURLConnection; +import java.util.StringTokenizer; +import java.net.URL; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.net.URLStreamHandler; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +/** + * Defaultimplementierung von ConnectionBuilder. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ElakConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + + /** a boolean to indicat if webdav protocol handler was already set */ + private static boolean webdavPHSet = false; + + /** + * The system property name used to register a protocol handler. + */ + public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs"; + + /** + * The package providing the ldap protocol handler. + */ + public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol"; + + /** + * The pipe character used to sepearte different protocol handlers. + */ + public final static char PIPE_CHAR = '|'; + + + + + + /** + * Constructor for ElakConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public ElakConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public HttpURLConnection buildConnection( + HttpServletRequest req, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) + throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + if (! requestedURL.startsWith(publicURLPrefix)) + throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + + + + // in case of GET request, append query string to requested URL; + // otherwise, HttpURLConnection would perform a POST request + //FIXME right parameters + /* + if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { + requestedURL = appendQueryString(requestedURL, parameters); + } + */ + //TODO RSCH check functionality + if (null != req.getQueryString() && 0 != req.getQueryString().length() ) { + String query = req.getQueryString(); + requestedURL = requestedURL + "?" + query; + + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + if(query.indexOf(parameter[0]) >= 0) iter.remove(); + } + } + + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + + + Logger.info("Registering WebDAV protocol handler"); + String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME); + if (protocolHandlers == null) { + protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER; + System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); + } else { + // check, if WEBDAV protocol handler is already configured + boolean isConfigured = false; + StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| "); + while (tokenizer.hasMoreTokens()) { + String protocolHandler = tokenizer.nextToken(); + if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) { + isConfigured = true; + break; + } + } + // if it has not been configured yet, configure it + if (!isConfigured) { + protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers; + System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); + } + } + Logger.info("Registered protocol handlers: " + protocolHandlers); + Class webdavSH = null; + try + { + webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler"); + } + catch (ClassNotFoundException e) + { + // TODO Auto-generated catch block + e.printStackTrace(); + } + URLStreamHandler urlStreamHandler = null; + try + { + urlStreamHandler = (URLStreamHandler) webdavSH.newInstance(); + } + catch (InstantiationException e1) + { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + catch (IllegalAccessException e1) + { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler); + //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection(); + + + URL testURL = new URL(realURLString); + Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName()); + + //URL url = new URL(realURLString); + URL testURL2 = new URL(realURLString); + + URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler); + + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection(); + HttpURLConnection conn = (HttpURLConnection)webDavConn; + webDavConn.setRequestMethod(req.getMethod()); + webDavConn.setDoInput(true); + webDavConn.setDoOutput(true); + //conn.setUseCaches(false); + webDavConn.setAllowUserInteraction(true); + webDavConn.setInstanceFollowRedirects(false); + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } + return conn; + } + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection conn) { + conn.disconnect(); + } + + /** + * @param requestedURL + * @param parameters + * @return + */ + private String appendQueryString(String requestedURL, Vector parameters) { + String newURL = requestedURL; + String parameter[] = new String[2]; + String paramValue =""; + String paramName =""; + String paramString =""; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + try { + parameter = (String[]) iter.next(); + //Following two lines do not work with OWA-SSL-Login-form + paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); + paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); + + } catch (UnsupportedEncodingException e) { + //UTF-8 should be supported + } + paramString = "&" + paramName + "=" + paramValue + paramString; + } + if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); + return newURL; + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java new file mode 100644 index 000000000..f934ab80b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -0,0 +1,211 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.net.URL; +import java.net.URLStreamHandler; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import HTTPClient.HttpURLConnection; +import HTTPClient.HTTPConnection; + + +/** + * Outlook Web Access (OWA) Implementierung von ConnectionBuilder. + * uses the HTTP(s)Client from Ronald Tschalär. + * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ + * + * @author pdanner + */ +public class EnhancedConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + /** Name of the Parameter for the Target */ + private static final String PARAM_TARGET = "Target"; + /** Name of the Parameter for the SAMLArtifact */ + private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Name of the Attribute for marking the session as authenticated*/ + private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; + + static { + HTTPConnection.setDefaultTimeout(0); + try { + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule")); + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule")); + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule")); + //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule")); + } catch (ClassNotFoundException e) { + + } + } + + /** + * Constructor for OWAConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public EnhancedConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + + if (! requestedURL.startsWith(publicURLPrefix.substring(0,5))) + throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + + String query = req.getQueryString(); + if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) { + query = removeParameter(query, PARAM_SAMLARTIFACT); + query = removeParameter(query, PARAM_TARGET); + req.getSession().removeAttribute(ATT_AUTHDATAFETCHED); + } + if (null != query && 0 != query.length() ) { + requestedURL = requestedURL + "?" + query; + + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + if(query.indexOf(parameter[0]) >= 0) iter.remove(); + } + } + + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + + // build real URL in online application + URLStreamHandler urlStreamHandler = null; + + //URL url = new URL(realURLString); + if (realURLString.startsWith("https")) { + urlStreamHandler = new HTTPClient.https.Handler(); + } else{ + urlStreamHandler = new HTTPClient.http.Handler(); + } + URL url = new URL(null, realURLString, urlStreamHandler); + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + + conn.setRequestMethod(req.getMethod()); + conn.setDoInput(true); + conn.setDoOutput(true); + //conn.setUseCaches(false); + //conn.setAllowUserInteraction(true); + conn.setInstanceFollowRedirects(false); + + if (realURLString.startsWith("https") && sslSocketFactory != null) { + conn.setSSLSocketFactory(sslSocketFactory); + //Not available in HTTPClient + //if (cbDisableHostnameVerification) + // conn.setHostnameVerifier(new HostnameNonVerifier()); + } + + return conn; + + } + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(java.net.HttpURLConnection conn) { + // In HTTPClient there must not be an diconnect! + // conn.disconnect(); + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + + /** + * Removes parameters from the query-URL recursively + * + * @param query the query from which the parameter is to be removed + * @param parameter the parameter to be removed + * @return the parameterclean query + */ + private String removeParameter(String query, String parameter) { + return removeParameter(query, parameter, true); + } + + /** + * Removes one parameter from the query-URL recursively + * + * @param query the query from which the parameter is to be removed + * @param parameter the parameter to be removed + * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences + * @return the parameterclean query + */ + private String removeParameter(String query, String parameter, boolean remove) { + String result = query; + if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) { + String param = parameter; + int capEnd=0; + if (!param.endsWith("=")) param=param+"="; + if (query.startsWith(param)) { + //remove leading + result=""; + } else { + if (!param.startsWith("&")) param="&"+param; + capEnd = query.indexOf(param); + if (capEnd!=-1) { + //leading part + result=query.substring(0, capEnd); + } + } + if (capEnd!=-1) { + //trailing part + capEnd += param.length(); + int capBegin = -1; + if (capEnd MOAIDConfiguration-1.2.xsd, type MOAAuthDataType, + * naming predicates used by the LoginParameterResolver. */ + public static final String MOAGivenName = "MOAGivenName"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAFamilyName = "MOAFamilyName"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOADateOfBirth = "MOADateOfBirth"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOABPK = "MOABPK"; + /** Constant used in MOAIDConfiguration-1.3.xsd, type MOAAuthDataType */ + public static final String MOAWBPK = "MOAWBPK"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAPublicAuthority = "MOAPublicAuthority"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOABKZ = "MOABKZ"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAStammzahl = "MOAStammzahl"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAIdentificationValueType = "MOAIdentificationValueType"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAIPAddress = "MOAIPAddress"; + + /** + * Returns authentication headers to be added to a URLConnection. + * + * @param oaConf configuration data + * @param authData authentication data + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode + * @param publicURLPrefix to distinguish different online applications + * @return A map, the keys being header names and values being corresponding header values. + *
In case of authentication type "basic-auth", header fields + * username and password. + *
In case of authentication type "header-auth", header fields + * derived from parameter mapping and authentication data provided. + *
Otherwise, an empty map. + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; + + /** + * Returns request parameters to be added to a URLConnection. + * + * @param oaConf configuration data + * @param authData authentication data + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode + * @param publicURLPrefix to distinguish different online applications + * @return A map, the keys being parameter names and values being corresponding parameter values. + *
In case of authentication type "param-auth", parameters + * derived from parameter mapping and authentication data provided. + *
Otherwise, an empty map. + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; + + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java new file mode 100644 index 000000000..3aa2368bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class LoginParameterResolverException extends MOAIDException { + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + * @param wrapped + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java new file mode 100644 index 000000000..8edd23438 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; + +/** + * Factory delivering a {@link LoginParameterResolver} implementation for + * an online application, initialized from configuration data. + * @author Paul Ivancsics + * @version $Id$ + */ +public class LoginParameterResolverFactory { + + /** default login parameter resolver to be used for online application + * where no special implementation of the LoginParameterResolver + * interface is configured + */ + private static LoginParameterResolver defaultLoginParameterResolver; + /** mapping from online application public URL prefix to an implementation + * of the LoginParameterResolver interface to be used; + * if no mapping is given for an online application, the + * DefaultLoginParameterResolver will be used */ + private static Map loginParameterResolverMap; + + /** + * Initializes the LoginParameterResolver map from the configuration data. + * @throws ConfigurationException when the configuration cannot be read, + * or when a class name configured cannot be instantiated + */ + public static void initialize() throws ConfigurationException { + defaultLoginParameterResolver = new DefaultLoginParameterResolver(); + loginParameterResolverMap = new HashMap(); + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; + String publicURLPrefix = oaParam.getPublicURLPrefix(); + String className = oaParam.getLoginParameterResolverImpl(); + String configuration = oaParam.getLoginParameterResolverConfiguration(); + if (className != null) { + try { + Class lprClass = Class.forName(className); + LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); + + Class[] argumentTypes = { String.class, Boolean.class }; + Method confMethod = lprClass.getMethod( "configure", argumentTypes ); + + Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) }; + confMethod.invoke( lpr, arguments ); + + loginParameterResolverMap.put(publicURLPrefix, lpr); + } + catch (InvocationTargetException lpex) { + throw new ConfigurationException("config.11", new Object[] {className}, lpex); + } + catch (Throwable ex) { + throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); + } + } + } + } + + /** + * Gets the LoginParameterResolver implementation to be used for the given + * online application. + * @param publicURLPrefix public URL prefix of the online application + * @return LoginParameterResolver implementation + */ + public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) { + LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix); + if (lpr == null) + return defaultLoginParameterResolver; + else + return lpr; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java new file mode 100644 index 000000000..3f615b01c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -0,0 +1,95 @@ +package at.gv.egovernment.moa.id.proxy; + +import iaik.pki.PKIException; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import javax.net.ssl.SSLSocketFactory; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Web application initializer + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDProxyInitializer { + + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + */ + public static void initialize() + throws ConfigurationException, IOException, GeneralSecurityException, PKIException { + + Logger.setHierarchy("moa.id.proxy"); + + // Restricts TLS cipher suites + System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + + // load some jsse classes so that the integrity of the jars can be verified + // before the iaik jce is installed as the security provider + // this workaround is only needed when sun jsse is used in conjunction with + // iaik-jce (on jdk1.3) + ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); + try { + cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar + } + catch (ClassNotFoundException e) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); + } + + // Initializes the SSLSocketFactory store + SSLUtils.initialize(); + + // Initializes IAIKX509TrustManager logging + String log4jConfigURL = System.getProperty("log4j.configuration"); + if (log4jConfigURL != null) { + IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); + } + + // Loads the configuration + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); + + // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, + // using configuration data + ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); + if (connParamAuth!=null) { + if (connParamAuth.isHTTPSURL()) { + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + AxisSecureSocketFactory.initialize(ssf); + } + } else { + throw new ConfigurationException("config.16", null); + } + + // Initializes the Axis secure socket factories for use in calling the online applications, + // using configuration data + OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAProxyParameter oaParam = oaParams[i]; + ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); + if (oaConnParam.isHTTPSURL()) + SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + } + + // Initializes the ConnectionBuilderFactory from configuration data + ConnectionBuilderFactory.initialize(); + + // Initializes the LoginParameterResolverFactory from configuration data + LoginParameterResolverFactory.initialize(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java new file mode 100644 index 000000000..849160a7b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * Reason for this exception: the dedicated LoginParameterResolver does + * not allow access to the desired ressource. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class NotAllowedException extends MOAIDException { + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + */ + public NotAllowedException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + * @param wrapped + */ + public NotAllowedException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java new file mode 100644 index 000000000..9bfd9de9b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -0,0 +1,678 @@ +package at.gv.egovernment.moa.id.proxy; + +import iaik.security.provider.IAIK; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * XMLLoginParameterResolver an implementation of implementation of interface + * LoginParameterResolver + * This implementation used to map identities stored in an XML file to parameters + * which are given to OAs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver { + + //file which is parsed and interpreted for paremeter resolving. + private String identityFile; + + private Cipher blowfishCipher; + private Key key; + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + //TODO XMLLPR decrypt + public String getPlainUN() { + //Security.addProvider(); + + + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or null not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or null not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or null not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or null not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a String representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param2 = Param2; + this.Param3 = Param3; + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver object. + **/ + public XMLLoginParameterResolverEncryptedData() { + bPKMap = new HashMap(); + namedMap = new HashMap(); + } + + /** + * configuration method + * @param configuration enabled enable user mapping to parameter set for the parameter set. + */ + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + File idFile; + Element rootElement; + + Security.addProvider(new IAIK()); + try { + blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK"); + + } catch (NoSuchPaddingException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()}); + } catch (NoSuchProviderException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()}); + } catch (NoSuchAlgorithmException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()}); + } + + String plaintext = "start"; + String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim"); + String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim"); + Logger.debug("plaintext: " + plaintext); + Logger.debug("encrypted: " + encrypted); + Logger.debug("decrypted: " + decrypted); + + //make file name absolut (if it is relative to main config file) + //TODO MOAID XMLLPR check + String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); + this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); + + if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + } + try { + rootElement = readXMLFile(identityFile); + } catch (IOException lex) { + Logger.error(lex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + + } catch (SAXException sex) { + Logger.error(sex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() }); + } catch (ParserConfigurationException e) { + // TODO XMLPR Auto-generated catch block + Logger.error(e.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); + } + buildInfo(rootElement, businessService.booleanValue()); + isConfigured = true; + } + + /** + * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext + * @param plaintext + * @param bPK + * @param masterSecret + * @return encrypted data (blowfish encrypted, base64 encoded) + * @throws LoginParameterResolverException + */ + public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + + blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param); + byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8")); + return Base64Utils.encode(cipherText); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + /** + * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext + * @param ciphertext (blowfish encrypted, base64encoded) + * @param bPK + * @param masterSecret + * @return decrypted Data (plaintext) + * @throws LoginParameterResolverException + */ + public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + blowfishCipher.init(Cipher.DECRYPT_MODE, key, param); + byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true)); + return new String(plaintext); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { + Map result = new HashMap(); + + if (!isConfigured) { + //TODO XMLLPR + throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + + identityFile + "' is not configured!", null); + } + + //get the Identity of the user + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //HTTP 401 - Basic Authentication + if (oaConf.getAuthType().equals("basic")) { + userid = (null != params.getUN()) ? params.getUN() : ""; + password = (null != params.getPW()) ? params.getPW() : ""; + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8")); + Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } catch (IOException ignore) { + throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"}); + } + } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication + String key; + String resolvedValue; + //TODO MOAID XMLLPR select value through OA-ConfigFile; + if(null != params.getUN()) result.put("UN", params.getUN()); + if(null != params.getPW()) result.put("UN", params.getPW()); + if(null != params.getParam1()) result.put("UN", params.getParam1()); + if(null != params.getParam2()) result.put("UN", params.getParam2()); + if(null != params.getParam3()) result.put("UN", params.getParam3()); + + } else { + throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"}); + } + + return result; + } + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { + + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //TODO MOAID XMLLPR URLEncoder.encode + if (oaConf.getAuthType().equals("param")) { + try { + if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); + if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1")); + if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1")); + if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1")); + if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1")); + } catch (UnsupportedEncodingException e) { + // ISO-8859-1 is supported + throw new LoginParameterResolverException("URLEncoder error", null); + } + } else { + throw new LoginParameterResolverException("AuthType not supported", null); + } + return result; + } + + /** + * Resolves a login header or parameter value. + * @param predicate header or parameter predicate name from online application configuration + * @param authData authentication data for current login + * @param clientIPAddress client IP address + * @return header or parameter value resolved; null if unknown name is given + */ + private static String resolveValue( + String predicate, + AuthenticationData authData, + String clientIPAddress) { + if (predicate.equals("MOAGivenName")) + return authData.getGivenName(); + if (predicate.equals("MOAFamilyName")) + return authData.getFamilyName(); + if (predicate.equals("MOADateOfBirth")) + return authData.getDateOfBirth(); + if (predicate.equals("MOABPK")) + return authData.getBPK(); + if (predicate.equals("MOAWBPK")) + return authData.getWBPK(); + if (predicate.equals("MOAPublicAuthority")) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals("MOABKZ")) + return authData.getPublicAuthorityCode(); + if (predicate.equals("MOAQualifiedCertificate")) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals("MOAStammzahl")) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals("MOAIPAddress")) + return clientIPAddress; + else + return null; + } + + /** + * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element. + * @param fileName of the configuration file. + */ + private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException { + Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName); + + InputStream stream = null; + Element configElem; + + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return configElem; + } + + /** + * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. + * @param root document root element. + */ + private void buildInfo(Element root, boolean businessService) { + NodeList idList = root.getElementsByTagName(XSD_IDELEM); + NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); + String wType =""; + if (businessService) wType = "w"; + for (int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + + for (int i = 0; i < paramList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + + for (int i = 0; i < idList.getLength(); i++) { + Element tmpElem = (Element) idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM); + for (int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + + //Search for NamedIdentity Elements + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," + + tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," + + tmpElem.getAttribute(XSD_BIRTHDATEATTR); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + //TODO XMLLPR remove + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { + + //(w)bPKIdentity Elements + if (businessService) { + tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM); + } else { + tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + } + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = ""; + if (businessService) { + tmpStr = tmpElem.getAttribute(XSD_WBPKATTR); + } else { + tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + } + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { + if (businessService) { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found"); + } else { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + } + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); + } + + + + + /** + * searches for a given bPK and returns the appropriate LPRParams structure + * @param bPK search argument + * @return LPRParams if bPK could be found in internal mappings or null otherwise. + */ + LPRParams bPKIdentitySearch(String bPK, String wType) { + //search for mapping with (w)bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK); + LPRParams params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!"); + return null; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled"); + return null; + } + + /** + * searches for a given namedIdentity and returns the appropriate LPRParams structure + * @param surName surname search argument + * @param givenName givenname search argument + * @param dateOfBirth dateofbirth search argument + * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise. + */ + LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { + Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth); + //try first a search with surname, givenname and birthdate + LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); + if (null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!"); + //try a search with surname, givenname only + params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); + if(null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!"); + return null; + } + } + + if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled"); + return null; + } + + //public static final String XSD_MAPPING = "Mapping"; + //public static final String XSD_DOCELEM = "MOAIdentities"; + public static final String XSD_IDELEM = "Identity"; + public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_WBPKIDELEM = "wbPKIdentity"; + public static final String XSD_PARAMELEM = "Parameters"; + public static final String XSD_SURNAMEATTR = "SurName"; + public static final String XSD_GIVENNAMEATTR = "GivenName"; + public static final String XSD_BIRTHDATEATTR = "BirthDate"; + public static final String XSD_BIRTHDATEBLANKATTR = "any"; + public static final String XSD_BPKATTR = "bPK"; + public static final String XSD_WBPKATTR = "wbPK"; + public static final String XSD_UNATTR = "UN"; + public static final String XSD_PWATTR = "PW"; + public static final String XSD_PARAM1ATTR = "Param1"; + public static final String XSD_PARAM2ATTR = "Param2"; + public static final String XSD_PARAM3ATTR = "Param3"; + private Map bPKMap; + private Map namedMap; + private boolean isConfigured = false; +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java new file mode 100644 index 000000000..aedafdf85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -0,0 +1,422 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import java.io.IOException; +import java.util.*; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.*; + +// Referenced classes of package at.gv.egovernment.moa.id.proxy: +// +// TODO MOA-ID test full functionality + +public class XMLLoginParameterResolverPlainData + implements LoginParameterResolver +{ + private String configuration; + + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getPlainUN() { + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or null not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or null not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or null not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or null not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a String representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param2 = Param2; + this.Param3 = Param3; + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + //TODO document + public XMLLoginParameterResolverPlainData() + { + bPKMap = new HashMap(); + namedMap = new HashMap(); + + } + + //TODO document + public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException + { + Map result = new HashMap(); + if(oaConf.getAuthType().equals("basic")) + { + String famName = resolveValue(MOAFamilyName, authData, clientIPAddress); + String givenName = resolveValue(MOAGivenName, authData, clientIPAddress); + String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + String param1 = ""; + String param2 = ""; + String param3 = ""; + + LPRParams params = null; + boolean userFound = false; + + //first step: search for (w)bPK entry in user list + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK); + params = (LPRParams)bPKMap.get(bPK); + if(params == null) + Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!"); + else + if(params.getEnabled()) + { //if user is enabled: get related parameters + Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } else + { + Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled"); + } + if(!userFound) //secound step: search for name entry in user list + { + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth); + params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth); + if(params == null) { + Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!"); + //try also with wildcard ("*") birthdate + params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*"); + if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!"); + } + + if(null != params && params.getEnabled()) + { + Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } + } + if(!userFound) //third step: search for default user in user list + { + //third step: search for (w)bPK for the default user entry in user list + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user"); + params = (LPRParams)bPKMap.get("default"); + if(params == null) + Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!"); + else + if(params.getEnabled()) + { //if user is enabled: get related parameters + Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } else + { + Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled"); + } + } + + if(!userFound) //if user is not found then throw NotAllowedException exception + { + //TODO MOA-ID proove this with testcases! + Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login"); + throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { }); + } + try //if user was found: generate Authorization header entry with associated credemtials + { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } + catch(IOException ignore) { } + } else + if(oaConf.getAuthType().equals("header")) + { + String key; + String resolvedValue; + for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) + { + key = (String)iter.next(); + String predicate = (String)oaConf.getHeaderAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + + } + return result; + } + + public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) + { + Map result = new HashMap(); + if(oaConf.getAuthType().equals("param")) + { + String key; + String resolvedValue; + for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) + { + key = (String)iter.next(); + String predicate = (String)oaConf.getParamAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + + } + return result; + } + + private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) + { + if(predicate.equals(MOAGivenName)) + return authData.getGivenName(); + if(predicate.equals(MOAFamilyName)) + return authData.getFamilyName(); + if(predicate.equals(MOADateOfBirth)) + return authData.getDateOfBirth(); + if(predicate.equals(MOABPK)) + return authData.getBPK(); + if(predicate.equals(MOAWBPK)) + return authData.getWBPK(); + if(predicate.equals(MOAPublicAuthority)) + if(authData.isPublicAuthority()) + return "true"; + else + return "false"; + if(predicate.equals(MOABKZ)) + return authData.getPublicAuthorityCode(); + if(predicate.equals(MOAQualifiedCertificate)) + if(authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if(predicate.equals(MOAStammzahl)) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if(predicate.equals(MOAIPAddress)) + return clientIPAddress; + else + return null; + } + + private Document readXMLFile(String fileName) throws LoginParameterResolverException + { + Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName); + DOMParser parser = new DOMParser(); + try + { + parser.setFeature("http://xml.org/sax/features/validation", true); + parser.setFeature("http://apache.org/xml/features/validation/schema", true); + parser.parse(fileName); + return parser.getDocument(); + } + catch(Exception e) + { + String msg = e.toString(); + throw new LoginParameterResolverException("proxy.13", new Object[] {": XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg}); + } + } + + private void buildInfo(Document doc, boolean businessService) + { + Element root = doc.getDocumentElement(); + NodeList idList = root.getElementsByTagName("Identity"); + NodeList paramList = root.getElementsByTagName("Parameters"); + String wType =""; + if (businessService) wType = "w"; + for(int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); + + for(int i = 0; i < paramList.getLength(); i++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName()); + + for(int i = 0; i < idList.getLength(); i++) + { + Element tmpElem = (Element)idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); + for(int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName()); + + if(1 == tmpList.getLength()) + { + tmpElem = (Element)tmpList.item(0); + String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate"); + boolean tmpBool = false; + if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element)paramList.item(i); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else + { + tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity"); + if(1 == tmpList.getLength()) + { + tmpElem = (Element)tmpList.item(0); + String tmpStr = tmpElem.getAttribute(wType + "bPK"); + boolean tmpBool = false; + if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element)paramList.item(i); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); + bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else + { + Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found"); + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); + } + + //public static final String XSD_DOCELEM = "MOAIdentities"; + //public static final String XSD_IDELEM = "Identity"; + //public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + //public static final String XSD_BPKIDELEM = "bPKIdentity"; + //public static final String XSD_PARAMELEM = "Parameters"; + //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; + private Map bPKMap; + private Map namedMap; + + + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); + this.configuration = configuration; + String fileName = configuration; + if(fileName == null) { + fileName = "file:conf/moa-id/Identities.xml"; + Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); + } + Document doc = readXMLFile(fileName); + buildInfo(doc, businessService.booleanValue() ); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java new file mode 100644 index 000000000..e0e1fde4a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.proxy.builder; + +import java.text.MessageFormat; +import java.util.Calendar; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; + +/** + * Builder for the <samlp:Request> used for querying + * the authentication data <saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLRequestBuilder implements Constants { + /** samlp-Request template */ + private static final String REQUEST = + "" + + "{2}" + + ""; + + /** + * Constructor for SAMLRequestBuilder. + */ + public SAMLRequestBuilder() { + super(); + } + + /** + * Builds the <samlp:Request>. + * @param requestID request ID + * @param samlArtifactBase64 SAML artifact, encoded BASE64 + * @return the DOM element + */ + public Element build(String requestID, String samlArtifactBase64) throws BuildException { + try { + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); + Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return requestElem; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"samlp:Request", ex.toString()}, + ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java new file mode 100644 index 000000000..f7e5299ab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -0,0 +1,143 @@ +package at.gv.egovernment.moa.id.proxy.invoke; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; +import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; +import at.gv.egovernment.moa.id.util.Random; + +/** + * Invoker of + *
    + *
  • either the GetAuthenticationData web service of MOA-ID Auth
    • + *
  • or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},
    • + *
+ * depending of the configuration. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetAuthenticationDataInvoker { + /** Create a new QName object for the webservice endpoint */ + private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); + + /** invoked object for API call of MOA-ID Auth */ + private static Object apiServer = null; + /** invoked method for API call of MOA-ID Auth */ + private static Method apiMethod = null; + + /** + * Invokes the service passing domain model objects. + * @param samlArtifact SAML artifact + * @return AuthenticationData object + * @throws ServiceException on any exception thrown + */ + /** + * Get authentication data from the MOA-ID Auth component, + * either via API call or via web service call. + * @param samlArtifact SAML artifact to be used as a parameter + * @return AuthenticationData + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { + + ConnectionParameter authConnParam = + ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); + if (authConnParam == null) { + try { + if (apiServer == null) { + Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); + Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null); + apiServer = getInstanceMethod.invoke(null, (Object[]) null); + apiMethod = serverClass.getMethod( + "getAuthenticationData", new Class[] {String.class}); + } + AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); + return authData; + } + catch (InvocationTargetException ex) { + Throwable targetEx = ex.getTargetException(); + if (targetEx instanceof AuthenticationException) + throw (AuthenticationException) targetEx; + else + throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); + } + catch (Throwable ex) { + throw new ProxyException("proxy.09", new Object[] {ex.toString()}); + } + } + else { + Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); + Element samlpResponse = getAuthenticationData(samlpRequest); + SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); + SAMLStatus status = srp.parseStatusCode(); + if (! "samlp:Success".equals(status.getStatusCode())) { + // on error status throw exception + String code = status.getStatusCode(); + if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) + code += "(" + status.getSubStatusCode() + ")"; + throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); + } + return srp.parseAuthenticationData(); + } + } + + /** + * Invokes the service passing DOM elements. + * @param request request DOM element + * @return response DOM element + * @throws ServiceException on any exception thrown + */ + public Element getAuthenticationData(Element request) throws ServiceException { + try { + Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); + Call call = service.createCall(); + SOAPBodyElement body = + new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] {body}; + Vector responses; + SOAPBodyElement response; + + String endPoint; + ConnectionParameter authConnParam = + ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); + + //If the ConnectionParameter do NOT exist, we throw an exception .... + if (authConnParam!=null) { + endPoint = authConnParam.getUrl(); + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(SERVICE_QNAME, params); + response = (SOAPBodyElement) responses.get(0); + return response.getAsDOM(); + } + else + { + throw new ServiceException("service.01", null); + } + } + catch (Exception ex) { + throw new ServiceException("service.00", new Object[] {ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java new file mode 100644 index 000000000..6bf5da02b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -0,0 +1,158 @@ +package at.gv.egovernment.moa.id.proxy.parser; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parser for the <saml:Assertion> returned by the + * GetAuthenticationData web service. + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationDataAssertionParser implements Constants { + + /** Prefix for SAML-Xpath-expressions */ + private static String SAML = SAML_PREFIX + ":"; + /** Prefix for PersonData-Xpath-expressions */ + private static String PR = PD_PREFIX + ":"; + /** Prefix for Attribute MajorVersion in an Xpath-expression */ + private static String MAJOR_VERSION_XPATH = + "@MajorVersion"; + /** Prefix for Attribute MinorVersion in an Xpath-expression */ + private static String MINOR_VERSION_XPATH = + "@MinorVersion"; + /** Prefix for Attribute AssertionID in an Xpath-expression */ + private static String ASSERTION_ID_XPATH = + "@AssertionID"; + /** Prefix for Attribute Issuer in an Xpath-expression */ + private static String ISSUER_XPATH = + "@Issuer"; + /** Prefix for Attribute IssueInstant in an Xpath-expression */ + private static String ISSUE_INSTANT_XPATH = + "@IssueInstant"; + /** Prefix for Element AttributeStatement in an Xpath-expression */ + private static String ATTRIBUTESTATEMENT_XPATH = + SAML + "AttributeStatement/"; + /** Prefix for Element NameIdentifier in an Xpath-expression */ + private static String PK_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Subject/" + + SAML + "NameIdentifier"; + private static String NAME_QUALIFIER_XPATH = + PK_XPATH + "/@NameQualifier"; + /** Prefix for Element Person in an Xpath-expression */ + private static String PERSONDATA_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"PersonData\"]/" + + SAML + "AttributeValue/" + + PR + "Person/"; + /** Prefix for Element Value in an Xpath-expression */ + private static String IDENTIFICATION_VALUE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Value"; + private static String IDENTIFICATION_TYPE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Type"; + /** Prefix for Element GivenName in an Xpath-expression */ + private static String GIVEN_NAME_XPATH = + PERSONDATA_XPATH + + PR + "Name/" + + PR + "GivenName"; + /** Prefix for Element FamilyName in an Xpath-expression */ + private static String FAMILY_NAME_XPATH = + PERSONDATA_XPATH + + PR + "Name/" + + PR + "FamilyName"; + /** Prefix for Element DateOfBirth in an Xpath-expression */ + private static String DATE_OF_BIRTH_XPATH = + PERSONDATA_XPATH + + PR + "DateOfBirth"; + /** Prefix for Element AttributeValue in an Xpath-expression */ + private static String IS_QUALIFIED_CERT_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" + + SAML + "AttributeValue"; + /** Prefix for Element AttributeValue in an Xpath-expression */ + private static String PUBLIC_AUTHORITY_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" + + SAML + "AttributeValue"; + /** Element samlAssertion represents the SAML:Assertion */ + private Element samlAssertion; + + /** + * Constructor + * @param samlAssertion samlpResponse the <samlp:Response> as a DOM element + */ + public AuthenticationDataAssertionParser(Element samlAssertion) { + this.samlAssertion = samlAssertion; + } + + /** + * Parses the <saml:Assertion>. + * @return AuthenticationData object + * @throws ParseException on any error + */ + public AuthenticationData parseAuthenticationData() + throws ParseException { + + try { + AuthenticationData authData = new AuthenticationData(); + //ÄNDERN: NUR der Identification-Teil + authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); + authData.setMajorVersion(new Integer( + XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); + authData.setMinorVersion(new Integer( + XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue()); + authData.setAssertionID( + XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, "")); + authData.setIssuer( + XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); + authData.setIssueInstant( + XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); + String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); + if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { + authData.setBPK(pkValue); + } else { + authData.setWBPK(pkValue); + } + authData.setIdentificationValue( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); + authData.setIdentificationType( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); + authData.setGivenName( + XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); + authData.setFamilyName( + XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, "")); + authData.setDateOfBirth( + XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, "")); + authData.setQualifiedCertificate(BoolUtils.valueOf( + XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, ""))); + String publicAuthority = + XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null); + if (publicAuthority == null) { + authData.setPublicAuthority(false); + authData.setPublicAuthorityCode(""); + } + else { + authData.setPublicAuthority(true); + if (! publicAuthority.equalsIgnoreCase("true")) + authData.setPublicAuthorityCode(publicAuthority); + } + return authData; + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java new file mode 100644 index 000000000..9f77578fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -0,0 +1,100 @@ +package at.gv.egovernment.moa.id.proxy.parser; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parser for the <samlp:Response> returned by the + * GetAuthenticationData web service. + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseParser implements Constants { + /** Element containing the samlResponse */ + private Element samlResponse; + /** Xpath prefix for reaching SAMLP Namespaces */ + private static String SAMLP = SAMLP_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching PersonData Namespaces */ + private static String PR = PD_PREFIX + ":"; + /** Xpath expression for reaching the SAMLP:Response element */ + private static final String ROOT = + "/" + SAMLP + "Response/"; + /** Xpath expression for reaching the SAMLP:Status element */ + private static final String STATUS_XPATH = + ROOT + + SAMLP + "Status/"; + /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */ + private static final String STATUSCODE_XPATH = + STATUS_XPATH + + SAMLP + "StatusCode/@Value"; + /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */ + private static final String SUBSTATUSCODE_XPATH = + STATUS_XPATH + + SAMLP + "StatusCode/" + + SAMLP + "StatusCode/@Value"; + /** Xpath expression for reaching the SAMLP:StatusMessage element */ + private static final String STATUSMESSAGE_XPATH = + STATUS_XPATH + + SAMLP + "StatusMessage"; + /** Xpath expression for reaching the SAML:Assertion element */ + private static String ASSERTION_XPATH = + ROOT + + SAML + "Assertion"; + + /** + * Constructor + * @param samlResponse the <samlp:Response> as a DOM element + */ + public SAMLResponseParser(Element samlResponse) { + this.samlResponse = samlResponse; + } + + /** + * Parses the <samlp:StatusCode> from the <samlp:Response>. + * @return AuthenticationData object + * @throws ParseException on any parsing error + */ + public SAMLStatus parseStatusCode() + throws ParseException { + + SAMLStatus status = new SAMLStatus(); + try { + status.setStatusCode( + XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, "")); + status.setSubStatusCode( + XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, "")); + status.setStatusMessage( + XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, "")); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + return status; + } + + /** + * Parses the <saml:Assertion> from the <samlp:Response>. + * @return AuthenticationData object + * @throws ParseException on any parsing error + */ + public AuthenticationData parseAuthenticationData() + throws ParseException { + + Element samlAssertion; + try { + samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java new file mode 100644 index 000000000..4ab2e2cf7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import java.io.IOException; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for updating the MOA-ID Auth configuration from configuration file + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationServlet extends HttpServlet { + + /** + * Handle a HTTP GET request, used to indicated that the MOA + * configuration needs to be updated (reloaded). + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); + try { + MOAIDProxyInitializer.initialize(); + + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); + Logger.info(message); + + HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response); + } catch (Throwable t) { + String errorMessage = msg.getMessage("config.04", null); + Logger.error(errorMessage, t); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response); + } + } + + /** + * Do the same as doGet. + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } + +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); +} + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java new file mode 100644 index 000000000..0080c010e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ProxyException extends MOAIDException { + + /** + * Constructor for ProxyException. + * @param messageId + * @param parameters + */ + public ProxyException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ProxyException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ProxyException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java new file mode 100644 index 000000000..6d215c35e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -0,0 +1,879 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintWriter; +import java.io.StringWriter; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.CookieManager; +import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; +import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; +import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.proxy.NotAllowedException; +import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Servlet requested for logging in at an online application, + * and then for proxying requests to the online application. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ProxyServlet extends HttpServlet { + /** Name of the Parameter for the Target */ + private static final String PARAM_TARGET = "Target"; + /** Name of the Parameter for the SAMLArtifact */ + private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + + /** Name of the Attribute for marking the session as authenticated*/ + private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; + /** Name of the Attribute for the PublicURLPrefix */ + private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix"; + /** Name of the Attribute for the RealURLPrefix */ + private static final String ATT_REAL_URLPREFIX = "RealURLPrefix"; + /** Name of the Attribute for the SSLSocketFactory */ + private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory"; + /** Name of the Attribute for the LoginHeaders */ + private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; + /** Name of the Attribute for the LoginParameters */ + private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; + /** Name of the Attribute for the SAMLARTIFACT */ + private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; + /** Name of the Attribute for the state of the browser request for login dialog*/ + private static final String ATT_BROWSERREQU = "BrowserLoginRequest"; + /** Name of the Attribute for the state of the browser request for login dialog*/ + private static final String ATT_OA_CONF = "oaConf"; + /** Name of the Attribute for the Logintype of the OnlineApplication*/ + private static final String ATT_OA_LOGINTYPE = "LoginType"; + /** Name of the Attribute for the number of the try to login into the OnlineApplication*/ + private static final String ATT_OA_LOGINTRY = "LoginTry"; + /** Maximum permitted login tries */ + private static final int MAX_OA_LOGINTRY = 3; + /** Name of the Attribute for authorization value for further connections*/ + private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey"; + /** Name of the Attribute for user binding */ + private static final String ATT_OA_USER_BINDING = "UserBinding"; + /** For extended internal debug messages */ + private static final boolean INTERNAL_DEBUG = false; + /** Message to be given if browser login failed */ + private static final String RET_401_MSG = "Ein Fehler ist aufgetreten

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

Fehler bei der Anmeldung.
Prüfen Sie bitte ihre Berechtigung.
Abbruch durch den Benutzer.

"; + + /** + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) + */ + protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + Logger.debug("getRequestURL:" + req.getRequestURL().toString()); + try { + if (req.getParameter(PARAM_SAMLARTIFACT) != null) { + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (session.getAttribute(ATT_BROWSERREQU)==null) { + tunnelRequest(req, resp); + }else{ + login(req, resp); //login after browser login dialog + } + } else + // it is the first time that the SAML Artifact was used + login(req, resp); + } + else + tunnelRequest(req, resp); + } + catch (MOAIDException ex) { + handleError(ex.getMessage(), ex, req, resp); + } + catch (Throwable ex) { + handleError(ex.getMessage(), ex, req, resp); + } + } + + /** + * Login to online application at first call of servlet for a user session.
+ *
    + *
  • Acquires authentication data from the MOA-ID Auth component.
    • + *
  • Reads configuration data for the online application.
    • + *
  • Resolves login parameters.
    • + *
  • Sets up an SSLSocketFactory in case of a secure connection to the online application.
    • + *
  • For a stateless online application, stores data in the HttpSession.
    • + *
  • Tunnels the request to the online application.
    • + *
+ * @param req + * @param resp + * @throws ConfigurationException when wrong configuration is encountered + * @throws ProxyException when wrong configuration is encountered + * @throws BuildException while building the request for MOA-ID Auth + * @throws ServiceException while invoking MOA-ID Auth + * @throws ParseException while parsing the response from MOA-ID Auth + */ + private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { + + HttpSession session = req.getSession(); + String samlArtifact = ""; + Map loginHeaders = null; + Map loginParameters = null; + String publicURLPrefix = ""; + String realURLPrefix = ""; + SSLSocketFactory ssf = null; + String urlRequested = req.getRequestURL().toString(); + OAConfiguration oaConf = null; + String loginType = ""; + String binding = ""; + + if (session.getAttribute(ATT_BROWSERREQU)==null) { + + samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); + Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); + // String target = req.getParameter(PARAM_TARGET); parameter given but not processed + // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; + + // get authentication data from the MOA-ID Auth component + AuthenticationData authData; + try { + authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } catch (ProxyException ex) { + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } + session.setAttribute(ATT_AUTHDATAFETCHED, "true"); + + // read configuration data + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); + if (oaParam == null) { + throw new ProxyException("proxy.02", new Object[] { urlRequested }); + } + publicURLPrefix = oaParam.getPublicURLPrefix(); + Logger.debug("OA: " + publicURLPrefix); + oaConf = oaParam.getOaConfiguration(); + ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); + realURLPrefix = oaConnParam.getUrl(); + + // resolve login parameters to be forwarded to online application + LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); + String clientIPAddress = req.getRemoteAddr(); + boolean businessService = oaParam.getBusinessService(); + try { + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); + } else { + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + //extract user-defined bindingValue + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + if (headerKey.equalsIgnoreCase("binding")) { + binding = (String) loginHeaders.get(headerKey); + } + for (int i = 1; i <= 3; i++) { + if (headerKey.equalsIgnoreCase("param" + i)) { + int sep = headerKeyValue.indexOf("="); + if (sep>-1) { + if (sep>0) { + String value = ""; + if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1); + if (loginParameters == null) loginParameters = new HashMap(); + loginParameters.put(headerKeyValue.substring(0,sep) , value); + } + } else { + loginParameters.put(headerKey, ""); + } + } + } + } + loginHeaders.remove("binding"); + loginHeaders.remove("param1"); + loginHeaders.remove("param2"); + loginHeaders.remove("param3"); + } + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { + throw new ProxyException("proxy.15", new Object[] { }); + } + + // setup SSLSocketFactory for communication with the online application + if (oaConnParam.isHTTPSURL()) { + try { + ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + } catch (Throwable ex) { + throw new ProxyException( + "proxy.05", + new Object[] { oaConnParam.getUrl(), ex.toString()}, + ex); + } + } + + // for stateless online application, store data in HttpSession + loginType = oaConf.getLoginType(); + if ("".equalsIgnoreCase(binding)) { + binding = oaConf.getBinding(); + if ("".equalsIgnoreCase(binding)) binding = "full"; + } + Logger.debug("Login type: " + loginType); + if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { + int sessionTimeOut = oaParam.getSessionTimeOut(); + if (sessionTimeOut == 0) + sessionTimeOut = 60 * 60; // default 1 h + + session.setMaxInactiveInterval(sessionTimeOut); + session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix); + session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix); + session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); + session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); + session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); + session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); + session.setAttribute(ATT_OA_CONF, oaConf); + session.setAttribute(ATT_OA_LOGINTYPE, loginType); + session.setAttribute(ATT_OA_USER_BINDING, binding); + session.removeAttribute(ATT_BROWSERREQU); + session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER); + session.removeAttribute(ATT_OA_LOGINTRY); + Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt"); + } + + } else { + loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); + ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); + loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); + samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT); + oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF); + loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE); + binding = (String) session.getAttribute(ATT_OA_USER_BINDING); + session.removeAttribute(ATT_BROWSERREQU); + Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen"); + } + + try { + int respcode = 0; + + // tunnel request to the online application + respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); + if (respcode == 401) { + if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } + } + } catch (ProxyException ex) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } catch (Throwable ex) { + throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); + } + } + + /** + * Tunnels a request to the stateless online application using data stored in the HTTP session. + * @param req HTTP request + * @param resp HTTP response + * @throws IOException if an I/O error occurs + */ + private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException { + + //Logger.debug("Tunnel request (stateless)"); + HttpSession session = req.getSession(false); + + if (session == null) + throw new ProxyException("proxy.07", null); + String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); + + String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); + SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); + Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); + String binding = (String) session.getAttribute(ATT_OA_USER_BINDING); + if (publicURLPrefix == null || realURLPrefix == null) + throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); + + int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); + if (respcode == -401) // #tries to login exceeded + throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)}); + } + +/** + * Tunnels a request to the online application using given URL mapping and SSLSocketFactory. + * This method returns the ResponseCode of the request to the online application. + * @param req HTTP request + * @param resp HTTP response + * @param loginHeaders header field/values to be inserted for purposes of authentication; + * may be null + * @param loginParameters parameter name/values to be inserted for purposes of authentication; + * may be null + * @param publicURLPrefix prefix of request URL to be substituted for the realURLPrefix + * @param realURLPrefix prefix of online application URL to substitute the publicURLPrefix + * @param ssf SSLSocketFactory to use + * @throws IOException if an I/O error occurs + */ +private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding) + throws IOException { + + String originBinding = binding; + String browserUserID = ""; + String browserPassword = ""; + //URL url = new URL(realURLPrefix); + //String realURLHost = url.getHost(); + if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding); + + // collect headers from request + Map headers = new HashMap(); + for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { + String headerKey = (String) enu.nextElement(); + String headerKeyValue = req.getHeader(headerKey); + if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue); + //Analyze Basic-Auth-Headers from the client + if (headerKey.equalsIgnoreCase("Authorization")) { + if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + //deactivate following line for security + //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); + } + if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) { + //deactivate following line for security + //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); + } + } + else + { + /* Headers MUST NOT be repaced according to our Spec. + if (headerKey.equalsIgnoreCase("Host")) { + headerKeyValue = realURLHost; + //headerKeyValue= realURLPrefix.substring(hoststartpos); + if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue); + } + */ + headers.put(headerKey, headerKeyValue); + } + } + + + // collect login headers, possibly overwriting headers from request + String authorizationvalue=""; + if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { + + if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) { + int loginTry = getLoginTry(req); + Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")"); + if (loginTry==1) { + binding = OAConfiguration.BINDUNG_FULL; + } else { + binding = OAConfiguration.BINDUNG_USERNAME; + } + } + + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first + // full binding will be covered by next block + if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { + //1st try: if we have a password, try this one first + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + if (password!=null && !password.equals("")) { + Logger.debug("Binding: found predefined password. Trying full binding first"); + binding = OAConfiguration.BINDUNG_FULL; + break; + } + } + } + } + */ + + + + //we have a connection with not having logged on + if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) { + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + //customize loginheaders if necessary + if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) + { + if (OAConfiguration.BINDUNG_FULL.equals(binding)) { + authorizationvalue = headerKeyValue; + Logger.debug("Binding: full binding to user established"); + } else { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + String userIDPassword = ":"; + if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) { + Logger.debug("Binding: Access with necessary binding to user"); + userIDPassword = userID + ":" + browserPassword; + } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) { + Logger.debug("Binding: Access without binding to user"); + //If first time + if (browserUserID.length()==0) browserUserID = userID; + if (browserPassword.length()==0) browserPassword = password; + userIDPassword = browserUserID + ":" + browserPassword; + } else { + userIDPassword = userID + ":" + password; + } + credentials = Base64Utils.encode(userIDPassword.getBytes()); + authorizationvalue = "Basic " + credentials; + headerKeyValue = authorizationvalue; + } + } + headers.put(headerKey, headerKeyValue); + } + } + }else{ + //if OA needs Authorization header in each further request + authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER); + if (loginHeaders != null) headers.put("Authorization", authorizationvalue); + } + + + Vector parameters = new Vector(); + + for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { + String paramName = (String) enu.nextElement(); + if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { + if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName)); + String parameter[] = new String[2]; + parameter[0]= paramName; + parameter[1]= req.getParameter(paramName); + parameters.add(parameter); + } + } + // collect login parameters, possibly overwriting parameters from request + if (loginParameters != null) { + for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { + String paramName = (String) iter.next(); + if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { + if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName)); + String parameter[] = new String[2]; + parameter[0]= paramName; + parameter[1]= (String) loginParameters.get(paramName); + parameters.add(parameter); + } + } + } + + ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); + HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); + + // set headers as request properties of URLConnection + for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerValue = (String) headers.get(headerKey); + String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerValue)) { + String credentials = headerValue.substring(6); + byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd); + //deactivate following line for security + //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<"; + } + conn.setRequestProperty(headerKey, headerValue); + if (INTERNAL_DEBUG) Logger.debug(LogStr); + } + + StringWriter sb = new StringWriter(); + + // Write out parameters into output stream of URLConnection. + // On GET request, do not send parameters in any case, + // otherwise HttpURLConnection would send a POST. + if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { + boolean firstParam = true; + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + String paramName = parameter[0]; + String paramValue = parameter[1]; + if (firstParam) + firstParam = false; + else + sb.write("&"); + sb.write(paramName); + sb.write("="); + sb.write(paramValue); + if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue); + } + } + + // For WebDAV and POST: copy content + if (!"get".equalsIgnoreCase(req.getMethod())) { + if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content"); + try { + OutputStream out = conn.getOutputStream(); + InputStream in = req.getInputStream(); + if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben + copyStream(in, out, null, req.getMethod()); + out.flush(); + out.close(); + } catch (IOException e) { + if (!"post".equalsIgnoreCase(req.getMethod())) + Logger.debug("---- WEBDAV ---- streamcopy problem"); + else + Logger.debug("---- POST ---- streamcopy problem"); + } + } + + // connect + if (INTERNAL_DEBUG) Logger.debug("Connect Request"); + conn.connect(); + if (INTERNAL_DEBUG) Logger.debug("Connect Response"); + + // check login tries + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + int loginTry = getLoginTry(req); + req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry)); + if (loginTry > MAX_OA_LOGINTRY) { + Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving..."); + cb.disconnect(conn); + return -401; + } + } + + + + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) { + Logger.debug("Found 401 UNAUTHORIZED, leaving..."); + cb.disconnect(conn); + return conn.getResponseCode(); + } + + + resp.setStatus(conn.getResponseCode()); + resp.setContentType(conn.getContentType()); + + if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { + req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue); + Logger.debug("Login OK. Saving authorization header to remember in further requests"); + } + + // Read response headers + // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set. + // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. + // See JavaDoc of javax.servlet.http.HttpServlet: + // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. + Vector respHeaders = new Vector(); + + boolean chunked = false; + String contentLengthKey = null; + String transferEncodingKey = null; + int i = 1; + String headerKey; + String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE); + while ((headerKey = conn.getHeaderFieldKey(i)) != null) { + String headerValue = conn.getHeaderField(i); + // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) + if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { + headerValue = "Basic realm=\"" + publicURLPrefix + "\""; + if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { + headerValue = "Basic realm=\"Bitte Passwort eingeben\""; + } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) { + headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; + } + } + String respHeader[] = new String[2]; + if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { + //alter the unauthorized message with template for login + //TODO: supply a special login form on unauthorized messages with bindings!=full + headerValue = Integer.toString(RET_401_MSG.length()); + } + respHeader[0]= headerKey; + respHeader[1]= headerValue; + + if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) { + respHeaders.add(respHeader); + if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue); + } else { + Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); + } + if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { + chunked = true; + transferEncodingKey = headerKey; + } + if ("content-length".equalsIgnoreCase(headerKey)) + contentLengthKey = headerKey; + i++; + } + if (chunked && contentLengthKey != null) { + respHeaders.remove(transferEncodingKey); + Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); + } + + String headerValue; + String respHeader[] = new String[2]; + + //write out all Responseheaders + for (Iterator iter = respHeaders.iterator(); iter.hasNext();) { + respHeader = (String[]) iter.next(); + headerKey = respHeader[0]; + headerValue = respHeader[1]; + resp.addHeader(headerKey, headerValue); + } + + //Logger.debug(">>>> Copy Content"); + //Logger.debug(" from ()" + conn.getURL()); + //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL()); + + // read response stream + Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode()); + // Load content unless the server lets us know that the content is NOT MODIFIED... + if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) { + BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream()); + //Logger.debug("Got Inputstream"); + BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); + //Logger.debug("Got Outputstream"); + + byte [] buffer = new byte[4096]; + if (respOut != null) { + int bytesRead; + while ((bytesRead = respIn.read(buffer)) >= 0) { + if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead); + } + } else { + while (respIn.read(buffer) >= 0); + } + + + /* + int ch; + StringBuffer strBuf = new StringBuffer(""); + while ((ch = respIn.read()) >= 0) { + if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch); + strBuf.append((char)ch); + } + Logger.debug("Resp Content:"); + if (strBuf.toString().length()>500) + Logger.debug(strBuf.toString().substring(0,500)); + else + Logger.debug(strBuf.toString()); + */ + + + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + respOut.write(RET_401_MSG.getBytes()); + } + respOut.flush(); + respOut.close(); + respIn.close(); + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + Logger.debug("Found 401 UNAUTHORIZED..."); + cb.disconnect(conn); + return conn.getResponseCode(); + } + } else { + //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED) + Logger.debug("Found 304 NOT MODIFIED..."); + } + + cb.disconnect(conn); + Logger.debug("Request done"); + + return conn.getResponseCode(); +} + +/** + * Gets the current amount of the login try at the online application + * + * @param req the HttpServletRequest + * @return the number off the current login try + */ +private int getLoginTry(HttpServletRequest req) { + String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY); + int loginTry = 1; + if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1; + return loginTry; +} +/** + * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..." + * + * @param headerKey header name + * @param headerValue header value + * @return true for a basic authentication header + */ +private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) { + if (!"authorization".equalsIgnoreCase(headerKey)) + return false; + if (headerValue.length() < "basic".length()) + return false; + String authenticationSchema = headerValue.substring(0, "basic".length()); + return "basic".equalsIgnoreCase(authenticationSchema); +} +/** + * Determines whether a basic authentication header of the kind "Authorization: Basic ..." + * is included in a HTTP request + * @param req HTTP request + * @return true for a basic authentication header provided + */ +private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) { + for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { + String headerKey = (String) enu.nextElement(); + String headerValue = req.getHeader(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerValue)) + return true; + } + return false; +} +/** + * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked" + * + * @param headerKey header name + * @param headerValue header value + * @return true for a "Transfer-encoding: chunked" header + */ +private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) { + if (!"transfer-encoding".equalsIgnoreCase(headerKey)) + return false; + return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0; +} + +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + try { + MOAIDProxyInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex); + throw new ServletException(ex); + } +} + +/** + * Handles an error.
+ *
    + *
  • Logs the error
    • + *
  • Places error message and exception thrown into the request + * as request attributes (to be used by "/errorpage-proxy.jsp")
    • + *
  • Sets HTTP status 500 (internal server error)
    • + *
+ * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response + */ +protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + //req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-proxy.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + +} + + +// * taken from iaik.utils.util.copyStream: +/** + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is + * null, this method allocates a buffer. + * + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all + * data from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the method + * allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. + */ +private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException { + if (source == null) { + throw new NullPointerException("Argument \"source\" must not be null."); + } + if (buffer == null) { + buffer = new byte[4096]; + } + + if (destination != null) { + int bytesRead; + while ((bytesRead = source.read(buffer)) >= 0) { + destination.write(buffer, 0, bytesRead); + //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString()); + } + } else { + while (source.read(buffer) >= 0); + } +} + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java new file mode 100644 index 000000000..954a87e62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java @@ -0,0 +1,212 @@ +package at.gv.egovernment.moa.id.util; + +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.util.Hashtable; + +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.axis.components.net.BooleanHolder; +import org.apache.axis.components.net.DefaultSocketFactory; +import org.apache.axis.components.net.SecureSocketFactory; +import org.apache.axis.components.net.TransportClientProperties; +import org.apache.axis.components.net.TransportClientPropertiesFactory; +import org.apache.axis.utils.Messages; +import org.apache.axis.utils.XMLUtils; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * Secure socket factory for Axis webs service clients of the MOA-ID component, + * which are the MOA-SP calls from MOA-ID Auth, + * and the MOA-ID Auth calls from MOA-ID Proxy. + *
Use this initialization code:
+ * // ConnectionParameter connParam = ... get from ConfigurationProvider + * AxisSecureSocketFactory.initialize(connParam); + *
See the Apache Axis documentation on how to configure this class + * as the default secure socket factory to be used by Axis. + *
+ * This code has been copied from JSSESocketFactory, the + * method initialize() has been added. + * + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AxisSecureSocketFactory + extends DefaultSocketFactory implements SecureSocketFactory { + + /** Field sslFactory */ + private static SSLSocketFactory sslFactory; + + /** + * Constructor for AxisSecureSocketFactory. + * @param attributes ??? + */ + public AxisSecureSocketFactory(Hashtable attributes) { + super(attributes); + } + /** + * Initializes the factory by setting the connection parameters to be used for + * setting the secure socket factory, and by setting the system property + * axis.socketSecureFactory. + * @param ssf SSLSocketFactory to initialize with + */ + public static void initialize(SSLSocketFactory ssf) + throws IOException, GeneralSecurityException { + + Logger.debug("Initialize AxisSecureSocketFactory"); + sslFactory = ssf; + } + + /** + * creates a secure socket + * + * @param host + * @param port + * @param otherHeaders + * @param useFullURL + * + * @return Socket + * @throws Exception + */ + public Socket create( + String host, + int port, + StringBuffer otherHeaders, + BooleanHolder useFullURL) + throws Exception { + if (port == -1) { + port = 443; + } + + TransportClientProperties tcp = + TransportClientPropertiesFactory.create("https"); + + boolean hostInNonProxyList = + isHostInNonProxyList(host, tcp.getNonProxyHosts()); + + Socket sslSocket = null; + if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { + // direct SSL connection + sslSocket = sslFactory.createSocket(host, port); + } + else { + + // Default proxy port is 80, even for https + int tunnelPort = + (tcp.getProxyPort().length() != 0) + ? Integer.parseInt(tcp.getProxyPort()) + : 80; + if (tunnelPort < 0) + tunnelPort = 80; + + // Create the regular socket connection to the proxy + Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); + + // The tunnel handshake method (condensed and made reflexive) + OutputStream tunnelOutputStream = tunnel.getOutputStream(); + PrintWriter out = + new PrintWriter( + new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); + + // More secure version... engage later? + // PasswordAuthentication pa = + // Authenticator.requestPasswordAuthentication( + // InetAddress.getByName(tunnelHost), + // tunnelPort, "SOCK", "Proxy","HTTP"); + // if(pa == null){ + // printDebug("No Authenticator set."); + // }else{ + // printDebug("Using Authenticator."); + // tunnelUser = pa.getUserName(); + // tunnelPassword = new String(pa.getPassword()); + // } + out.print( + "CONNECT " + + host + + ":" + + port + + " HTTP/1.0\r\n" + + "User-Agent: AxisClient"); + if (tcp.getProxyUser().length() != 0 + && tcp.getProxyPassword().length() != 0) { + + // add basic authentication header for the proxy + String encodedPassword = + XMLUtils.base64encode( + (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); + + out.print("\nProxy-Authorization: Basic " + encodedPassword); + } + out.print("\nContent-Length: 0"); + out.print("\nPragma: no-cache"); + out.print("\r\n\r\n"); + out.flush(); + InputStream tunnelInputStream = tunnel.getInputStream(); + + if (log.isDebugEnabled()) { + log.debug( + Messages.getMessage( + "isNull00", + "tunnelInputStream", + "" + (tunnelInputStream == null))); + } + String replyStr = ""; + + // Make sure to read all the response from the proxy to prevent SSL negotiation failure + // Response message terminated by two sequential newlines + int newlinesSeen = 0; + boolean headerDone = false; /* Done on first newline */ + + while (newlinesSeen < 2) { + int i = tunnelInputStream.read(); + + if (i < 0) { + throw new IOException("Unexpected EOF from proxy"); + } + if (i == '\n') { + headerDone = true; + ++newlinesSeen; + } + else if (i != '\r') { + newlinesSeen = 0; + if (!headerDone) { + replyStr += String.valueOf((char) i); + } + } + } + if (!replyStr.startsWith("HTTP/1.0 200") + && !replyStr.startsWith("HTTP/1.1 200")) { + throw new IOException( + Messages.getMessage( + "cantTunnel00", + new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); + } + + // End of condensed reflective tunnel handshake method + sslSocket = sslFactory.createSocket(tunnel, host, port, true); + if (log.isDebugEnabled()) { + log.debug( + Messages.getMessage( + "setupTunnel00", + tcp.getProxyHost(), + "" + tunnelPort)); + } + } + + ((SSLSocket) sslSocket).startHandshake(); + if (log.isDebugEnabled()) { + log.debug(Messages.getMessage("createdSSL00")); + } + return sslSocket; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java new file mode 100644 index 000000000..c5dad8bc4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java @@ -0,0 +1,36 @@ +/* + * Created on 20.01.2005 + * + * @author rschamberger + * $ID$ + */ +package at.gv.egovernment.moa.id.util; + + +/** + * Class used to define Constants used in Class ECDSAKeyValueConverter + * + * * @author rschamberger + */ +public class ECDSAConstants { + + /* ECDSA Namespace + */ + static String NAMESPACE_ECDSAKEYVALUE_ = "http://www.w3.org/2001/04/xmldsig-more#"; + + /* Schema instance NS + */ + static String NAMESPACE_XSI_ = "http://www.w3.org/2001/XMLSchema-instance"; + + /* ecdsa prefix value + */ + static String NS_PREFIX_ECDSAKEYVALUE_ = "ecdsa"; + + /* namespace namespace + */ + static String NAMESPACE_NAMESPACES_ = "http://www.w3.org/XML/1998/namespace"; + + /* si prefix value + */ + static String NS_PREFIX_XSI_ = "si"; +}; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java new file mode 100644 index 000000000..6fb78edb7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -0,0 +1,572 @@ +package at.gv.egovernment.moa.id.util; + +import iaik.security.ecc.ecdsa.ECDSAParameter; +import iaik.security.ecc.ecdsa.ECPublicKey; +import iaik.security.ecc.math.ecgroup.AffineCoordinate; +import iaik.security.ecc.math.ecgroup.Coordinate; +import iaik.security.ecc.math.ecgroup.CoordinateTypes; +import iaik.security.ecc.math.ecgroup.ECGroupFactory; +import iaik.security.ecc.math.ecgroup.ECPoint; +import iaik.security.ecc.math.ecgroup.EllipticCurve; +import iaik.security.ecc.math.field.Field; +import iaik.security.ecc.math.field.FieldElement; +import iaik.security.ecc.math.field.PrimeField; +import iaik.security.ecc.parameter.ECCParameterFactory; +import iaik.security.ecc.spec.ECCParameterSpec; + +import java.math.BigInteger; +import java.security.PublicKey; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Vector; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +public class ECDSAKeyValueConverter +{ + + + //TODO enhance javadoc + + /** + * converter class which can be used to convert ECDSA keys encoded in XML + * to a PublicKey data structure + * @param keyValueElem ECDSAKeyValue Element + * @return ECPublicKey encoded in PublicKey data structure + * @throws Exception + */ + public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception + { + String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_; + + // Domain parameters + Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1); + if (domainParams == null) throw new Exception("Domain parameters must not be implicit."); + + Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1); + ECCParameterSpec eccParameterSpec; + + if (namedCurve != null) + { + // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN")); + String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8); + ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance(); + // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4)); + eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID); + } + else + { + Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1); + Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1); + Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1); + Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1); + + // Field parameters + String fieldParamsTypeStr = fieldParams.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type"); + String ecdsaNSPrefix = getECDSANSPrefix(fieldParams); + BigInteger p = null; + int fieldParamsType = 0; + final int FIELD_TYPE_PRIME = 1; + final int FIELD_TYPE_TNB = 2; + final int FIELD_TYPE_PNB = 3; + int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1; + if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_PRIME; + String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1); + p = new BigInteger(pStr, 10); + } + else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_TNB; + String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); + m = Integer.parseInt(mStr); + String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1); + k = Integer.parseInt(kStr); + } + else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_PNB; + String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); + m = Integer.parseInt(mStr); + String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1); + k1 = Integer.parseInt(k1Str); + String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1); + k2 = Integer.parseInt(k2Str); + String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1); + k3 = Integer.parseInt(k3Str); + } + else throw new Exception("Unknown field parameters."); + + // Curve parameters + Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1); + String aStr = aElem.getAttributeNS(null, "Value"); + Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1); + String bStr = bElem.getAttributeNS(null, "Value"); + String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1); + BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null; + + // Base point parameters + Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1); + Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1); + String basePointXStr = basePointXElem.getAttributeNS(null, "Value"); + Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1); + String basePointYStr = basePointYElem.getAttributeNS(null, "Value"); + String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1); + BigInteger order = new BigInteger(orderStr, 10); + String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1); + BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null; + + if (fieldParamsType == FIELD_TYPE_PRIME) + { + BigInteger a = new BigInteger(aStr, 10); + BigInteger b = new BigInteger(bStr, 10); + BigInteger basePointX = new BigInteger(basePointXStr, 10); + BigInteger basePointY = new BigInteger(basePointYStr, 10); + eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX, + basePointY, null); + } + else + { + int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)]; + if (fieldParamsType == FIELD_TYPE_TNB) + { + irreducible[m/32] = 1 << m % 32; + irreducible[k/32] += 1 << k % 32; + irreducible[0] += 1; + } + else + { + irreducible[m/32] = 1 << m % 32; + irreducible[k3/32] += 1 << k3 % 32; + irreducible[k2/32] += 1 << k2 % 32; + irreducible[k1/32] += 1 << k1 % 32; + irreducible[0] += 1; + } + eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr), + octetString2IntArray(bStr), octetString2IntArray(basePointXStr), + octetString2IntArray(basePointYStr), null); + } + } + + // Public key + Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1); + Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1); + String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value"); + Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1); + String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value"); + + ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES); + ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance(); + EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(), + eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES); + Field field = eCurve.getField(); + + // Detect type of public key field elements + String elementType = publicKeyXElem.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type"); + String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1); + int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2; + int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName)) + ? FIELD_TYPE_PRIME + : FIELD_TYPE_CHAR_TWO; + + FieldElement publicKeyPointX, publicKeyPointY; + if (fieldElemType == FIELD_TYPE_PRIME) + { + +// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); +// publicKeyPointX = field.newElement(xValue); + PrimeField pf = (PrimeField) field; + publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10)); +// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); +// publicKeyPointY = field.newElement(yValue); + publicKeyPointY = pf.newElement(new BigInteger(publicKeyYStr, 10)); + } + else + { + publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr)); + publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr)); + } +// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX, +// publicKeyPointY, field.getONEelement()); + Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX, + publicKeyPointY).toProjective(); + ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate); + ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint); + + return publicKey; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /* + public static Element publicKey2ECDSAKeyValueElement(boolean implParams, String curveOID, + ECDSAPublicKey publicKey, Document factoryDoc) + { + String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_; + String ecdsaNSP = ECDSAConstants.NS_PREFIX_ECDSAKEYVALUE_; + String nsNS = ECDSAConstants.NAMESPACE_NAMESPACES_; + String xsiNS = ECDSAConstants.NAMESPACE_XSI_; + String xsiNSP = ECDSAConstants.NS_PREFIX_XSI_; + + ECDSAParameter params = (ECDSAParameter)publicKey.getParameter(); + EllipticCurve curve = params.getG().getCurve(); + Field field = curve.getField(); + int fieldId = curve.getField().getFieldId(); + + Element eCDSAKeyValue = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ECDSAKeyValue"); + eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + ecdsaNSP, ecdsaNS); + eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + xsiNSP, xsiNS); + + // Detect field type + int coeffPositions[] = new int[3]; + int fieldType = 0; + String fieldElemTypeString = null; + final int FT_PRIME = 1, FT_TNB = 2, FT_PNB = 3; + if (fieldId == Field.PRIME_FIELD) + { + fieldType = FT_PRIME; + fieldElemTypeString = ecdsaNSP + ":PrimeFieldElemType"; + } + else + { + // Get irreducible polynomal + BinaryField binaryField = (BinaryField)field; + BinaryFieldValue irreducible = binaryField.getIrreducible(); + + // Get coefficients of irreducible polynomal + int order = irreducible.getOrder(); + int coeffCount = 2; + for (int i = 1; i < order - 1; i++) + { + if (irreducible.testBit(i)) + { + coeffPositions[coeffCount - 2] = i; + coeffCount++; + if (coeffCount == 5) break; + } + } + + // Set polynomal type (TNB or + fieldType = (coeffCount == 3) ? FT_TNB : FT_PNB; + fieldElemTypeString = ecdsaNSP + ":CharTwoFieldElemType"; + } + + if (!implParams) + { + Element domainParameters = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":DomainParameters"); + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + eCDSAKeyValue.appendChild(domainParameters); + + if (curveOID != null) + { + // Named curve + Element namedCurve = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":NamedCurve"); + namedCurve.setAttributeNS(null, "URN", "urn:oid:" + curveOID); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + domainParameters.appendChild(namedCurve); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + } + else + { + // Explicit parameters + Element explicitParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ExplicitParams"); + + // Field parameters + Element fieldParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":FieldParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(fieldParams); + + if (fieldType == FT_PRIME) + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PrimeFieldParamsType"); + Element p = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":P"); + p.appendChild(factoryDoc.createTextNode(curve.getField().getSize().toString(10))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(p); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + else if (fieldType == FT_TNB) + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":TnBFieldParamsType"); + Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M"); + m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder()))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(m); + + Element k = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K"); + k.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0], 10))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + else + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PnBFieldParamsType"); + Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M"); + m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder()))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(m); + + Element k1 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K1"); + k1.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k1); + + Element k2 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K2"); + k2.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[1]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k2); + + Element k3 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K3"); + k3.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[2]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k3); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + + // Curve parameters + Element curveParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":CurveParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(curveParams); + + Element a = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":A"); + a.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + a.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? curve.getA().getValue().toBigInt().toString(10) + : evenStringLength(curve.getA().getValue().toBigInt().toString(16))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(a); + + Element b = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":B"); + b.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + b.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? curve.getB().getValue().toBigInt().toString(10) + : evenStringLength(curve.getB().getValue().toBigInt().toString(16))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(b); + + if (params.getS() != null) + { + Element seed = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Seed"); + seed.appendChild(factoryDoc.createTextNode(evenStringLength(params.getS().toString(16)))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(seed); + } + + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + + // Base point params + Element basePointParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePointParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(basePointParams); + + Element basePoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePoint"); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(basePoint); + + Element x = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X"); + x.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + x.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? params.getG().getCoordinates().getX().getValue().toBigInt().toString(10) + : evenStringLength(params.getG().getCoordinates().getX().getValue().toBigInt().toString(16))); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + basePoint.appendChild(x); + + Element y = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y"); + y.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + y.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? params.getG().getCoordinates().getY().getValue().toBigInt().toString(10) + : evenStringLength(params.getG().getCoordinates().getY().getValue().toBigInt().toString(16))); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + basePoint.appendChild(y); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + + Element order = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Order"); + order.appendChild(factoryDoc.createTextNode(params.getR().toString(10))); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(order); + + if (params.getK() != null) + { + Element cofactor = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Cofactor"); + cofactor.appendChild(factoryDoc.createTextNode(params.getK().toString(10))); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(cofactor); + } + + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + domainParameters.appendChild(explicitParams); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + } + } + + // Public key point + Element publicKeyPoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":PublicKey"); + + Element publicKeyX = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X"); + publicKeyX.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + publicKeyX.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(10) + : evenStringLength(publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(16))); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + publicKeyPoint.appendChild(publicKeyX); + + Element publicKeyY = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y"); + publicKeyY.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + publicKeyY.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(10) + : evenStringLength(publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(16))); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + publicKeyPoint.appendChild(publicKeyY); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + eCDSAKeyValue.appendChild(publicKeyPoint); + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + + return eCDSAKeyValue; + } + */ + /* ---------------------------------------------------------------------------------------------------- */ + + private static String getECDSANSPrefix(Element element) + { + // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than + // one NS prefix can be bound to the ECDSA namespace + + HashMap inScopeNSAttrs = getInScopeNSAttrs(element); + Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator(); + while (inScopeNSAttrsIt.hasNext()) + { + Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next()); + if (ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_.equals(currentAttr.getValue())) + { + return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6); + } + } + return null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + // Converts an octet string representation into an int array as needed for the IAIK ECC library + // String: rightmost byte is least significant byte + // IntArray: rightmost byte is LEAST significant byte + private static int[] octetString2IntArray(String octetString) + { + int byteCount = octetString.length()/2; + int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)]; + for (int i = 0; i < byteCount; i++) + { + int oSStartPos = octetString.length() - (i + 1) * 2; + int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16); + intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8); + } + return intArray; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + // Converts an octet string representation into a byte array as needed for the IAIK ECC library + // String: rightmost byte is least significant byte + // ByteArray: rightmost byte is MOST significant byte + private static byte[] octetString2ByteArray(String octetString) + { + int byteCount = octetString.length()/2; + byte[] byteArray = new byte[byteCount]; + for (int i = 0; i < byteCount; i++) + { + int oSStartPos = octetString.length() - (i + 1) * 2; + byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring( + oSStartPos, oSStartPos + 2), 16); + } + return byteArray; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static String evenStringLength(String hexString) + { + return (hexString.length() % 2 != 0) ? "0" + hexString : hexString; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static Element getChildElement(Element parent, String namespace, String localName, + int instance) + { + NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName); + if (namedElements.getLength() < instance) return null; + return (Element)namedElements.item(instance - 1); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static String getChildElementText(Element parent, String namespace, String localName, + int instance) + { + Element child = getChildElement(parent, namespace, localName, instance); + if (child == null) return null; + NodeList childNodes = child.getChildNodes(); + int nodeCount = 0; + while (nodeCount < childNodes.getLength()) + { + Node currentNode = childNodes.item(nodeCount); + if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue(); + nodeCount++; + } + return null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public static HashMap getInScopeNSAttrs(Element element) + { + // Get all ancestors of element + Vector ancestors = new Vector(); + ancestors.add(element); + Node currentAncestor = element; + while ((currentAncestor = currentAncestor.getParentNode()) != null && + currentAncestor.getNodeType() == Node.ELEMENT_NODE) + { + ancestors.add(currentAncestor); + } + + // Scan all ancestors for NS attributes + HashMap inScopeNSAttrs = new HashMap(); + for (int i = ancestors.size() - 1; i >= 0; i--) + { + Element currentAncestorElem = (Element)ancestors.get(i); + NamedNodeMap attrs = currentAncestorElem.getAttributes(); + for (int j = 0; j < attrs.getLength(); j++) + { + Attr currentAttr = (Attr)attrs.item(j); + String currentAttrName = currentAttr.getNodeName(); + if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:")) + { + inScopeNSAttrs.put(currentAttrName, currentAttr); + } + } + } + + // Check if default NS attribute is in list; if value is empty remove it from list + Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns"); + if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns"); + + return inScopeNSAttrs; + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java new file mode 100644 index 000000000..7c4731555 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -0,0 +1,76 @@ +/* + * Created on 17.02.2004 + * + * To change the template for this generated file go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author rschamberger + * + * To change the template for this generated type comment go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +public class HTTPRequestJSPForwarder { + + /** + * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response.
+ *
    + *
  • Logs the message
    • + *
+ * + * @param message message text + * @param jspPageURI URI of the JSP page + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardNamed( + String message, + String jspPageURI, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + + if (null != message) { + Logger.info(message); + req.setAttribute("Message", message); + } + + //forward this to the given jsp page where the HTML response is generated + try { + context.getRequestDispatcher(jspPageURI).forward(req, resp); + } catch (IOException e) { + Logger.error(e); + } catch (ServletException e) { + Logger.error(e); + } + } + + /** + * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response.
+ *
    + *
  • Logs the message
    • + *
+ * + * @param message message text + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardDefault( + String message, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + forwardNamed(message, "/message.jsp", context, req, resp); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java new file mode 100644 index 000000000..035c47eb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.util; + +/** + * HTTP Utilities + * + * @author Rudolf Schamberger + * @version $Id$ + */ + +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.HttpURLConnection; +import java.net.URL; + +import org.apache.regexp.RE; +import org.apache.regexp.RESyntaxException; + +/** + * + * @author Rudolf Schamberger + * + */ +public class HTTPUtils { + + /** + * Utility used to obtainin correct encoded HTTP content. + * Reads a given Content adressed by HTTP-URL into String. + * Content encoding is considered by using the Content-Type HTTP header charset value. + * @param URL HTTP URL to read from. + * @return String representation of content + * @throws IOException on data-reading problems + */ + public static String readHttpURL(String URL) + throws IOException { + + URL url = new URL(URL); + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + conn.setRequestMethod("GET"); + String contentType = conn.getContentType(); + RE regExp = null; + try { + regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); + } catch (RESyntaxException e) { + //RESyntaxException is not possible = expr. is costant + } + boolean charsetSupplied = regExp.match(contentType); + String encoding = "ISO-8859-1"; //default HTTP encoding + if (charsetSupplied) { + encoding = regExp.getParen(3); + } + InputStream instream = new BufferedInputStream(conn.getInputStream()); + InputStreamReader isr = new InputStreamReader(instream, encoding); + Reader in = new BufferedReader(isr); + int ch; + StringBuffer buffer = new StringBuffer(); + while ((ch = in.read()) > -1) { + buffer.append((char)ch); + } + in.close(); + conn.disconnect(); + return buffer.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java new file mode 100644 index 000000000..4330133f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -0,0 +1,374 @@ +/* + * Created on 01.10.2004 + * + * @author rschamberger + * $ID$ + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.StringTokenizer; +import java.util.Vector; + +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequestWrapper; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLDecoder; + +/** + * Special ServletRequestWrapper class which provides a more precise implementation of the getParameter* + * family. This implementation cares about the order of the parameters from Query String and HTTP POST + * Body. Use this as Filter class for Servlets which such needs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { + + /** + * standard encoding used to decode the URL string. + */ + // + public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1"; + /** + * Vector that stores the order of the query paramters + */ + private Vector queryParamOrder; + + /** + * Hashtable that stores the content of the query paramters + */ + private Hashtable queryParameters; + + /** + * Vector that stores the order of the HTTP body paramters + */ + private Vector bodyParamOrder; + + /** + * Hashtable that stores the content of the HTTP body paramters + */ + private Hashtable bodyParameters; + + /** + * ServletContext + */ + private ServletContext context; + + /** + * Identifier used to identify query parameters + */ + public static final int QUERY_PARAM = 1; + + /** + * Identifier used to identify HTTP body parameters + */ + public static final int BODY_PARAM = 2; + + /** + * @see HttpServletRequestWrapper + */ + public InOrderServletRequestWrapper(final HttpServletRequest request, final ServletContext sContext) { + super(request); + this.context = sContext; + } + + /** + * parses the Query and if availlable also HTTP POST parameters + * + * @param req a HttpServletRequest which should be parsed + */ + protected final void parseParameters(final HttpServletRequest req) + { + queryParamOrder = new Vector(); + queryParameters = new Hashtable(); + bodyParamOrder = new Vector(); + bodyParameters = new Hashtable(); + + //Insert code for Query string parsing + String rawQuery = req.getQueryString(); + queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true); + + //analyze HTTP Post body parameters + if (req.getMethod().equalsIgnoreCase("POST")) + { + //get body encoding + String enc = req.getCharacterEncoding(); + if (enc == null) enc = DEFAULT_CHARACTER_ENCODING; + + if (req.getContentType().equals("application/x-www-form-urlencoded")) + { + try + { + bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc); + } + catch (IOException e) + { + context.log("could not open input stream of reqest \n" + e.toString()); + } + } + else + { + //TODO add multipart code + context.log( + "ERROR other Content-Types than 'application/x-www-form-urlencoded' not supported!"); + } + + }// end POST + } + + /** + * parses the HTTP POST parameters + * + * @param ht parameter Hashtable to put parameters in. + * @param length of content + * @param instream the ServletInputStream of the request + * @param encoding encoding of the instream + * + * @return the Hashtable with the parsed data + */ + private Hashtable parsePostData(Hashtable ht, final int length, final ServletInputStream instream, + final String encoding) + { + int inputLen, offset; + byte[] postedBytes = null; + boolean dataRemaining = true; + String postedBody; + + StringBuffer sb = new StringBuffer(); + + if (length <= 0) + { + return null; + } + + postedBytes = new byte[length]; + try + { + offset = 0; + while (dataRemaining) + { + inputLen = instream.read(postedBytes, offset, length - offset); + if (inputLen <= 0) + { + throw new IOException("read error during reading the HTTP POST body"); + } + offset += inputLen; + if ((length - offset) == 0) + { + dataRemaining = false; + } + } + } + catch (IOException e) + { + System.out.println("Exception =" + e); + return null; + } + + postedBody = new String(postedBytes); + Hashtable ht2 = tokenize(ht, bodyParamOrder, postedBody, encoding, false); + return ht2; + } + + + /** + * tokenizes parameter strings + * + * @param ht parameter Hashtable to put parameters in. + * @param order Vector in which the order of the tokenized parameters will be stored. + * @param parameterString String to tokenize. + * @param encoding which will be used to decode the parameterString. + * + * @return the Hashtable with the parsed data + */ + private Hashtable tokenize(Hashtable ht, Vector order, final String parameterString, final String encoding, boolean decode) + { + String[] valArray = null; + + if (null == parameterString) return ht; + + StringTokenizer st = new StringTokenizer(parameterString, "&"); + + String key = null; + String val = null; + + while (st.hasMoreTokens()) + { + String pair = (String) st.nextToken(); + int pos = pair.indexOf('='); + if (pos == -1) + { + throw new IllegalArgumentException(); + } + try + { + if (decode) { + key = URLDecoder.decode(pair.substring(0, pos), encoding); + val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + } else { + key = pair.substring(0, pos); + val = pair.substring(pos + 1, pair.length()); + } + //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos)); + //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length())); + } + catch (Exception e) + { + throw new IllegalArgumentException(); + } + if (ht.containsKey(key)) + { + String oldVals[] = (String[]) ht.get(key); + valArray = new String[oldVals.length + 1]; + for (int i = 0; i < oldVals.length; i++) + { + valArray[i] = oldVals[i]; + } + valArray[oldVals.length] = val; + } + else + { + valArray = new String[1]; + valArray[0] = val; + } + ht.put(key, valArray); + order.addElement(key); + } + return ht; + + } + + /** + * Returns the value of a request parameter as a String, or null if the + * parameter does not exist. Request parameters are extra information sent with the request. For HTTP + * servlets, parameters are contained in the query string or posted form data. + * + *

+ * You should only use this method when you are sure the parameter has only one value. If the parameter + * might have more than one value, use {@link #getParameterValues(String, int)}. + * + *

+ * If you use this method with a multivalued parameter, the value returned is equal to the first value in + * the array returned by getParameterValues. + * + *

+ * If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then + * reading the body directly via {@link #getInputStream} or {@link #getReader}can interfere with the + * execution of this method. + * + * @param name a String containing the name of the parameter whose value is requested + * + * @return a String representing the single value of the parameter + * + * @see #getParameterValues(String, int) + * + */ + public final String getParameter(final String name) { + String val = getParameter(name, QUERY_PARAM); + return (null != val) ? val : getParameter(name, BODY_PARAM); + } + + /** + * Returns the value of a request parameter as a String, or null if the + * parameter does not exist. + * + * @param name a String containing the name of the parameter whose value is requested + * @param parameterType type of parameter + * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM + * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM + * @see #getParameterValues(String) + * @return value of the (single) parameter or null if not availlable + **/ + public final String getParameter(final String name, final int parameterType) + { + + Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters; + String[] vals = (String[]) parameters.get(name); + if (vals == null) + { + return null; + } + return vals[0]; + } + + + /** + * Returns an array of String objects containing all of the values the given request + * parameter has, or null if the parameter does not exist. + * + *

+ * If the parameter has a single value, the array has a length of 1. + * + * @param name a String containing the name of the parameter whose value is requested + * @param parameterType type of parameter + * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM + * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM + * @return an array of String objects containing the parameter's values or null + * + * @see #getParameter + */ + public final String getParameterValues(final String name, final int parameterType) + { + Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters; + String[] vals = (String[]) parameters.get(name); + if (vals == null) + { + return null; + } + String vallist = vals[0]; + for (int i = 1; i < vals.length; i++) + { + vallist = vallist + "," + vals[i]; + } + return vallist; + } + + /** + * + * Returns an Enumeration of String objects containing the names of the + * parameters. If there are no parameters, the method returns an empty + * Enumeration. + * + * @return an Enumeration of String objects, each String + * containing the name of a request parameter; or an empty Enumeration if the + * request has no parameters + * + */ + public final Enumeration getParameterNames() + { + Vector FullParamOrder = new Vector(); + for (Enumeration enu = queryParamOrder.elements(); enu.hasMoreElements();) { + FullParamOrder.addElement(enu.nextElement()); + } + for (Enumeration enu = bodyParamOrder.elements(); enu.hasMoreElements();) { + FullParamOrder.addElement(enu.nextElement()); + } + return FullParamOrder.elements(); + } + + /** + * + * Returns an Enumeration of String objects containing the names of the + * parameters contained in this request. If the request has no parameters, the method returns an empty + * Enumeration. + * @param parameterType type of parameter + * + * @return an Enumeration of String objects, each String + * containing the name of a request parameter; or an empty Enumeration if the + * request has no parameters + * + */ + public final Enumeration getParameterNames(final int parameterType) + { + if (QUERY_PARAM == parameterType) + return queryParamOrder.elements(); + else + return bodyParamOrder.elements(); + } +} //End InOrderServletRequestWrapper \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java new file mode 100644 index 000000000..d31aa6ec1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Locale; + +import at.gv.egovernment.moa.util.Messages; + +/** + * A singleton wrapper around a Message object, providing the messages used in MOA-ID. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDMessageProvider { + + /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/id_messages" }; + /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + /** The instance for our singleton */ + private static MOAIDMessageProvider instance; + /** The Messages */ + private Messages messages; + + /** + * Returns the single instance of MOAIDMessageProvider. + * + * @return the single instance of MOAIDMessageProvider + */ + public static MOAIDMessageProvider getInstance() { + if (instance == null) + instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + return instance; + } + + /** + * Create a MOAIDMessageProvider. + * + * @param resourceNames The names of the resources containing the messages. + * @param locales The corresponding locales. + */ + protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters) { + return messages.getMessage(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java new file mode 100644 index 000000000..3f5fddba2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +/** + * @author rschamberger + * + */ +/** + * A Filter class wich uses the InOrderServletRequestWrapper to provide servlets a more precise + * implementation of the getParameter* family. This implementation cares about the order of the parameters + * from Query String and HTTP POST Body. Use this as Filter class for Servlets which such needs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class ParameterInOrderFilter implements Filter +{ + + /** + * filterConfig + */ + private FilterConfig filterConfig; + + /** + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + public final void init(final FilterConfig config) + { + this.filterConfig = config; + } + + /** + * @see javax.servlet.Filter#destroy() + */ + public final void destroy() + { + }; + + /** + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, + * javax.servlet.FilterChain) + */ + public final void doFilter(final ServletRequest request, final ServletResponse response, + final FilterChain chain) throws IOException, ServletException + { + InOrderServletRequestWrapper sRequ = new InOrderServletRequestWrapper((HttpServletRequest) request, + filterConfig.getServletContext()); + //parse the Query (and Body) parameters + sRequ.parseParameters((HttpServletRequest) request); + //process the rest of filter chain + chain.doFilter(sRequ, response); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java new file mode 100644 index 000000000..da75b4213 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Date; + +/** + * Random number generator used to generate ID's + * @author Paul Ivancsics + * @version $Id$ + */ +public class Random { + + /** random number generator used */ + private static java.util.Random random = new java.util.Random(new Date().getTime()); + /** + * Creates a new random number, to be used as an ID. + * + * @return random long as a String + */ + public static String nextRandom() { + return "" + random.nextLong(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java new file mode 100644 index 000000000..9fa0803c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.util; + +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +import org.apache.regexp.RE; +import org.apache.regexp.RESyntaxException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; +import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; +import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Utility for a obtaining a secure socket factory using IAIKX509TrustManager. + * This TrustManager implementation features CRL checking.
+ * SSLUtils caches secure socket factories for given ConnectionParameters. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ + private static Map sslSocketFactories = new HashMap(); + + /** + * Initializes the SSLSocketFactory store. + */ + public static void initialize() { + sslSocketFactories = new HashMap(); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + } + + /** + * Creates an SSLSocketFactory which utilizes an + * IAIKX509TrustManager for the given trust store, + * and the given key store. + * + * @param conf configuration provider providing a generic properties pointing + * to trusted CA store and certificate store root + * @param connParam connection parameter containing the client key store settings + * to be used in case of client authentication; + * if connParam.getClientKeyStore() == null, client authentication + * is assumed to be disabled + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + * @throws ConfigurationException on invalid configuration data + * @throws PKIException while initializing the IAIKX509TrustManager + */ + public static SSLSocketFactory getSSLSocketFactory( + ConfigurationProvider conf, + ConnectionParameter connParam) + throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + + Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); + // retrieve SSLSocketFactory if already created + SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); + if (ssf != null) + return ssf; + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + ssf = ctx.getSocketFactory(); + // store SSLSocketFactory + sslSocketFactories.put(connParam.getUrl(), ssf); + return ssf; + } + + /** + * Initializes an IAIKX509TrustManager for a given trust store, + * using configuration data. + * + * @param conf MOA-ID configuration provider + * @param trustStoreURL trust store URL + * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates + * @return TrustManager array containing the IAIKX509TrustManager + * @throws ConfigurationException on invalid configuration data + * @throws IOException on data-reading problems + * @throws PKIException while initializing the IAIKX509TrustManager + */ + public static TrustManager[] getTrustManagers( + ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + PKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) + cfg = new PKIConfigurationImpl(conf); + String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); + //not using BoolUtils because default value hast to be true! + boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + // This call fixes a bug occuring when PKIConfiguration is + // initialized by the MOA-SP initialization code, in case + // MOA-SP is called by API + MOAIDTrustManager.initializeLoggingContext(); + IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); + tm.init(cfg, profile); + return new TrustManager[] {tm}; + } + /** + * Reads a file, given by URL, into a byte array, + * securing the connection by IAIKX509TrustManager. + * @param connParam containing URL and accepted server certificates + * @param conf ConfigurationProvider for reading + * @return String representation of content + * @throws ConfigurationException on invalid configuration data + * @throws PKIException on invalid configuration data + * @throws IOException on data-reading problems + * @throws GeneralSecurityException on security issues + */ + public static String readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + URL url = new URL(connParam.getUrl()); + HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); + conn.setRequestMethod("GET"); + conn.setDoInput(true); + SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam); + conn.setSSLSocketFactory(sslSocketFactory); + conn.connect(); + String contentType = conn.getContentType(); + RE regExp = null; + try { + regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); + } catch (RESyntaxException e) { + //RESyntaxException is not possible = expr. is costant + } + boolean charsetSupplied = regExp.match(contentType); + String encoding = "ISO-8859-1"; //default HTTP encoding + if (charsetSupplied) { + encoding = regExp.getParen(3); + } + InputStream instream = new BufferedInputStream(conn.getInputStream()); + InputStreamReader isr = new InputStreamReader(instream, encoding); + Reader in = new BufferedReader(isr); + int ch; + StringBuffer buffer = new StringBuffer(); + while ((ch = in.read()) > -1) { + buffer.append((char)ch); + } + in.close(); + conn.disconnect(); + return buffer.toString(); + } +} -- cgit v1.2.3 From b6ce5c19802ccaec60081091746f64a06dde5a8b Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:22:12 +0000 Subject: Added field for signature manifest check code. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@921 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/data/VerifyXMLSignatureResponse.java | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 8233d1478..4f0fe5ac7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -29,6 +29,11 @@ public class VerifyXMLSignatureResponse { private boolean qualifiedCertificate; /** The x509certificate to be stored */ private X509Certificate x509certificate; + /** + * The result of the signature manifest check. The default value -1 + * indicates that the signature manifest has not been checked. + */ + private int signatureManifestCheckCode = -1; /** * Returns the certificateCheckCode. @@ -174,4 +179,22 @@ public class VerifyXMLSignatureResponse { this.publicAuthority = publicAuthority; } + /** + * Returns the the resulting code of the signature manifest check. + * + * @return The code of the sigature manifest check. + */ + public int getSignatureManifestCheckCode() { + return signatureManifestCheckCode; + } + + /** + * Sets the signatureManifestCode. + * + * @param signatureManifestCode The signatureManifestCode to set. + */ + public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { + this.signatureManifestCheckCode = signatureManifestCheckCode; + } + } -- cgit v1.2.3 From 00121a68675e85aa30c38036bc15e118e08b920f Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:23:33 +0000 Subject: Unmarshal text value from /. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@922 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parser/VerifyXMLSignatureResponseParser.java | 61 ++++++++++++---------- 1 file changed, 34 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 4c49afb76..995c9aba5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -11,6 +11,7 @@ import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -60,6 +61,9 @@ public class VerifyXMLSignatureResponseParser { /** Xpath expression to the XMLDSIGManifestCheckCode element */ private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the SignatureManifestCheckCode element */ + private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; /** Xpath expression to the CertificateCheckCode element */ private static final String CERTIFICATE_CHECK_CODE_XPATH = ROOT + MOA + "CertificateCheck/" + MOA + "Code"; @@ -119,34 +123,37 @@ public class VerifyXMLSignatureResponseParser { */ public VerifyXMLSignatureResponse parseData() throws ParseException { - - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); - + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + try { - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); - Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e!=null); - - Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( - verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); - - respData.setX509certificate(new X509Certificate(in)); - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); - respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); - - String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); - if (xmlDsigCheckCode!=null) - { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); - } - else - respData.setXmlDSIGManigest(false); - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); - } - catch (Throwable t) { + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } else { + respData.setXmlDSIGManigest(false); + } + String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null); + if (signatureManifestCheckCode != null) { + respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); + } + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { throw new ParseException("parser.01", null, t); } return respData; -- cgit v1.2.3 From d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:27:06 +0000 Subject: Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/validator/VerifyXMLSignatureResponseValidator.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 1f2ebc37c..d5650b897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator { } - // TODO See Bug #322 - // Check result of SignatureManifestCheck - + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not if (identityLinkSignersSubjectDNNames != null) { -- cgit v1.2.3 From 7db9b2bcb7af96c7787843213864de577a5072f7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 22 Aug 2007 12:50:16 +0000 Subject: Bugfix: in der Klasse "at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService" wurde das "RequestID"-Attribut immer vom -Element anstelle des -Elements genommen. Da das -Element aber kein solches Attribut hat, war das immer der leere String. Deshalb hatte dann im SOAP-Response das "InResponseTo"-Attribut immer den leeren String als Wert (siehe attachte Datei "soapResponseWrong.xml"): Richtig ist: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@926 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index c41b514c8..0ea858a71 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -86,7 +86,7 @@ public class GetAuthenticationDataService implements Constants { } else { Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = samlArtifactElem.getAttribute("RequestID"); + requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); try { AuthenticationData authData = AuthenticationServer.getInstance(). -- cgit v1.2.3 From c5c96f0928d3d35b93e7bac9436f43bb72e58037 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 22 Aug 2007 18:16:09 +0000 Subject: set right directory position git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@931 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../resources/properties/id_messages_de.properties | 160 ++++++++ .../src/main/resources/wsdl/MOA-ID-1.0.wsdl | 40 ++ .../src/main/resources/wsdl/MOA-ID-1.x.wsdl | 40 ++ .../src/main/resources/wsdl/MOA-SPSS-1.2.xsd | 454 +++++++++++++++++++++ .../resources/xmldata/CertInfoDsigSignature.xml | 139 +++++++ 5 files changed, 833 insertions(+) create mode 100644 id/server/idserverlib/src/main/resources/properties/id_messages_de.properties create mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl create mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl create mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd create mode 100644 id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties new file mode 100644 index 000000000..4cfa6f765 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties @@ -0,0 +1,160 @@ +# This file contains exception messages in the standard Java properties +# format. The messages may contain formatting patterns as definied in the +# java.text.MessageFormat class. + +# +# Error messages: the key corresponds to the error code +# + +# status messages included in of GetAuthenticationDataService +1200=Anfrage erfolgreich beantwortet +1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben +1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben +1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben +1204=Fehlerhaftes Requestformat +1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1} +1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0}) +1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0}) +1299=Interner Server-Fehler + +auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0}) +auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0}) +auth.02=MOASessionID ist unbekannt (MOASessionID={0}) +auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1} +auth.04=Fehler beim Auslesen der Resource "{0}": {1} +auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}" +auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0}) +auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
Hinweis: Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten. +auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten:
Fehlercode {0}: {1} +auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. :
HTTP-Statuscode {1} +auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt +auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals.
URL "{0}" Interne Fehlermeldung: {1} + +init.00=MOA ID Authentisierung wurde erfolgreich gestartet +init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar +init.02=Fehler beim Starten des Service MOA ID Authentisierung + +config.00=MOA ID Konfiguration erfolgreich geladen: {0} +config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt +config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details) +config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details) +config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet +config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration +config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0} +config.07=Klasse {0} kann nicht instanziert werden +config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration +config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1}) +config.10=Fehler in der MOA SPSS Konfiguration: {0} +config.11=LoginParameterResolver konnte nicht konfiguriert werden {0} +config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet +config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen +config.14=LoginParameterResolver-Fehler: {0} +config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden. +config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt. + + +parser.00=Leichter Fehler beim Parsen: {0} +parser.01=Fehler beim Parsen: {0} +parser.02=Schwerer Fehler beim Parsen: {0} +parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0} +parser.04=Fehler beim Serialisieren: {0} +parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden. +parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt) +parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element). + +builder.00=Fehler beim Aufbau der Struktur "{0}": {1} +builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt + +service.00=Fehler beim Aufruf des Web Service: {0} +service.01=Fehler beim Aufruf des Web Service: kein Endpoint +service.02=Fehler beim Aufruf des Web Service, Status {0}: {1} +service.03=Fehler beim Aufruf des SPSS-API: {0} + +cleaner.00=AuthenticationSessionCleaner wurde gestartet +cleaner.01=Fehler im AuthenticationSessionCleaner +cleaner.02=MOASession {0} ist abgelaufen +cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen + +proxy.00=MOA ID Proxy wurde erfolgreich gestartet +proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} +proxy.02=Unbekannter URL {0}.
Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. +proxy.04=URL {0} : {1} +proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1} +proxy.06=Fehler beim Starten des Service MOA ID Proxy +proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an. +proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0}) +proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0} +proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy) +proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten. +proxy.12=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich.
Prüfen Sie bitte ihre Berechtigung. +proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0} +proxy.14=

Folgende Ursachen können zu dem Fehler geführt haben:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
+proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung. +proxy.16=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.
Prüfen Sie bitte ihre Berechtigung. + +validator.00=Kein SAML:Assertion Objekt gefunden {0} +validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0} +validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0} +validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0} +validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0} +validator.05=Es wurde {0} keine DSIG:Signature gefunden + +validator.06=Die Signatur ist ungültig +validator.07=Das Zertifikat der Personenbindung ist ungültig.
{0} +validator.08=Das Manifest ist ungültig +validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein + +validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0} +validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0} +validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0} +validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0} +validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0} +validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0} +validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0} + +validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0} +#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. {0} wurde NICHT in der Konfiguration gefunden +validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen". + +validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.
{0} + +validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden. +validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall. +validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden. +validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen. +validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt. + +validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten +validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten +validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0} +validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0} +validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0} +validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0} + + +validator.32="Issuer" im AUTH-Block nicht vorhanden. +validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein. +validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein. +validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig. +validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1} +validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position +validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}" +validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung. + + +validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1} +validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden. +validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden. +validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden. +validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten. +validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}. +validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig. +validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden. +validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox. + +validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten. + +validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein. + + +ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl new file mode 100644 index 000000000..5751b3e58 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl new file mode 100644 index 000000000..45152cb38 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd new file mode 100644 index 000000000..d7a06d6e7 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd @@ -0,0 +1,454 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml b/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml new file mode 100644 index 000000000..7896cb399 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml @@ -0,0 +1,139 @@ +id('signed-data')/node()C0hW5jQojphweuFzPb+CNkHwhe4=id('refetsi')/etsi:QualifyingProperties/etsi:SignedPropertiesBdsc7wAfyMyZ21ChcF+tRh3D7sU=lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh +qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p +tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA== + +Ãœberprüfung des Namen des Anmelde-Servers + + +

Prüfung der Identität des MOA-ID Servers

+ +Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, +wird empfohlen den Namen des Anmelde-Servers zu überprüfen. +Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. +Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt +wurde, dem Sie vertrauen. +

+Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. +Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. +

+

Microsoft Internet Explorer 6.0

+ +
    +
  1. Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.
    2. +
  2. Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".
    3. +
  3. Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.
    4. +
  4. Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    5. +
  5. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +
      +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • +
    6. +
  6. Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit +einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." +(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate +vom Internet Explorer als vertrauenswürdig erkannt.
    7. +
+

Netscape Navigator 7.0

+
    +
  1. Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers
    2. +
  2. Aktivieren Sie die Schaltfläche "Anzeigen"
    3. +
  3. Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".
    4. +
  4. Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.
    5. +
  5. Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    6. +
  6. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +
      +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • +
    7. +
  7. Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, +indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle +ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.
    8. +
+ +

Zertifikate und ihr Fingerabdruck

+ + + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer111 (0x6f)
FingerabdruckSHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6
+ +

+ + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer531 (0x213)
FingerabdruckSHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33
+ +

+ + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer536 (0x0218)
FingerabdruckSHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f
+ + +2003-05-06T07:09:50ZFrhu1o4mL4gQHdJcU0xSA/h4COE=CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT6455text/html \ No newline at end of file -- cgit v1.2.3 From 6183340860b785b15abfefc6ae08db5a9034a516 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 24 Aug 2007 07:18:07 +0000 Subject: moved git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@952 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../resources/properties/id_messages_de.properties | 160 -------- .../resources/properties/id_messages_de.properties | 160 ++++++++ .../main/resources/resources/wsdl/MOA-ID-1.0.wsdl | 40 ++ .../main/resources/resources/wsdl/MOA-ID-1.x.wsdl | 40 ++ .../main/resources/resources/wsdl/MOA-SPSS-1.2.xsd | 454 +++++++++++++++++++++ .../resources/xmldata/CertInfoDsigSignature.xml | 139 +++++++ .../src/main/resources/wsdl/MOA-ID-1.0.wsdl | 40 -- .../src/main/resources/wsdl/MOA-ID-1.x.wsdl | 40 -- .../src/main/resources/wsdl/MOA-SPSS-1.2.xsd | 454 --------------------- .../resources/xmldata/CertInfoDsigSignature.xml | 139 ------- 10 files changed, 833 insertions(+), 833 deletions(-) delete mode 100644 id/server/idserverlib/src/main/resources/properties/id_messages_de.properties create mode 100644 id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/xmldata/CertInfoDsigSignature.xml delete mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl delete mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl delete mode 100644 id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd delete mode 100644 id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties deleted file mode 100644 index 4cfa6f765..000000000 --- a/id/server/idserverlib/src/main/resources/properties/id_messages_de.properties +++ /dev/null @@ -1,160 +0,0 @@ -# This file contains exception messages in the standard Java properties -# format. The messages may contain formatting patterns as definied in the -# java.text.MessageFormat class. - -# -# Error messages: the key corresponds to the error code -# - -# status messages included in of GetAuthenticationDataService -1200=Anfrage erfolgreich beantwortet -1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben -1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben -1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben -1204=Fehlerhaftes Requestformat -1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1} -1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0}) -1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0}) -1299=Interner Server-Fehler - -auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0}) -auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0}) -auth.02=MOASessionID ist unbekannt (MOASessionID={0}) -auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1} -auth.04=Fehler beim Auslesen der Resource "{0}": {1} -auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}" -auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0}) -auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
Hinweis: Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten. -auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten:
Fehlercode {0}: {1} -auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. :
HTTP-Statuscode {1} -auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt -auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals.
URL "{0}" Interne Fehlermeldung: {1} - -init.00=MOA ID Authentisierung wurde erfolgreich gestartet -init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar -init.02=Fehler beim Starten des Service MOA ID Authentisierung - -config.00=MOA ID Konfiguration erfolgreich geladen: {0} -config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt -config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details) -config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details) -config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet -config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration -config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0} -config.07=Klasse {0} kann nicht instanziert werden -config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration -config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1}) -config.10=Fehler in der MOA SPSS Konfiguration: {0} -config.11=LoginParameterResolver konnte nicht konfiguriert werden {0} -config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet -config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen -config.14=LoginParameterResolver-Fehler: {0} -config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden. -config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt. - - -parser.00=Leichter Fehler beim Parsen: {0} -parser.01=Fehler beim Parsen: {0} -parser.02=Schwerer Fehler beim Parsen: {0} -parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0} -parser.04=Fehler beim Serialisieren: {0} -parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden. -parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt) -parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element). - -builder.00=Fehler beim Aufbau der Struktur "{0}": {1} -builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt - -service.00=Fehler beim Aufruf des Web Service: {0} -service.01=Fehler beim Aufruf des Web Service: kein Endpoint -service.02=Fehler beim Aufruf des Web Service, Status {0}: {1} -service.03=Fehler beim Aufruf des SPSS-API: {0} - -cleaner.00=AuthenticationSessionCleaner wurde gestartet -cleaner.01=Fehler im AuthenticationSessionCleaner -cleaner.02=MOASession {0} ist abgelaufen -cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen - -proxy.00=MOA ID Proxy wurde erfolgreich gestartet -proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} -proxy.02=Unbekannter URL {0}.
Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. -proxy.04=URL {0} : {1} -proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1} -proxy.06=Fehler beim Starten des Service MOA ID Proxy -proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an. -proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0}) -proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0} -proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy) -proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten. -proxy.12=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich.
Prüfen Sie bitte ihre Berechtigung. -proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0} -proxy.14=

Folgende Ursachen können zu dem Fehler geführt haben:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
-proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung. -proxy.16=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.
Prüfen Sie bitte ihre Berechtigung. - -validator.00=Kein SAML:Assertion Objekt gefunden {0} -validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0} -validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0} -validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0} -validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0} -validator.05=Es wurde {0} keine DSIG:Signature gefunden - -validator.06=Die Signatur ist ungültig -validator.07=Das Zertifikat der Personenbindung ist ungültig.
{0} -validator.08=Das Manifest ist ungültig -validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein - -validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0} -validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0} -validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0} -validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0} -validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0} -validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0} -validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0} - -validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0} -#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. {0} wurde NICHT in der Konfiguration gefunden -validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen". - -validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.
{0} - -validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden. -validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall. -validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden. -validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen. -validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt. - -validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten -validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten -validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0} -validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0} -validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0} -validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0} - - -validator.32="Issuer" im AUTH-Block nicht vorhanden. -validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein. -validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein. -validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig. -validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1} -validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position -validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}" -validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung. - - -validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1} -validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden. -validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden. -validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden. -validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten. -validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}. -validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig. -validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden. -validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox. - -validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten. - -validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein. - - -ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties new file mode 100644 index 000000000..4cfa6f765 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -0,0 +1,160 @@ +# This file contains exception messages in the standard Java properties +# format. The messages may contain formatting patterns as definied in the +# java.text.MessageFormat class. + +# +# Error messages: the key corresponds to the error code +# + +# status messages included in of GetAuthenticationDataService +1200=Anfrage erfolgreich beantwortet +1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben +1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben +1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben +1204=Fehlerhaftes Requestformat +1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1} +1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0}) +1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0}) +1299=Interner Server-Fehler + +auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0}) +auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0}) +auth.02=MOASessionID ist unbekannt (MOASessionID={0}) +auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1} +auth.04=Fehler beim Auslesen der Resource "{0}": {1} +auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}" +auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0}) +auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
Hinweis: Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten. +auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten:
Fehlercode {0}: {1} +auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. :
HTTP-Statuscode {1} +auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt +auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals.
URL "{0}" Interne Fehlermeldung: {1} + +init.00=MOA ID Authentisierung wurde erfolgreich gestartet +init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar +init.02=Fehler beim Starten des Service MOA ID Authentisierung + +config.00=MOA ID Konfiguration erfolgreich geladen: {0} +config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt +config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details) +config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details) +config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet +config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration +config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0} +config.07=Klasse {0} kann nicht instanziert werden +config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration +config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1}) +config.10=Fehler in der MOA SPSS Konfiguration: {0} +config.11=LoginParameterResolver konnte nicht konfiguriert werden {0} +config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet +config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen +config.14=LoginParameterResolver-Fehler: {0} +config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden. +config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt. + + +parser.00=Leichter Fehler beim Parsen: {0} +parser.01=Fehler beim Parsen: {0} +parser.02=Schwerer Fehler beim Parsen: {0} +parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0} +parser.04=Fehler beim Serialisieren: {0} +parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden. +parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt) +parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element). + +builder.00=Fehler beim Aufbau der Struktur "{0}": {1} +builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt + +service.00=Fehler beim Aufruf des Web Service: {0} +service.01=Fehler beim Aufruf des Web Service: kein Endpoint +service.02=Fehler beim Aufruf des Web Service, Status {0}: {1} +service.03=Fehler beim Aufruf des SPSS-API: {0} + +cleaner.00=AuthenticationSessionCleaner wurde gestartet +cleaner.01=Fehler im AuthenticationSessionCleaner +cleaner.02=MOASession {0} ist abgelaufen +cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen + +proxy.00=MOA ID Proxy wurde erfolgreich gestartet +proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} +proxy.02=Unbekannter URL {0}.
Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. +proxy.04=URL {0} : {1} +proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1} +proxy.06=Fehler beim Starten des Service MOA ID Proxy +proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an. +proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0}) +proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0} +proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy) +proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten. +proxy.12=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich.
Prüfen Sie bitte ihre Berechtigung. +proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0} +proxy.14=

Folgende Ursachen können zu dem Fehler geführt haben:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
+proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung. +proxy.16=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.
Prüfen Sie bitte ihre Berechtigung. + +validator.00=Kein SAML:Assertion Objekt gefunden {0} +validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0} +validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0} +validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0} +validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0} +validator.05=Es wurde {0} keine DSIG:Signature gefunden + +validator.06=Die Signatur ist ungültig +validator.07=Das Zertifikat der Personenbindung ist ungültig.
{0} +validator.08=Das Manifest ist ungültig +validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein + +validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0} +validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0} +validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0} +validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0} +validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0} +validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0} +validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0} + +validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0} +#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. {0} wurde NICHT in der Konfiguration gefunden +validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen". + +validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.
{0} + +validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden. +validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall. +validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden. +validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen. +validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt. + +validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten +validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten +validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0} +validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0} +validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0} +validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0} + + +validator.32="Issuer" im AUTH-Block nicht vorhanden. +validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein. +validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein. +validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig. +validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1} +validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position +validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}" +validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung. + + +validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1} +validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden. +validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden. +validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden. +validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten. +validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}. +validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig. +validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden. +validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox. + +validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten. + +validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein. + + +ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl new file mode 100644 index 000000000..5751b3e58 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl new file mode 100644 index 000000000..45152cb38 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd new file mode 100644 index 000000000..d7a06d6e7 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd @@ -0,0 +1,454 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/xmldata/CertInfoDsigSignature.xml b/id/server/idserverlib/src/main/resources/resources/xmldata/CertInfoDsigSignature.xml new file mode 100644 index 000000000..7896cb399 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/xmldata/CertInfoDsigSignature.xml @@ -0,0 +1,139 @@ +id('signed-data')/node()C0hW5jQojphweuFzPb+CNkHwhe4=id('refetsi')/etsi:QualifyingProperties/etsi:SignedPropertiesBdsc7wAfyMyZ21ChcF+tRh3D7sU=lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh +qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p +tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA== + +Ãœberprüfung des Namen des Anmelde-Servers + + +

Prüfung der Identität des MOA-ID Servers

+ +Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, +wird empfohlen den Namen des Anmelde-Servers zu überprüfen. +Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. +Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt +wurde, dem Sie vertrauen. +

+Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. +Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. +

+

Microsoft Internet Explorer 6.0

+ +
    +
  1. Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.
    2. +
  2. Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".
    3. +
  3. Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.
    4. +
  4. Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    5. +
  5. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +
      +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • +
    6. +
  6. Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit +einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." +(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate +vom Internet Explorer als vertrauenswürdig erkannt.
    7. +
+

Netscape Navigator 7.0

+
    +
  1. Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers
    2. +
  2. Aktivieren Sie die Schaltfläche "Anzeigen"
    3. +
  3. Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".
    4. +
  4. Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.
    5. +
  5. Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    6. +
  6. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +
      +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • +
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • +
    7. +
  7. Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, +indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle +ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.
    8. +
+ +

Zertifikate und ihr Fingerabdruck

+ + + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer111 (0x6f)
FingerabdruckSHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6
+ +

+ + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer531 (0x213)
FingerabdruckSHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33
+ +

+ + + + + + + + + + +
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer536 (0x0218)
FingerabdruckSHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f
+ + +2003-05-06T07:09:50ZFrhu1o4mL4gQHdJcU0xSA/h4COE=CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT6455text/html \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl deleted file mode 100644 index 5751b3e58..000000000 --- a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.0.wsdl +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl deleted file mode 100644 index 45152cb38..000000000 --- a/id/server/idserverlib/src/main/resources/wsdl/MOA-ID-1.x.wsdl +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd deleted file mode 100644 index d7a06d6e7..000000000 --- a/id/server/idserverlib/src/main/resources/wsdl/MOA-SPSS-1.2.xsd +++ /dev/null @@ -1,454 +0,0 @@ - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Resultat, falls die Signaturerstellung gescheitert ist - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. - - - - - Profilbezeichner für einen Transformationsweg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. - - - - Der Transformationsparameter explizit angegeben. - - - - - Der Hashwert des Transformationsparameters. - - - - - - - - - - - - - - - - - - - - - - Explizite Angabe des Transformationswegs - - - - - - - Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. - - - - - - - - - - - - - - - - diff --git a/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml b/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml deleted file mode 100644 index 7896cb399..000000000 --- a/id/server/idserverlib/src/main/resources/xmldata/CertInfoDsigSignature.xml +++ /dev/null @@ -1,139 +0,0 @@ -id('signed-data')/node()C0hW5jQojphweuFzPb+CNkHwhe4=id('refetsi')/etsi:QualifyingProperties/etsi:SignedPropertiesBdsc7wAfyMyZ21ChcF+tRh3D7sU=lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh -qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p -tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU -MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt -IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU -LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu -Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT -AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox -GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 -edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ -t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ -Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw -JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB -BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv -b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et -c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq -KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv -Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg -ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw -ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl -bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u -bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE -GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B -AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 -Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL -PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf -+5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW -KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 -Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA== - -Überprüfung des Namen des Anmelde-Servers - - -

Prüfung der Identität des MOA-ID Servers

- -Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, -wird empfohlen den Namen des Anmelde-Servers zu überprüfen. -Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. -Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt -wurde, dem Sie vertrauen. -

-Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. -Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. -

-

Microsoft Internet Explorer 6.0

- -
    -
  1. Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.
    2. -
  2. Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".
    3. -
  3. Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.
    4. -
  4. Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") -ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    5. -
  5. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den -Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist -eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. -Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat -in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. -
      -
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert -in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • -
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert -in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • -
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den -Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • -
    6. -
  6. Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit -einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." -(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate -vom Internet Explorer als vertrauenswürdig erkannt.
    7. -
-

Netscape Navigator 7.0

-
    -
  1. Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers
    2. -
  2. Aktivieren Sie die Schaltfläche "Anzeigen"
    3. -
  3. Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".
    4. -
  4. Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.
    5. -
  5. Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") -ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.
    6. -
  6. Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den -Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist -eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. -Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat -in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. -
      -
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert -in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.
      • -
    • Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert -in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.
      • -
    • Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den -Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.
      • -
    7. -
  7. Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, -indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle -ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.
    8. -
- -

Zertifikate und ihr Fingerabdruck

- - - - - - - - - - - -
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer111 (0x6f)
FingerabdruckSHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6
- -

- - - - - - - - - - -
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer531 (0x213)
FingerabdruckSHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33
- -

- - - - - - - - - - -
AusstellerCN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT
Seriennummer536 (0x0218)
FingerabdruckSHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f
- - -2003-05-06T07:09:50ZFrhu1o4mL4gQHdJcU0xSA/h4COE=CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT6455text/html \ No newline at end of file -- cgit v1.2.3 From 90d582de5e84815e72436b728ac7fd12f0a2d657 Mon Sep 17 00:00:00 2001 From: pdanner Date: Mon, 27 Aug 2007 10:18:47 +0000 Subject: changed JavaDoc git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@962 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index c776418ab..95cd65608 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -20,8 +20,7 @@ public interface InfoboxValidator { * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams * Parameters} needed by the validator. * - * @return True if validation succeeds, - * otherwise false. + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * * @throws ValidateException If an error occurs on validating the * InfoboxReadResponse. -- cgit v1.2.3 From 9ede2ad26816afcd3969a3c7e58c4572f38d0c38 Mon Sep 17 00:00:00 2001 From: pdanner Date: Mon, 27 Aug 2007 12:56:18 +0000 Subject: changed JavaDoc git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@963 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 4f0fe5ac7..de636b6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -191,8 +191,8 @@ public class VerifyXMLSignatureResponse { /** * Sets the signatureManifestCode. * - * @param signatureManifestCode The signatureManifestCode to set. - */ + * @param signatureManifestCheckCode The signatureManifestCode to set. + */ public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { this.signatureManifestCheckCode = signatureManifestCheckCode; } -- cgit v1.2.3 From 83f01ddf24d98dbb5df41fb627a14edee2d57df7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 17 Oct 2007 16:18:44 +0000 Subject: Implemented and integrated party representation and integrated mandates as per default available Now Eclipse projects are available. The Web Tools Platform can be used to run the web applications git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1014 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../idserverlib/src/main/java/META-INF/MANIFEST.MF | 3 + .../moa/id/auth/AuthenticationServer.java | 435 ++++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 12 +- .../AuthenticationDataAssertionBuilder.java | 1 + .../moa/id/auth/builder/BPKBuilder.java | 32 +- .../builder/GetVerifyAuthBlockFormBuilder.java | 86 +++ .../builder/InfoboxValidatorParamsBuilder.java | 10 +- .../moa/id/auth/data/AuthenticationSession.java | 199 +++++- .../moa/id/auth/data/InfoboxValidatorParams.java | 8 + .../id/auth/data/InfoboxValidatorParamsImpl.java | 21 + .../auth/servlet/ProcessValidatorInputServlet.java | 175 +++++ .../moa/id/auth/servlet/SelectBKUServlet.java | 10 +- .../auth/servlet/StartAuthenticationServlet.java | 10 +- .../servlet/VerifyAuthenticationBlockServlet.java | 26 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 25 +- .../CreateXMLSignatureResponseValidator.java | 2 +- .../moa/id/auth/validator/InfoboxValidator.java | 52 +- .../auth/validator/parep/ParepInputProcessor.java | 68 ++ .../validator/parep/ParepInputProcessorImpl.java | 298 +++++++++ .../moa/id/auth/validator/parep/ParepUtils.java | 708 +++++++++++++++++++++ .../id/auth/validator/parep/ParepValidator.java | 576 +++++++++++++++++ .../auth/validator/parep/PartyRepresentative.java | 159 +++++ .../parep/client/szrgw/CreateMandateRequest.java | 235 +++++++ .../parep/client/szrgw/CreateMandateResponse.java | 130 ++++ .../parep/client/szrgw/SOAPConstants.java | 23 + .../validator/parep/client/szrgw/SZRGWClient.java | 144 +++++ .../parep/client/szrgw/SZRGWClientException.java | 37 ++ .../parep/client/szrgw/SZRGWConstants.java | 51 ++ .../client/szrgw/SZRGWSecureSocketFactory.java | 94 +++ .../validator/parep/config/ParepConfiguration.java | 411 ++++++++++++ .../moa/id/config/ConfigurationBuilder.java | 8 +- .../moa/id/config/auth/OAAuthParameter.java | 24 + .../gv/egovernment/moa/id/util/ServletUtils.java | 63 ++ .../resources/properties/id_messages_de.properties | 7 + .../resources/templates/ParepMinTemplate.html | 134 ++++ .../resources/templates/ParepTemplate.html | 171 +++++ 36 files changed, 4287 insertions(+), 161 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <saml:Assertion> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,88 +657,137 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<CreateXMLSignatureResponse> sent by the * security layer implementation.
@@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting a security layer request + * + * @author Peter Danner + * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class GetVerifyAuthBlockFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ + private static final String PUSHINFOBOX_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + " " + nl + + " " + nl + + " Signatur der Anmeldedaten" + nl + + " " + nl + + " " + nl + + " " + nl + + "

" + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + " " + nl + + ""; + + /** + * Constructor for GetVerifyAuthBlockFormBuilder. + */ + public GetVerifyAuthBlockFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, + String bkuURL, + String xmlRequest, + String dataURL, + String pushInfobox) + throws BuildException + { + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + if (null==pushInfobox) pushInfobox=""; + htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); + return htmlForm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (Stammzahlen) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -90,6 +96,33 @@ public class AuthenticationSession { */ private String issueInstant; + /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + /** * Constructor for AuthenticationSession. * @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * null in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -62,6 +62,14 @@ public interface InfoboxValidatorParams { */ public String getTarget(); + /** + * Returns the register and number in the register parameter. + * null in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + /** * Returns true if the application is a business * service, otherwise false. This may be useful diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -48,6 +48,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { */ protected String target_; + /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + /** * The family name from the identity link. */ @@ -134,6 +139,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { return target_; } + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * Servlet requested for processing user input forms of infobox validators + * + * Utilizes the {@link AuthenticationServer}. + * + * @author Peter Danner + * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class ProcessValidatorInputServlet extends AuthServlet { + + public static final long serialVersionUID = 1; + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public ProcessValidatorInputServlet() { + super(); + } + + /** + * Shows the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); + String outputStream; + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + if (infoboxvalidator!=null) { + outputStream = infoboxvalidator.getForm(); + // replace strings the validators can not know + outputStream = ParepUtils.replaceAll(outputStream, "", session.getAuthURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", sessionID); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getBkuURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", dataURL); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getPushInfobox()); + } else { + throw new ValidateException("validator.65", null); + } + //resp.setStatus(200); + resp.setContentType("text/html;charset=UTF-8"); + OutputStream out = resp.getOutputStream(); + out.write(outputStream.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished GET ProcessInput"); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + /** + * Verifies the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + AuthenticationServer.processInput(session, parameters); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + // Now sign the AUTH Block + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + + // Test if we have a user input form sign template + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + String inputProcessorSignTemplate = null; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); + // override template url by url from configuration file + if (oaParam.getInputProcessorSignTemplateURL() != null) { + inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); + } + if (inputProcessorSignTemplateURL != null) { + try { + inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { inputProcessorSignTemplateURL, ex.toString()}, + ex); + } + } + + + + String htmlForm = new GetVerifyAuthBlockFormBuilder().build( + inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); + + resp.setContentType("text/html;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(htmlForm.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST ProcessInput"); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid InfoboxValidationResult is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the infoboxReadResponsesamlAssertion if needed. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.util.Map; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; + +/** + * Input processor for infobox validators. + */ +public interface ParepInputProcessor { + + /** + * Initialize user input processing. This function must initialize the + * processor to remember its state. Fixed values for the current authentication + * session are set here. + * + * @param representationID The id of the provided standardized mandate + * @param parepConfiguration The configuration of the party representation validator + * @param rpFamilyName The family name of the representative + * @param rpGivenName + * @param rpDateOfBirth + * @param request CreateMandateRequest containing the representative and the mandator + */ + + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request); + + /** + * Starting point of user input processing. This function must initialize the + * processor and remember its state. + * + * @param physical Is person a physical person selected + * @param familyName The family name of the mandator + * @param givenName + * @param dateOfBirth + * @param streetName The address of the physical person + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @return The initial user input form + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue); + + /** + * Validation after the user submitted form + * + * @param parameters Returned input field values + * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data + * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error. + */ + public String validate(Map parameters, String extErrortext); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Implements the standard party representation infobox validator input processor + * + * @author Peter Danner + * + */ +public class ParepInputProcessorImpl implements ParepInputProcessor{ + + /** the requested representation ID (currently * or OID) */ + private String representationID; + + /** contains the configuration of the owning validator */ + private ParepConfiguration parepConfiguration; + + /** Family name of the representative */ + private String rpFamilyName; + + /** Given name of the representative */ + private String rpGivenName; + + /** The representatives date of birth */ + private String rpDateOfBirth; + + /** The current CreateMandateRequest to the SZR-gateway */ + private CreateMandateRequest request; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest) + */ + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request) + { + // Initialization + this.representationID = representationID; + this.parepConfiguration = parepConfiguration; + this.rpFamilyName = rpFamilyName; + this.rpGivenName = rpGivenName; + this.rpDateOfBirth = rpDateOfBirth; + this.request = request; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue) + { + // Load the form + String form = loadForm( + physical, familyName, givenName, dateOfBirth, + streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue, ""); + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } catch (SZRGWClientException e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) + */ + public String validate(Map parameters, String extErrortext) + { + + // Process the gotten parameters + String form = null; + boolean formNecessary = false; + if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; + String locErrortext = "Folgende Parameter fehlen: "; + + String familyName = (String) parameters.get("familyname"); + if (null == familyName) familyName =""; + String givenName = (String) parameters.get("givenname"); + if (null == givenName) givenName =""; + boolean physical = "true".equals(parameters.get("physical")); + String dobday = (String) parameters.get("dobday"); + if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; + String dobmonth = (String) parameters.get("dobmonth"); + if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; + String dobyear = (String) parameters.get("dobyear"); + if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; + String dateOfBirth = ""; + dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); + dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); + dobday = (" ".substring(0, 2-dobday.length()) + dobday); + dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; + String cbFullName = (String) parameters.get("fullname"); + if (null == cbFullName) cbFullName =""; + String cbIdentificationType = (String) parameters.get("cbidentificationtype"); + if (null == cbIdentificationType) cbIdentificationType =""; + String cbIdentificationValue = (String) parameters.get("cbidentificationvalue"); + if (null == cbIdentificationValue) cbIdentificationValue =""; + String postalCode = (String) parameters.get("postalcode"); + if (null == postalCode) postalCode =""; + String municipality = (String) parameters.get("municipality"); + if (null == municipality) municipality =""; + String streetName = (String) parameters.get("streetname"); + if (null == streetName) streetName =""; + String buildingNumber = (String) parameters.get("buildingnumber"); + if (null == buildingNumber) buildingNumber =""; + String unit = (String) parameters.get("unit"); + if (null == unit) unit =""; + + if (physical) { + if (ParepUtils.isEmpty(familyName)) { + formNecessary = true; + locErrortext = locErrortext + "Familienname"; + } + if (ParepUtils.isEmpty(givenName)) { + formNecessary = true; + if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Vorname"; + } + // Auf existierendes Datum prüfen + SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); + format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen + try { + format.parse(dateOfBirth); + } + catch(ParseException pe) + { + formNecessary = true; + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "korrektes Geburtsdatum"; + } + } else { + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + if (ParepUtils.isEmpty(cbFullName)) { + locErrortext = locErrortext + "Name der Organisation"; + } + if (ParepUtils.isEmpty(cbIdentificationType)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Auswahl des Registers"; + } + if (ParepUtils.isEmpty(cbIdentificationValue)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; + } + } + } + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + if (formNecessary) { + // Daten noch nicht vollständig oder anderer Fehler + if (locErrortext.endsWith("fehlen: ")) locErrortext =""; + String error = ""; + if (!ParepUtils.isEmpty(extErrortext)) { + error = extErrortext; + if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; + } + if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; + if (!ParepUtils.isEmpty(error)) { + error = "
\"  " + error + "
"; + } + form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); + if (form == null) { + return null; + } + } else { + return ""; // everything is ok + } + } catch (Exception e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /** + * Loads the empty user input form and replaces tag occurences with given variables + * + * @param physical + * @param familyName + * @param givenName + * @param dateOfBirth + * @param streetName + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @param errorText + * @return + */ + private String loadForm( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) + { + String form = ""; + try { + String fileName = parepConfiguration.getInputProcessorTemplate(representationID); + InputStream instream = null; + File file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + fileName = parepConfiguration.getFullDirectoryName(fileName); + file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + //else load a named resource in our classloader. + instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); + if (instream == null) { + Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); + return null; + } + } + } + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.dumpInputOutputStream(instream, bos); + form = bos.toString("UTF-8"); + } catch(Exception e) { + Logger.error("Fehler beim Einlesen des Input-Templates.", e); + } + + if (!ParepUtils.isEmpty(form)) { + boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); + boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); + boolean reducedSelection = (!physEnabled || !cbEnabled); + if (reducedSelection) { + physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar + } + if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; + form = ParepUtils.replaceAll(form, "", rpGivenName); + form = ParepUtils.replaceAll(form, "", rpFamilyName); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); + //darf zw. phys. und jur. Person gewählt werden: + //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); + form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); + form = ParepUtils.replaceAll(form, "", givenName); + form = ParepUtils.replaceAll(form, "", familyName); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); + form = ParepUtils.replaceAll(form, "", streetName); + form = ParepUtils.replaceAll(form, "", buildingNumber); + form = ParepUtils.replaceAll(form, "", unit); + form = ParepUtils.replaceAll(form, "", postalCode); + form = ParepUtils.replaceAll(form, "", municipality); + form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "", cbFullName); + form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); + form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); + form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "", cbIdentificationValue); + form = ParepUtils.replaceAll(form, "", errorText); + } + return form; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; + +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class implements a set of utility methods. + * + * @author Peter Danner + */ +public class ParepUtils { + + /** + * Determines whether a string is null or empty + * + * @param str the string to check. + * @return true if the string is null or empty, + * false otherwise. + */ + public static boolean isEmpty(String str) { + return str == null || "".equals(str); + } + + /** + * Reads a XML document from an input stream (namespace-aware). + * + * @param is + * the input stream to read from. + * @return the read XML document. + * @throws SZRGWClientException + * if an error occurs reading the document from the input stream. + */ + public static Document readDocFromIs(InputStream is) throws SZRGWClientException { + try { + DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); + f.setNamespaceAware(true); + return f.newDocumentBuilder().parse(is); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /* + * + */ + public static String extractRepresentativeID(Element mandate) throws ValidateException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); + if (resultNode != null) { + return resultNode.getTextContent(); + } + return null; + } catch (Exception e) { + throw new ValidateException("validator.62", null); + } + } + + // TODO: remove unreferenced + + /** + * Dumps all bytes from an input stream to the given output stream. + * + * @param is + * the input stream to dump from. + * @param os + * the output stream to dump to. + * @throws IOException + * if an error occurs while dumping. + */ + public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException { + if (is == null) { + return; + } + int ch; + while ((ch = is.read()) != -1) { + os.write(ch); + } + } + + /** + * Gets a string that represents the date a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing date from. + * @return the issuing date of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing date of the + * mandate. + */ + public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode); + + if (dateNode == null) { + throw new Exception("Date in Mandate-Issued not found."); + } + return dateNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Gets a string that represents the place a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing place from. + * @return the issuing place of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing place of the + * mandate. + */ + public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode); + + if (placeNode == null) { + throw new Exception("Place in Mandate-Issued not found."); + } + return placeNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the textual description of the mandate. + * + * @param mandate + * the mandate to extract the textual description from. + * @return the textual description of the mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the textual description. + */ + public static String getMandateContent(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode); + + if (contentNode == null) { + throw new Exception("Content in Mandate not found."); + } + return contentNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the md:Mandator element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the md:Mandator from. + * @return the md:Mandator element. + * @throws SZRGWClientException + * if an error occurs extracting the md:Mandator element. + */ + public static Element extractMandator(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode); + if (mandator == null) { + // if we got the Mandator itself + if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate; + } + if (mandator == null) + return null; + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return mandatorClone; + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /** + * Tells wether a mandator is a physical person or not. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return true if the mandator is a physical person, false otherwise. + */ + public static boolean isPhysicalPerson(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // check if physical person + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, + // "descendant-or-self::pr:CorporateBody", nameSpaceNode); + return physicalPerson != null; + } catch (Exception e) { + e.printStackTrace(); + return false; + } + } + + /** + * Extracts the pr:PhysicalPerson or pr:CorporateBody + * element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:PhysicalPerson or pr:CorporateBody element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPersonOfMandate(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode); + } + if (person == null) return null; + String nsPrefix = person.getPrefix(); + String nsUri = person.getNamespaceURI(); + Element personClone = (Element) person.cloneNode(true); + personClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return personClone; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Benerates the pr:Person element form a + * pr:PhysicalPerson or pr:CorporateBody + * element of a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:Person element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPrPersonOfMandate(Element mandate) throws ParseException { + + try { + Document document = ParepUtils.createEmptyDocument(); + Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI); + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode); + } + if (person != null) { + root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName()); + if (person != null) { + NodeList nl = person.getChildNodes(); + for (int i = 0; i < nl.getLength(); i++) { + Node testNode = nl.item(i); + if (Node.ELEMENT_NODE == testNode.getNodeType()) { + root.appendChild(document.importNode(testNode, true)); + } + } + } + } + + return root; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Extracts the name of the mandator as a string representation. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return the mandator name as a string. + */ + public static String extractMandatorName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // first check if physical person + Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); + if (name != null) { + String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue(); + String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue(); + + return givenName + " " + familyName; + } + + // check if corporate body + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode); + if (fullName != null) { + return fullName.getNodeValue(); + } + return ""; + } catch (Exception e) { + //e.printStackTrace(); + return ""; + } + } + + /** + * Extracts specific text of an element of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the resulting text of the mandator element. + */ + public static String extractText(Element mandator, String xpath) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode); + if (textNode == null) + return null; + return textNode.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the date of birth of the mandator of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the dob of the mandator. + */ + public static String extractMandatorDateOfBirth(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode); + if (dobName == null) + return null; + return dobName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the full name of the mandators corporate body of a given + * md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the full name of the mandator. + */ + public static String extractMandatorFullName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode); + if (fullName == null) + return null; + return fullName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the identification value of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification value. + */ + public static String extractMandatorWbpk(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValue != null) { + return idValue.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /** + * Extracts the identification type of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification type. + */ + public static String extractMandatorIdentificationType(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idType != null) { + return idType.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /* + * + */ + public static String getIdentification(Element personElement, String element) throws ParseException { + try { + + Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode) + .getNodeValue(); + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /* + * + */ + private static Element extractRepresentative(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode); + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + + return mandatorClone; + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Serializes a XML element to a given output stream. + * + * @param element + * the XML element to serialize. + * @param out + * the output streamt o serialize to. + * @throws IOException + * if an I/O error occurs during serialization. + */ + public static void serializeElement(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(false); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format); + serializer.serialize(element); + } + + public static void saveStringToFile(String str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str.getBytes()); + fos.flush(); + fos.close(); + } + + public static void saveBytesToFile(byte[] str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str); + fos.flush(); + fos.close(); + } + + public static void saveElementToFile(Element elem, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + serializeElementWithoutEncoding(elem, fos); + fos.flush(); + fos.close(); + } + + /** + * Creates an empty XML document. + * + * @return a newly created empty XML document. + * @throws SZRGWClientException + * if an error occurs creating the empty document. + */ + public static Document createEmptyDocument() throws SZRGWClientException { + try { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + return factory.newDocumentBuilder().newDocument(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + + /** + * Tells if the Validator of an Infobox is enabled. If the corresponding application + * specific configuration element EnableInfoboxValidator is missing, a default value true is assumed + * + * @param applicationSpecificParams + * the XML element of the infobox configuration. + * @return the boolean value of the determination. + * @throws ConfigurationException + * if an error occurs reading the configuration. + */ + public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException { + try { + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + + //ParepUtils.serializeElement(applicationSpecificParams, System.out); + Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX + + ":EnableInfoboxValidator/text()", nameSpaceNode); + if (validatorEnabledNode != null) { + return BoolUtils.valueOf(validatorEnabledNode.getNodeValue()); + } + return true; + } catch (Exception e) { + // e.printStackTrace(); + throw new ConfigurationException("config.02", null); + } + } + + /** + * Delivers a String with the description of the register which is described + * through the identification Type of a corporate body of the persondata schema + * + * @param identificationType + * the identification type. + * @return the register description. + */ + public static String getRegisterString(String identificationType) { + String corporateBase = Constants.URN_PREFIX_BASEID + "+"; + if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null; + String register = identificationType.substring(corporateBase.length()); + if (ParepUtils.isEmpty(register)) return null; + if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer"; + if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister"; + if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene"; + return null; + } + + /** + * Hides Stammzahlen in the given element + * + * @param hideElement The element where Stammzahlen should be replaced. + * @param businessApplication For decision whether to calc a bPK or wbPK. + * @param target Target for calculating a bPK. + * @param registerID Necessary string for calculating a wbPK (example FN+4096i). + * @param blank Switch for behaviour. + * true if Stammzahlen are blinded. All occurences will be replaced by empty strings. + * false calculates (w)bPKs and changes also the pr:Identifivation/pr:Type elements. + * @return The element where Stammzahlen are hidden. + */ + public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank) + throws BuildException { + try { + if (hideElement != null) { + Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode); + for (int i = 0; i < identifications.getLength(); i++) { + Element identificationElement = (Element) identifications.item(i); + Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) { + Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) { + Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden."); + throw new BuildException("builder.02", null); + } + if (blank) { + idValueNode.setNodeValue(""); + } else { + String idValue = idValueNode.getNodeValue(); + if (businessApplication) { + // wbPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID); + String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID); + idValueNode.setNodeValue(bpkBase64); + + } else { + // bPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK); + String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target); + idValueNode.setNodeValue(bpkBase64); + } + } + } + } + } + } catch (Exception e) { + throw new BuildException("builder.02", null); + } + return hideElement; + } + + /** + * Replaces each substring of string s that matches the given + * search string by the given replace string. + * + * @param s The string where the replacement should take place. + * @param search The pattern that should be replaced. + * @param replace The string that should replace all each search + * string within s. + * @return A string where all occurrence of search are + * replaced with replace. + */ + public static String replaceAll (String s, String search, String replace) { + if (replace==null) replace = ""; + return StringUtils.replaceAll(s, search, replace); + } + + +// public static void main(String[] args) throws Exception { +// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml")); +// Element mandatorElement = extractMandator(mandate.getDocumentElement()); +// System.out.println(extractMandatorName(mandatorElement)); +// System.out.println(extractMandatorDateOfBirth(mandatorElement)); +// System.out.println(extractMandatorWbpk(mandatorElement)); +// //serializeElement(mandatorElement, System.out); +// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out); +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a MOA-ID Infobox Validator for validating + * a standardized XML mandate using the SZR-gateway. + * + * @author Peter Danner + */ +public class ParepValidator implements InfoboxValidator { + + /** activates debug settings */ + private boolean PAREP_DEBUG = false; + + /** contains the parameters the validator initially was called with */ + private InfoboxValidatorParams params = null; + + /** contains the configuration of the validator */ + private ParepConfiguration parepConfiguration = null; + + /** the requested representation ID (currently * or OID) */ + private String representationID = null; + + /** holds the information of the SZR-request */ + private CreateMandateRequest request = null; + + /** List of extended SAML attributes. */ + private Vector extendedSamlAttributes = new Vector(); + + /** the class which processes the user input */ + private ParepInputProcessor inputProcessor = null; + + /** The form if user input is necessary */ + private String form = null; + + /** unspecified error of parep-validator (must not know more about)*/ + private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten"; + + /** Default class to gather remaining mandator data. */ + public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; + + /** Default template to gather remaining mandator data. */ + public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; + + /** kind of representation text in AUTH block*/ + public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter"; + + /** Names of the produced SAML-attributes. */ + public final static String EXT_SAML_MANDATE_RAW = "Vollmacht"; + public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName"; + public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum"; + public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt"; + + /** register and register number for non physical persons - the domain identifier for business applications*/ + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer"; + + /** + * Parses the XML configuration element and creates the validators configuration + * Use this function if you want to preconfigure the validator. + * + * @param configElem + * the XML configuration element to parse. + * @throws ConfigurationException + * if an error occurs during the configuration process + */ + public void Configure(Element configElem) throws ConfigurationException { + if (this.parepConfiguration == null) { + Logger.debug("Lade Konfiguration."); + parepConfiguration = new ParepConfiguration(configElem); + Logger.debug("Konfiguration erfolgreich geladen."); + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) + */ + public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + + try { + Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung."); + this.params = params; + + Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); + // ParepUtils.serializeElement(mandate, System.out); + this.representationID = ParepUtils.extractRepresentativeID(mandate); + if (ParepUtils.isEmpty(representationID)) { + validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); + return validationResult; + } + + // Überprüfen der Identifikation (Type/Value). + String identificationType = this.params.getIdentificationType(); + String identificationValue = this.params.getIdentificationValue(); + if (this.params.getBusinessApplication()) { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); + return validationResult; + + } else { + Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); + } + } else { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt + if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } else { + Logger.debug("Organwalter wird mit Stammzahl identifiziert"); + } + } else { + if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist + identificationType = Constants.URN_PREFIX_CDID; + String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); + identificationValue = bpkBase64; + Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); + } else { + Logger.debug("Parteienvertreter wird mit bPK identifiziert"); + } + } + } + + Configure(this.params.getApplicationSpecificParams()); + // check if we have a configured party representative for that + if (!parepConfiguration.isPartyRepresentative(representationID)) { + Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } + + // Vertreter + this.request = new CreateMandateRequest(); + request.setRepresentative(this.params, identificationType, identificationValue); + // ParepUtils.serializeElement(request.getRepresentative(), System.out); + //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); + + Logger.debug("Prüfe vorausgefüllte Daten..."); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + boolean formNecessary = false; + // Vertretener (erstes Vorkommen) + Element mandator = ParepUtils.extractMandator(mandate); + if (mandator != null) { + // ParepUtils.serializeElement(mandator, System.out); + // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + + } + if (physical) { + if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { + validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { + formNecessary = true; + } + } else { + if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { + validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + } + } + + //Zeigen wir, dass die Daten übernommen wurden: + if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; + + // Input processor + this.form = ""; + if (formNecessary) { + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.start( + physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } else { + // Request vorbereiten mit vorgegebenen Daten + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } + + + // ParepUtils.serializeElement(request.getMandator(), System.out); + // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); + + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet"); + validationResult.setValid(true); + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) + */ + public InfoboxValidationResult validate(Map parameters) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Prüfe im Formular ausgefüllte Daten..."); + if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); + + // Input processor + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.validate(parameters, null); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + extendedSamlAttributes.clear(); + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + return validationResult; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) + */ + public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + this.form = ""; + try { + + // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen. + + request.setSignature(samlAssertion); + +//DPO debug +// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); +// String id = representationID; +// CreateMandateResponse response; +// if (true) { +// if (this.params.getHideStammzahl()) { +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); +// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. +// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen. +// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK +// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +// } +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); + + //ParepUtils.serializeElement(request.toElement(), System.out); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); + + // configure szrgw client + Logger.debug("Lade SZR-GW Client."); + SZRGWClient client = new SZRGWClient(); + // System.out.println("Parameters: " + cfg.getConnectionParameters()); + Logger.debug("Initialisiere Verbindung..."); + ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); + // Logger.debug("Connection Parameters: " + connectionParameters); + Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } + + Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); + CreateMandateResponse response; + Element requ = request.toElement(); + try { + response = client.createMandateResponse(requ); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway..."); + client = new SZRGWClient(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + response = client.createMandateResponse(requ); + } + if (response.getResultCode()==2000) { + if(response.getMandate()==null) { + Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + + + //DPO debug output (2lines) + String id = representationID; + if (id.equals("*")) id="standardisiert"; + + Element mandate = response.getMandate(); + // Replace Stammzahlen + if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); + if (this.params.getHideStammzahl()) { + ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); + } + + extendedSamlAttributes.clear(); + // Vollmacht + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + } else { + String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; + String responseInfo = response.getInfo(); + if (response.getResultCode()>4000 && response.getResultCode()<4999) { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + validationResult.setErrorMessage(errorMsg); + } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) { + // Person not found + ParepInputProcessor inputProcessor= getInputProcessor(); + if (response.getResultCode()==3000) { //TODO: verify code + errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben."; + } else { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + } + + this.form = inputProcessor.validate(generateParameters(), errorMsg); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + validationResult.setValid(true); + } else { + // Do not inform the user too much + Logger.error(errorMsg); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + } + + } + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /** + * provides the primary infobox token of the given list. + * + * @param infoBoxTokens + * the list of infobox tokens. + * @return + * the XML element of the primary token. + * @throws ValidateException + * if an error occurs or list is not suitable. + */ + public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { + if (infoBoxTokens == null || infoBoxTokens.size() == 0) { + throw new ValidateException("validator.62", null); + } + for (int i = 0; i < infoBoxTokens.size(); i++) { + InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); + if (token.isPrimary()) { + return token.getXMLToken(); + } + } + throw new ValidateException("validator.62", null); + } + + /* + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); + return ret; + } + + + /** + * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. + */ + public String getForm() { + return this.form; + } + + /** + * Gets the user form input processor (class) assigned to the current party representative + * If the method is called for the first time it initializes the input processor. + * + * @return The user form input processor + */ + private ParepInputProcessor getInputProcessor() { + + if (this.inputProcessor!=null) return inputProcessor; + String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); + ParepInputProcessor inputProcessor = null; + try { + Class inputProcessorClass = Class.forName(inputProcessorName); + inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); + inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); + } catch (Exception e) { + Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); + } + this.inputProcessor = inputProcessor; + return inputProcessor; + } + + /** + * Generates the parameter list, which is needed to simulate a return from + * an user form. + * + * @return the form parameters + */ + private Map generateParameters() { + Map parameters = new HashMap(); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + try { + // Vertretener (erstes Vorkommen) + Element mandator = request.getMandator(); + ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml")); + if (mandator != null) { + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + } + } catch (Exception e) { + Logger.error("Could not extract Mandator form SZR-gateway request"); + } + parameters.put("familyname", familyName); + parameters.put("givenname", givenName); + parameters.put("dateofbirth", dateOfBirth); + parameters.put("dobyear", dateOfBirth.substring(0,4)); + parameters.put("dobmonth", dateOfBirth.substring(5,7)); + parameters.put("dobday", dateOfBirth.substring(8,10)); + parameters.put("physical", physical ? "true" : "false"); + parameters.put("fullname", cbFullName); + parameters.put("cbidentificationtype", cbIdentificationType); + parameters.put("cbidentificationvalue", cbIdentificationValue); + parameters.put("postalcode", postalCode); + parameters.put("municipality", municipality); + parameters.put("streetname", streetName); + parameters.put("buildingnumber", buildingNumber); + parameters.put("unit", unit); + return parameters; + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + */ + private void addAuthBlockExtendedSamlAttributes() { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + Element mandator = request.getMandator(); + extendedSamlAttributes.clear(); + // Name + String name = ParepUtils.extractMandatorName(mandator); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + // Geburtsdatum + String dob = ParepUtils.extractMandatorDateOfBirth(mandator); + if (dob != null && !"".equals(dob)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)){ + String idType = ParepUtils.extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (this.params.getBusinessApplication()) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + } + +// public static void main(String[] args) throws Exception { +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; + +/** + * @author Peter Danner + * + */ +public class PartyRepresentative { + + /** Object Identifier **/ + private String oid; + + private boolean representPhysicalParty; + + private boolean representCorporateParty; + + /** + * Text for representation description in SAML Assertion (Auth-Block) + * */ + private String representationText; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter connectionParameters = null; + + private String inputProcessorClass = null; + private String inputProcessorTemplate = null; + + /** + * Constructor + */ +public PartyRepresentative() { + this.oid = null; + this.representPhysicalParty = false; + this.representCorporateParty = false; + this.connectionParameters = null; + this.representationText = null; +} + +/** + * Constructor + */ + public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) { + this.oid = null; + this.representPhysicalParty = representPhysicalParty; + this.representCorporateParty = representCorporateParty; + this.connectionParameters = null; + this.representationText = null; + this.inputProcessorClass = null; + this.inputProcessorTemplate = null; + } + + /** + * @return the oid + */ + public String getOid() { + return oid; + } + + /** + * @param oid the oid to set + */ + public void setOid(String oid) { + this.oid = oid; + } + + /** + * @return the representPhysicalParty + */ + public boolean isRepresentingPhysicalParty() { + return representPhysicalParty; + } + + /** + * @param representPhysicalParty the representPhysicalParty to set + */ + public void setRepresentingPhysicalParty(boolean representPhysicalParty) { + this.representPhysicalParty = representPhysicalParty; + } + + /** + * @return the representCorporateParty + */ + public boolean isRepresentingCorporateParty() { + return representCorporateParty; + } + + /** + * @param representCorporateParty the representCorporateParty to set + */ + public void setRepresentingCorporateParty(boolean representCorporateParty) { + this.representCorporateParty = representCorporateParty; + } + + /** + * @return the connectionParameters + */ + public ConnectionParameter getConnectionParameters() { + return connectionParameters; + } + + /** + * @param connectionParameters the connectionParameters to set + */ + public void setConnectionParameters(ConnectionParameter connectionParameters) { + this.connectionParameters = connectionParameters; + } + + + /** + * @return the representationText + */ + public String getRepresentationText() { + return representationText; + } + + + /** + * @param representationText the representationText to set + */ + public void setRepresentationText(String representationText) { + this.representationText = representationText; + } + + /** + * @return the inputProcessorClass + */ + public String getInputProcessorClass() { + return inputProcessorClass; + } + + /** + * @param inputProcessorClass the inputProcessorClass to set + */ + public void setInputProcessorClass(String inputProcessorClass) { + this.inputProcessorClass = inputProcessorClass; + } + + /** + * @return the inputProcessorTemplate + */ + public String getInputProcessorTemplate() { + return inputProcessorTemplate; + } + + /** + * @param inputProcessorTemplate the inputProcessorTemplate to set + */ + public void setInputProcessorTemplate(String inputProcessorTemplate) { + this.inputProcessorTemplate = inputProcessorTemplate; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a detailed CreateMandateRequest that + * will be sent to SZR-gateway. + * + * @author Peter Danner + */ +public class CreateMandateRequest { + + /** + * The Request. + */ + private Document document; + + /** + * List of mandate representatives as XML element. + */ + private List representatives; + + /** + * The mandator. + */ + private Element mandator; + + /** + * The representative. + */ + private Element representative; + + /** + * The signature to verify by the SZR-gateway + */ + private Element signature; + + + + /** + * Creates the CreateMandateRequest element that will + * be sent to SZR-gateway + * + * @return the CreateMandateRequest element. + */ + public Element toElement() throws SZRGWClientException{ + + this.document = ParepUtils.createEmptyDocument(); + Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST); + root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true)); + if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true)); + if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true)); + + return root; + } + + /** + * Adds a representative. + * + * @param representative an XML representative to add. + */ + public void addRepresentative(Element representative) { + if (representatives == null) { + representatives = new ArrayList(); + } + representatives.add(representative); + } + + /** + * Gets the representative. + * + * @return the representative. + */ + public Element getRepresentative() { + return representative; + } + + /** + * Gets the mandator. + * + * @return the mandator. + */ + public Element getMandator() { + return mandator; + } + + /** + * Sets the mandator. + * + * @param mandator the mandator. + */ + public void setMandator(Element mandator) { + this.mandator = mandator; + } + + /** + * Sets the Mandator. + * + * @param familyName the family name of the mandator. + */ + public void setMandator(String familyName, String givenName, String dateOfBirth, + String postalCode, String municipality, String streetName, String buildingNumber, String unit, + boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException { + + Document mandatorDocument = ParepUtils.createEmptyDocument(); + + Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR); +// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + if (physical) { + Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON); + physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName)); + physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth)); + mandatorElem.appendChild(physicalPersonElem); + Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit); + if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement); + } else { + Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY); + corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue)); + corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName)); + mandatorElem.appendChild(corporateBodyElem); + } + + + this.mandator = mandatorElem; + } + + private Element createPersonDataElem(Document document, String elementName, String elementValue) { + Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName); + Node value = document.createTextNode(elementValue); + elem.appendChild(value); + return elem; + } + + private Element createIdentificationElem(Document document, String identificationType, String identificationValue) { + Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue)); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType)); + return identificationElem; + } + private Element createNameElem(Document document, String givenName, String familyName) { + Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName)); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName)); + return nameElem; + } + private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) { + + if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName) + && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null; + Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS); + + if (!ParepUtils.isEmpty(postalCode)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode)); + } + if (!ParepUtils.isEmpty(municipality)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality)); + } + if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) { + Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS); + + if (!ParepUtils.isEmpty(streetName)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName)); + } + if (!ParepUtils.isEmpty(buildingNumber)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber)); + } + if (!ParepUtils.isEmpty(unit)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit)); + } + postalAddressElem.appendChild(deliveryAddressElem); + } + return postalAddressElem; + } + + + + /** + * Sets the Representative. + * + * @param params InfoboxValidatorParams contain the data of the representative. + * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid). + * @param identificationValue the identification value (bPK). + */ + public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException { + + Document representativeDocument = ParepUtils.createEmptyDocument(); + + Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); + representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); + representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); + + this.representative = representativeElem; + } + + /** + * @return the signature + */ + public Element getSignature() { + return signature; + } + + /** + * @param signature the signature to set + */ + public void setSignature(Element signature) throws SZRGWClientException{ + Document signatureDocument = ParepUtils.createEmptyDocument(); + Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature"); + //SZR-gateway takes the first Signature + //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature"); + signatureElem.appendChild(signatureDocument.importNode(signature, true)); + this.signature = signatureElem; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.FileInputStream; +import java.util.Hashtable; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + + +/** + * This class implements a SZR-gateway CreateMandate Response. + * + * @author Peter Danner + */ +public class CreateMandateResponse { + + /** + * Result code of the request. + */ + private int resultCode; + + /** + * Description of the result. + */ + private String resultInfo; + + /** + * The returned mandate. + */ + private Element mandate; + + /** + * @return the resultCode + */ + public int getResultCode() { + return resultCode; + } + + /** + * @param resultCode the resultCode to set + */ + public void setResultCode(String resultCode) { + if (resultCode!=null) { + this.resultCode = Integer.parseInt(resultCode); + } else { + this.resultCode = 0; + } + } + + /** + * @return the resultInfo + */ + public String getInfo() { + return resultInfo; + } + + /** + * @param resultInfo the resultInfo to set + */ + public void setInfo(String resultInfo) { + this.resultInfo = resultInfo; + } + + /** + * @return the mandate + */ + public Element getMandate() { + return mandate; + } + + /** + * @param mandate the mandate to set + */ + public void setMandate(Element mandate) { + this.mandate = mandate; + } + + + /** + * Parses the SZR-gateway response. + * + * @param response the SZR-gateway response. + * @throws SZRGWClientException if an error occurs. + */ + public void parse(Element response) throws SZRGWClientException { + try { + + // first check if response is a soap error + NodeList list = response.getElementsByTagName("faultstring"); + if (list.getLength() > 0) { + throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue()); + } + + this.mandate = null; + this.resultCode = 2000; + this.resultInfo = null; + // parse single SZR-gateway results + Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + + Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode); + if (mandateNode!=null) { + this.mandate = (Element) mandateNode; + } else { + String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/"; + Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode); + if (errorCode!=null) setResultCode(errorCode.getNodeValue()); + Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode); + this.setInfo(errorInfo.getNodeValue()); + } + } catch(Exception e) { + e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + public static void main(String[] args) throws Exception { +// CreateMandateResponse resp = new CreateMandateResponse(); +// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml")); +// Element response = doc.getDocumentElement(); +// resp.parse(response); +// System.out.println(resp.getResultCode()); +// System.out.println(resp.getInfo()); +// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * SOAP Envelope Constants. + * + * @author Arne Tauber + * @version $ $ + **/ +public interface SOAPConstants { + + /* + * Namespaces and namespace prefixes for SOAP message handling + */ + String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; + String SOAP_ENV_PREFIX = "soapenv:"; + String SOAP_ENV_POSTFIX = ":soapenv"; + + String ENVELOPE = "Envelope"; + String BODY = "Body"; + String ENCODING_STYLE = "encodingStyle"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.security.Security; + +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.protocol.Protocol; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; + + +/** + * This class implements a client for communication with the SZR-gateway + *

+ * Two types of requests are supported + *

    + *
  1. Basic Request
    2. + *
  2. Detailed Request
    3. + *
+ * + * @author Peter Danner + */ +public class SZRGWClient { + /** + * The URL of the SZR-gateway webservice. + */ + private String address; + + /** + * The SSL socket factory when using a secure connection. + */ + private SSLSocketFactory sSLSocketFactory; + + /** + * Constructor + */ + public SZRGWClient() { + } + + /** + * Constructor + * + * @param address the URL of the SZR-gateway webservice. + */ + public SZRGWClient(String address) { + this.address = address; + } + /** + * Sets the SSL socket factory. + * + * @param factory the SSL socket factory. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) { + this.sSLSocketFactory = factory; + } + + /** + * Sets the SZR webservice URL + * + * @param address the URL of the SZR-gateway webservice. + */ + public void setAddress(String address) { + this.address = address; + } + + /** + * Creates a mandate. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException { + Logger.info("Connecting to SZR-gateway."); + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + + client.executeMethod(method); + CreateMandateResponse response = new CreateMandateResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + response.parse(doc.getDocumentElement()); + + + return response; + } catch(Exception e) { + //e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + /* + * builds an XML soap envelope + */ + private Element getSOAPBody() throws SZRGWClientException { + Document doc_ = ParepUtils.createEmptyDocument(); + Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE); + doc_.appendChild(root); + + root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE); + root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema"); + root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); + + Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY); + root.appendChild(body); + + return body; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This class implements the basic exception type for the SZR-gateway client + * + * @author Peter Danner + */ +public class SZRGWClientException extends Exception { + + /* + * see super constructor. + */ + public SZRGWClientException() { + super(); + } + + /* + * see super constructor. + */ + public SZRGWClientException(String arg0) { + super(arg0); + } + + /* + * see super construction. + */ + public SZRGWClientException(Throwable arg0) { + super(arg0); + } + + /* + * see super constructor + */ + public SZRGWClientException(String arg0, Throwable arg1) { + super(arg0, arg1); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This interface specifies all the constants needed for the communication with the SZR-gateway. + * + * @author Peter Danner + */ +public interface SZRGWConstants { + + //PersonData + String PD_PREFIX = "pr:"; + String PD_POSTFIX = ":pr"; + String PERSON = "Person"; + String PHYSICALPERSON = "PhysicalPerson"; + String CORPORATEBODY = "CorporateBody"; + String IDENTIFICATION = "Identification"; + String VALUE = "Value"; + String TYPE = "Type"; + String NAME = "Name"; + String GIVENNAME = "GivenName"; + String FAMILYNAME = "FamilyName"; + String DATEOFBIRTH = "DateOfBirth"; + String FULLNAME = "FullName"; + String ORGANIZATION = "Organization"; + + String POSTALADDRESS = "PostalAddress"; + String DELIVERYADDRESS = "DeliveryAddress"; + String MUNICIPALITY = "Municipality"; + String POSTALCODE = "PostalCode"; + String STREETNAME = "StreetName"; + String BUILDINGNUMBER = "BuildingNumber"; + String UNIT = "Unit"; + //String ADDRESS = "Address"; + //String COUNTRYCODE = "CountryCode"; + //String DOORNUMBER = "DoorNumber"; + + // SZR-gateway constants + String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + String SZRGW_PREFIX = "sgw:"; + String SZRGW_POSTFIX = ":sgw"; + String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + String ERROR_RESPONSE = "ErrorResponse"; + String MANDATOR = "Mandator"; + String REPRESENTATIVE = "Representative"; + String MANDATE = "Mandate"; + String MANDATE_PREFIX = "md:"; + String MANDATE_POSTFIX = ":md"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + + +/** + * This class implements a secure protocol socket factory + * for the Apache HTTP client. + * + * @author Peter Danner + */ +public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { + + /** + * The SSL socket factory. + */ + private SSLSocketFactory factory; + + /** + * Creates a new Secure socket factory for the + * Apache HTTP client. + * + * @param factory the SSL socket factory to use. + */ + public SZRGWSecureSocketFactory(SSLSocketFactory factory) { + this.factory = factory; + } + + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { + + return this.factory.createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return this.factory.createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException { + return this.factory.createSocket( + socket, + host, + port, + autoClose + ); + } + + /** + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return SZRGWSecureSocketFactory.class.hashCode(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config; + +import java.io.File; +import java.io.FileInputStream; +import java.util.HashMap; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements the Configuration. + * + * @author Peter Danner + */ +public class ParepConfiguration { + + /** + * System property for config file. + */ + public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter standardConnectionParameters; + + /** + * Input field processor. + */ + private String standardInputProcessorClass; + + /** + * Input field processor template. + */ + private String standardInputProcessorTemplate; + + /** + * Configured party representatives. + */ + private HashMap partyRepresentatives; + + /** + * The configuration element. + */ + private Element configElement = null; + + /** + * Defines whether the user input form must be shown on each + * request or not (also predefined mandates) + */ + private boolean alwaysShowForm = false; + + /** + * The configuration base directory. + */ + private String baseDir_; + + /** + * Gets the SZR-GW connection parameters. + * + * @return the connection parameters. + */ + public ConnectionParameter getConnectionParameters(String representationID) { + if (partyRepresentatives == null || "*".equals(representationID)) + return standardConnectionParameters; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + ConnectionParameter connectionParameters = pr.getConnectionParameters(); + if (connectionParameters==null) connectionParameters = standardConnectionParameters; + return connectionParameters; + } + + /** + * Sets the SZR-GW connection parameters for standard connection. + * + * @param connectionParameters + * the connection parameters. + */ + public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { + this.standardConnectionParameters = connectionParameters; + } + + /* + * + */ + public String getFullDirectoryName(String fileString) { + return makeAbsoluteURL(fileString, baseDir_); + } + + /* + * + */ + private static String makeAbsoluteURL(String url, String root) { + // if url is relative to rootConfigFileDirName make it absolute + + File keyFile; + String newURL = url; + + if (null == url) + return null; + + if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { + return url; + } else { + // check if absolute - if not make it absolute + keyFile = new File(url); + if (!keyFile.isAbsolute()) { + keyFile = new File(root, url); + newURL = keyFile.getPath(); + } + return newURL; + } + } + + /** + * Initializes the configuration with a given XML configuration element found + * in the MOA-ID configuration. + * + * @param configElem + * the configuration element. + * @throws ConfigurationException + * if an error occurs initializing the configuration. + */ + public ParepConfiguration(Element configElem) throws ConfigurationException { + + partyRepresentatives = new HashMap(); + partyRepresentatives.put("*", new PartyRepresentative(true, true)); + + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + + try { + + baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); + Logger.trace("Config base directory: " + baseDir_); + // check for configuration in system properties + if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { + Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); + this.configElement = doc.getDocumentElement(); + } else { + this.configElement = configElem; + } + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); + } + load(); + } + + /* + * + */ + private void load() throws ConfigurationException { + Logger.debug("Parse ParepValidator Konfiguration"); + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + // nameSpaceNode.setAttribute("xmlns:sgw", + // SZRGWConstants.SZRGW_PROFILE_NS); + + Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorNode != null) { + this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); + Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassNode != null) { + this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); + } + } + Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); + if (alwaysShowFormNode != null) { + this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); + } + + // load connection parameters + Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); + Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); + if (connectionParamElement != null) { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamElement, System.out); + this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); + } + + Logger.debug("Lade Konfiguration der Parteienvertreter"); + NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); + for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { + + PartyRepresentative partyRepresentative = new PartyRepresentative(); + + Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); + boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; + boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; + partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); + partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); + partyRepresentative.setRepresentingCorporateParty(representCorporateParty); + partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); + + Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorSubNode != null) { + partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); + Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassSubNode != null) { + partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); + } + } + + Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":ConnectionParameter", nameSpaceNode); + if (connectionParamSubElement == null) { + if (this.standardConnectionParameters == null) { + throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " + + partyRepresentative.getOid() + " fehlen.", null, null); + } + } else { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamSubElement, System.out); + partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); + } + partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); + Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() + + ", representationText=" + partyRepresentative.getRepresentationText() + + ")"); + } + + Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); + } + } + + /* + * + */ + private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { + try { + ConnectionParameter connectionParameter = new ConnectionParameter(); + + // parse connection url + String URL = connParamElement.getAttribute("URL"); + connectionParameter.setUrl(URL); + + // accepted server certificates + Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", + nameSpaceNode); + if (accServerCertsNode != null) { + + String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); + Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); + connectionParameter.setAcceptedServerCertificates(serverCertsDir); + } + + // client key store + Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); + if (clientKeyStoreNode != null) { + String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); + connectionParameter.setClientKeyStore(clientKeystore); + } + + // client key store password + Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", + nameSpaceNode); + if (clientKeyStorePasswordNode != null) { + connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); + } + + return connectionParameter; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + } + + public boolean isPartyRepresentative(String representationID) { + if (partyRepresentatives == null) + return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + return pr != null; + } + + public boolean isRepresentingCorporateParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingCorporateParty(); + } + + public boolean isRepresentingPhysicalParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingPhysicalParty(); + } + + public String getRepresentationText(String representationID) { + String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; + if (partyRepresentatives != null) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr != null) { + if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); + } + } + return result; + } + + /** + * @return the input processor classname corresponding to representationID + * @param representationID + * the representation ID. + */ + public String getInputProcessorClass(String representationID) { + String inputProcessorClass = standardInputProcessorClass; + if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorClass = pr.getInputProcessorClass(); + if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; + } + } + return inputProcessorClass; + } + + /** + * @param standardInputProcessorClass the standardInputProcessorClass to set + */ + public void setStandardInputProcessorClass(String standardInputProcessorClass) { + this.standardInputProcessorClass = standardInputProcessorClass; + } + + /** + * @return the InputProcessorTemplate + */ + public String getInputProcessorTemplate(String representationID) { + String inputProcessorTemplate = standardInputProcessorTemplate; + if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorTemplate = pr.getInputProcessorTemplate(); + if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; + } + } + return inputProcessorTemplate; + } + + /** + * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set + */ + public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { + this.standardInputProcessorTemplate = standardInputProcessorTemplate; + } + + /** + * @return the alwaysShowForm + */ + public boolean isAlwaysShowForm() { + return alwaysShowForm; + } + + /** + * @param alwaysShowForm the alwaysShowForm to set + */ + public void setAlwaysShowForm(String alwaysShowForm) { + if (ParepUtils.isEmpty(alwaysShowForm)) { + this.alwaysShowForm = false; + } else { + this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); + } + } + + public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); + if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { + return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); + } + return false; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + + } + + +// public static void main(String[] args) throws Exception { +// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); +// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); +// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); +// Configuration cfg = new Configuration(null); +// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); +//} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -79,6 +79,9 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; /** * Parameters for verifying infoboxes. */ @@ -163,6 +167,15 @@ public class OAAuthParameter extends OAParameter { return templateURL; } + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or null if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + /** * Returns the parameters for verifying additional infoboxes. * @@ -257,6 +270,16 @@ public class OAAuthParameter extends OAParameter { this.templateURL = templateURL; } + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.io.OutputStream; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author Peter Danner + * + */ +public class ServletUtils { + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) + throws MOAIDException, + IOException + { + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID()); + resp.addHeader("Location", dataURL); + + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4cfa6f765..8e8f9583b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -64,6 +64,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth builder.00=Fehler beim Aufbau der Struktur "{0}": {1} builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt +builder.02=Fehler beim Ausblenden von Stammzahlen service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint @@ -156,5 +157,11 @@ validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein. +validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden. +validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden. +validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben. +validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten. +validator.64=Fehler beim Austausch von Vollmachtsdaten +validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden. ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html new file mode 100644 index 000000000..a7608b9b4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -0,0 +1,134 @@ + + + + + +Berufliche Parteieinvertretung + + +Berufliche Parteienvertretung einer natürlichen/juristischen Person +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Vertreter:
Vorname  Dieses Feld muss ausgefüllt sein! +
Name  Dieses Feld muss ausgefüllt sein! +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + - +

+ Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.		 

+ Vetretene Person:
 natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein! Vorname laut ZMR Schreibweise +
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + -  Format: JJJJ-MM-TT +
otional: +
Straße  Straüe laut ZMR Schreibweise +
Hausnmummer  Hausnummer laut ZMR Schreibweise +
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +
Postleitzahl  Postleitzahl laut ZMR Schreibweise +
Gemeinde  Gemeinde laut ZMR Schreibweise +
 
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise +
  Dieses Feld muss ausgefüllt sein! Ordnungsbegriff laut ZMR Schreibweise +
+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+ + +

+ + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html new file mode 100644 index 000000000..acfd9ead6 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -0,0 +1,171 @@ + + + + + + +Berufliche Parteieinvertretung + + + + + + + + + + +
+ + + +
+
E-Gov Logo
+
+

Berufliche Parteienvertretung

+
+
+Bitte beachten Sie +
+
+
+
+ Dieses Feld muss ausgefüllt sein!  Feld muss ausgefüllt sein +
+
+ Hilfe zum Ausfüllen   Ausfüllhilfe +
+
+ Angabe bitte ergänzen oder richtig stellen!   Fehlerhinweis
+
 
+ +

Berufliche Parteienvertretung einer natürlichen/juristischen Person +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Vertreter:
Vorname  Dieses Feld muss ausgefüllt sein! +
Name  Dieses Feld muss ausgefüllt sein! +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + - +

+ Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.		 

+ Vetretene Person:
 natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein! Vorname laut ZMR Schreibweise +
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + -  Format: JJJJ-MM-TT +
otional: +
Straße  Straüe laut ZMR Schreibweise +
Hausnmummer  Hausnummer laut ZMR Schreibweise +
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +
Postleitzahl  Postleitzahl laut ZMR Schreibweise +
Gemeinde  Gemeinde laut ZMR Schreibweise +
 
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise +
  Dieses Feld muss ausgefüllt sein! Ordnungsbegriff laut ZMR Schreibweise +
+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+ + +

+ +
+ + -- cgit v1.2.3 From d19cd318b86feacd77dde2ff344b68f4439461a9 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 18 Oct 2007 15:35:37 +0000 Subject: Show also SZR-gateway communication error 4000 on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1022 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/validator/parep/ParepValidator.java | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index acd193a68..1ed9d89ea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -349,6 +349,7 @@ public class ParepValidator implements InfoboxValidator { if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); response = client.createMandateResponse(requ); } + Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()); if (response.getResultCode()==2000) { if(response.getMandate()==null) { Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); @@ -379,18 +380,22 @@ public class ParepValidator implements InfoboxValidator { } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); - if (response.getResultCode()>4000 && response.getResultCode()<4999) { + if (response.getResultCode()>=4000 && response.getResultCode()<4999) { if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; validationResult.setErrorMessage(errorMsg); - } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) { + } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { // Person not found ParepInputProcessor inputProcessor= getInputProcessor(); - if (response.getResultCode()==3000) { //TODO: verify code - errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben."; - } else { - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - } - + switch (response.getResultCode()) { + case 5230: + errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; + break; + case 5231: + errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; + break; + default: + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + } this.form = inputProcessor.validate(generateParameters(), errorMsg); if (this.form == null) { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); -- cgit v1.2.3 From 2c8075dab2371856fd9f0a3695376932c07189b0 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 18 Oct 2007 22:39:24 +0000 Subject: Removed debug output git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1023 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java | 1 - 1 file changed, 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 1ed9d89ea..79eaf782a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -505,7 +505,6 @@ public class ParepValidator implements InfoboxValidator { try { // Vertretener (erstes Vorkommen) Element mandator = request.getMandator(); - ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml")); if (mandator != null) { if (ParepUtils.isPhysicalPerson(mandator)) { familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); -- cgit v1.2.3 From 114acd7687c92e9f2202536c6172b10266d7e949 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 07:06:49 +0000 Subject: Enabled more debug information git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1024 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 17 ++++++--- .../auth/servlet/ProcessValidatorInputServlet.java | 2 ++ .../validator/parep/ParepInputProcessorImpl.java | 28 +++++++-------- .../id/auth/validator/parep/ParepValidator.java | 33 +++++++++-------- .../resources/templates/ParepMinTemplate.html | 42 +++++++++++----------- .../resources/templates/ParepTemplate.html | 42 +++++++++++----------- 6 files changed, 87 insertions(+), 77 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 75197943f..e23e2bb78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1061,9 +1061,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); - - //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); - + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WritAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml" + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1093,7 +1093,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } - authenticationDataStore.remove(assertionHandle); + boolean keepAssertion = false; + try { + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.KeepAssertion"); + if ((null!=boolStr && boolStr.equalsIgnoreCase("true"))) keepAssertion = true;//Only allowed for debug purposes!!! + } catch (ConfigurationException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); + } + if (!keepAssertion) { + authenticationDataStore.remove(assertionHandle); + } } long now = new Date().getTime(); if (now - authData.getTimestamp().getTime() > authDataTimeOut) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index df480b624..c41e39466 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -62,6 +62,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); @@ -112,6 +113,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index aff5d8a7a..80ef7c304 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -101,37 +101,37 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; String locErrortext = "Folgende Parameter fehlen: "; - String familyName = (String) parameters.get("familyname"); + String familyName = (String) parameters.get("familyname_"); if (null == familyName) familyName =""; - String givenName = (String) parameters.get("givenname"); + String givenName = (String) parameters.get("givenname_"); if (null == givenName) givenName =""; - boolean physical = "true".equals(parameters.get("physical")); - String dobday = (String) parameters.get("dobday"); + boolean physical = "true".equals(parameters.get("physical_")); + String dobday = (String) parameters.get("dobday_"); if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; - String dobmonth = (String) parameters.get("dobmonth"); + String dobmonth = (String) parameters.get("dobmonth_"); if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; - String dobyear = (String) parameters.get("dobyear"); + String dobyear = (String) parameters.get("dobyear_"); if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; String dateOfBirth = ""; dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); dobday = (" ".substring(0, 2-dobday.length()) + dobday); dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; - String cbFullName = (String) parameters.get("fullname"); + String cbFullName = (String) parameters.get("fullname_"); if (null == cbFullName) cbFullName =""; - String cbIdentificationType = (String) parameters.get("cbidentificationtype"); + String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); if (null == cbIdentificationType) cbIdentificationType =""; - String cbIdentificationValue = (String) parameters.get("cbidentificationvalue"); + String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); if (null == cbIdentificationValue) cbIdentificationValue =""; - String postalCode = (String) parameters.get("postalcode"); + String postalCode = (String) parameters.get("postalcode_"); if (null == postalCode) postalCode =""; - String municipality = (String) parameters.get("municipality"); + String municipality = (String) parameters.get("municipality_"); if (null == municipality) municipality =""; - String streetName = (String) parameters.get("streetname"); + String streetName = (String) parameters.get("streetname_"); if (null == streetName) streetName =""; - String buildingNumber = (String) parameters.get("buildingnumber"); + String buildingNumber = (String) parameters.get("buildingnumber_"); if (null == buildingNumber) buildingNumber =""; - String unit = (String) parameters.get("unit"); + String unit = (String) parameters.get("unit_"); if (null == unit) unit =""; if (physical) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 79eaf782a..cfe84dbc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -344,12 +344,11 @@ public class ParepValidator implements InfoboxValidator { response = client.createMandateResponse(requ); } catch (SZRGWClientException e) { // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway..."); client = new SZRGWClient(connectionParameters.getUrl()); if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); response = client.createMandateResponse(requ); } - Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()); + Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); if (response.getResultCode()==2000) { if(response.getMandate()==null) { Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); @@ -525,21 +524,21 @@ public class ParepValidator implements InfoboxValidator { } catch (Exception e) { Logger.error("Could not extract Mandator form SZR-gateway request"); } - parameters.put("familyname", familyName); - parameters.put("givenname", givenName); - parameters.put("dateofbirth", dateOfBirth); - parameters.put("dobyear", dateOfBirth.substring(0,4)); - parameters.put("dobmonth", dateOfBirth.substring(5,7)); - parameters.put("dobday", dateOfBirth.substring(8,10)); - parameters.put("physical", physical ? "true" : "false"); - parameters.put("fullname", cbFullName); - parameters.put("cbidentificationtype", cbIdentificationType); - parameters.put("cbidentificationvalue", cbIdentificationValue); - parameters.put("postalcode", postalCode); - parameters.put("municipality", municipality); - parameters.put("streetname", streetName); - parameters.put("buildingnumber", buildingNumber); - parameters.put("unit", unit); + parameters.put("familyname_", familyName); + parameters.put("givenname_", givenName); + parameters.put("dateofbirth_", dateOfBirth); + parameters.put("dobyear_", dateOfBirth.substring(0,4)); + parameters.put("dobmonth_", dateOfBirth.substring(5,7)); + parameters.put("dobday_", dateOfBirth.substring(8,10)); + parameters.put("physical_", physical ? "true" : "false"); + parameters.put("fullname_", cbFullName); + parameters.put("cbidentificationtype_", cbIdentificationType); + parameters.put("cbidentificationvalue_", cbIdentificationValue); + parameters.put("postalcode_", postalCode); + parameters.put("municipality_", municipality); + parameters.put("streetname_", streetName); + parameters.put("buildingnumber_", buildingNumber); + parameters.put("unit_", unit); return parameters; } diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html index a7608b9b4..40421d7d5 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -17,21 +17,21 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person Vorname  Dieses Feld muss ausgefüllt sein! - + Name  Dieses Feld muss ausgefüllt sein! - + Geburtsdatum  Dieses Feld muss ausgefüllt sein! - - - - - + + - + - @@ -45,25 +45,25 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person Vetretene Person: -  natürliche Person:  +  natürliche Person:  Vorname  Dieses Feld muss ausgefüllt sein! -  Vorname laut ZMR Schreibweise +  Vorname laut ZMR Schreibweise Name  Dieses Feld muss ausgefüllt sein! -  Familienname laut ZMR Schreibweise +  Familienname laut ZMR Schreibweise Geburtsdatum  Dieses Feld muss ausgefüllt sein! - - - - -  Format: JJJJ-MM-TT + + - + -  Format: JJJJ-MM-TT @@ -74,31 +74,31 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person Straße  -  Straüe laut ZMR Schreibweise +  Straüe laut ZMR Schreibweise Hausnmummer  -  Hausnummer laut ZMR Schreibweise +  Hausnummer laut ZMR Schreibweise Einh. Nr.  -  Nutzungseinheitsnummer laut ZMR Schreibweise +  Nutzungseinheitsnummer laut ZMR Schreibweise Postleitzahl  -  Postleitzahl laut ZMR Schreibweise +  Postleitzahl laut ZMR Schreibweise Gemeinde  -  Gemeinde laut ZMR Schreibweise +  Gemeinde laut ZMR Schreibweise @@ -106,28 +106,28 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person   -  juristische Person:  +  juristische Person:  Name  Dieses Feld muss ausgefüllt sein! -  Name der Organisation laut ZMR Schreibweise +  Name der Organisation laut ZMR Schreibweise -   Dieses Feld muss ausgefüllt sein! -  Ordnungsbegriff laut ZMR Schreibweise +  Ordnungsbegriff laut ZMR Schreibweise

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- +

diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index acfd9ead6..eabbea348 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -52,21 +52,21 @@ Bitte beachten Sie Vorname  Dieses Feld muss ausgefüllt sein! - + Name  Dieses Feld muss ausgefüllt sein! - + Geburtsdatum  Dieses Feld muss ausgefüllt sein! - - - - - + + - + - @@ -80,25 +80,25 @@ Bitte beachten Sie Vetretene Person: -  natürliche Person:  +  natürliche Person:  Vorname  Dieses Feld muss ausgefüllt sein! -  Vorname laut ZMR Schreibweise +  Vorname laut ZMR Schreibweise Name  Dieses Feld muss ausgefüllt sein! -  Familienname laut ZMR Schreibweise +  Familienname laut ZMR Schreibweise Geburtsdatum  Dieses Feld muss ausgefüllt sein! - - - - -  Format: JJJJ-MM-TT + + - + -  Format: JJJJ-MM-TT @@ -109,31 +109,31 @@ Bitte beachten Sie Straße  -  Straüe laut ZMR Schreibweise +  Straüe laut ZMR Schreibweise Hausnmummer  -  Hausnummer laut ZMR Schreibweise +  Hausnummer laut ZMR Schreibweise Einh. Nr.  -  Nutzungseinheitsnummer laut ZMR Schreibweise +  Nutzungseinheitsnummer laut ZMR Schreibweise Postleitzahl  -  Postleitzahl laut ZMR Schreibweise +  Postleitzahl laut ZMR Schreibweise Gemeinde  -  Gemeinde laut ZMR Schreibweise +  Gemeinde laut ZMR Schreibweise @@ -141,28 +141,28 @@ Bitte beachten Sie   -  juristische Person:  +  juristische Person:  Name  Dieses Feld muss ausgefüllt sein! -  Name der Organisation laut ZMR Schreibweise +  Name der Organisation laut ZMR Schreibweise -   Dieses Feld muss ausgefüllt sein! -  Ordnungsbegriff laut ZMR Schreibweise +  Ordnungsbegriff laut ZMR Schreibweise

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- +

-- cgit v1.2.3 From 04c84754f2898848a0ac61f4bf2d4412b6600d19 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 07:18:14 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1025 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e23e2bb78..bf5bd70bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1061,7 +1061,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WritAssertionToFile"); + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml" return authData; -- cgit v1.2.3 From 6f2ee1010dac8d42aba52d33a716a91a50f1f136 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 10:04:39 +0000 Subject: Changed language of mandate SAML-attributes git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1026 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../validator/parep/ParepInputProcessorImpl.java | 2 +- .../id/auth/validator/parep/ParepValidator.java | 32 ++++++++-------- .../resources/templates/ParepMinTemplate.html | 36 +++++++++--------- .../resources/templates/ParepTemplate.html | 44 +++++++++++----------- 5 files changed, 58 insertions(+), 58 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bf5bd70bd..bac66eeab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1096,7 +1096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { boolean keepAssertion = false; try { String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.KeepAssertion"); - if ((null!=boolStr && boolStr.equalsIgnoreCase("true"))) keepAssertion = true;//Only allowed for debug purposes!!! + if (null!=boolStr && boolStr.equalsIgnoreCase("true")) keepAssertion = true;//Only allowed for debug purposes!!! } catch (ConfigurationException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 80ef7c304..bfbbaede6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -185,7 +185,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ } if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; if (!ParepUtils.isEmpty(error)) { - error = "
\"  " + error + "
"; + error = "
\"Rufezeichen\"  " + error + "
"; } form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); if (form == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index cfe84dbc2..30a8da50c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -64,7 +64,7 @@ public class ParepValidator implements InfoboxValidator { private String form = null; /** unspecified error of parep-validator (must not know more about)*/ - private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten"; + private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten"; /** Default class to gather remaining mandator data. */ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; @@ -73,17 +73,17 @@ public class ParepValidator implements InfoboxValidator { public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; /** kind of representation text in AUTH block*/ - public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter"; + public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)"; /** Names of the produced SAML-attributes. */ - public final static String EXT_SAML_MANDATE_RAW = "Vollmacht"; - public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName"; - public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum"; - public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; /** register and register number for non physical persons - the domain identifier for business applications*/ - public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; /** * Parses the XML configuration element and creates the validators configuration @@ -112,7 +112,7 @@ public class ParepValidator implements InfoboxValidator { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); try { - Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung."); + Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); this.params = params; Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); @@ -160,7 +160,7 @@ public class ParepValidator implements InfoboxValidator { Configure(this.params.getApplicationSpecificParams()); // check if we have a configured party representative for that if (!parepConfiguration.isPartyRepresentative(representationID)) { - Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } @@ -271,7 +271,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Map parameters) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); Logger.debug("Prüfe im Formular ausgefüllte Daten..."); if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); @@ -282,11 +282,11 @@ public class ParepValidator implements InfoboxValidator { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } - extendedSamlAttributes.clear(); + addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); return validationResult; } @@ -298,7 +298,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); this.form = ""; try { @@ -375,7 +375,7 @@ public class ParepValidator implements InfoboxValidator { validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); @@ -548,9 +548,9 @@ public class ParepValidator implements InfoboxValidator { * name of the mandator has to be set */ private void addAuthBlockExtendedSamlAttributes() { + extendedSamlAttributes.clear(); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); Element mandator = request.getMandator(); - extendedSamlAttributes.clear(); // Name String name = ParepUtils.extractMandatorName(mandator); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html index 40421d7d5..84aaf2072 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -6,7 +6,7 @@ Berufliche Parteieinvertretung -Berufliche Parteienvertretung einer natürlichen/juristischen Person +Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person
@@ -16,19 +16,19 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person Vertreter: - + - + - + - + - - + - + @@ -74,31 +74,31 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person - - - - - @@ -109,8 +109,8 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person - - + @@ -119,8 +119,8 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person -   Dieses Feld muss ausgefüllt sein! - + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index eabbea348..be07400a8 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -22,7 +22,7 @@
E-Gov Logo
-

Berufliche Parteienvertretung

+

Berufsmäßige Parteienvertretung

Bitte beachten Sie @@ -30,16 +30,16 @@ Bitte beachten Sie
- Dieses Feld muss ausgefüllt sein!  Feld muss ausgefüllt sein +Stern  Feld muss ausgefüllt sein
- Hilfe zum Ausfüllen   Ausfüllhilfe +Info  Ausfüllhilfe
- Angabe bitte ergänzen oder richtig stellen!   Fehlerhinweis
+Rufezeichen  Fehlerhinweis
 
-

Berufliche Parteienvertretung einer natürlichen/juristischen Person +

Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person

@@ -51,19 +51,19 @@ Bitte beachten Sie Vertreter:
- + - + - + - + - - + - + @@ -109,31 +109,31 @@ Bitte beachten Sie - - - - - @@ -144,8 +144,8 @@ Bitte beachten Sie - - + @@ -154,8 +154,8 @@ Bitte beachten Sie -   Dieses Feld muss ausgefüllt sein! - + -- cgit v1.2.3 From e517ea48f034566c0da28c76fcf9d8b33988b69e Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 11:55:03 +0000 Subject: Changed party representation process from form based path to security layer path git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1027 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/servlet/ProcessValidatorInputServlet.java | 2 +- .../moa/id/auth/validator/parep/ParepInputProcessorImpl.java | 1 + .../src/main/resources/resources/templates/ParepMinTemplate.html | 5 +++-- .../src/main/resources/resources/templates/ParepTemplate.html | 5 +++-- 4 files changed, 8 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index c41e39466..89834307d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -69,7 +69,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); String outputStream; String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, sessionID); if (infoboxvalidator!=null) { outputStream = infoboxvalidator.getForm(); // replace strings the validators can not know diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index bfbbaede6..1501dad57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -235,6 +235,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ instream = new FileInputStream(fileName); } else { fileName = parepConfiguration.getFullDirectoryName(fileName); + if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); file = new File(fileName); if (file.exists()) { //if this resolves to a file, load it diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html index 84aaf2072..958f486da 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -7,7 +7,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person - +
Vorname  Dieses Feld muss ausgefüllt sein!Vorname Stern
Name  Dieses Feld muss ausgefüllt sein!Name Stern
Geburtsdatum  Dieses Feld muss ausgefüllt sein!Geburtsdatum Stern - - @@ -48,22 +48,22 @@ Berufliche Parteienvertretung einer natürlichen/juristischen Person  natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein!Vorname Stern  Vorname laut ZMR Schreibweise
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise + Name Stern Info
Geburtsdatum  Dieses Feld muss ausgefüllt sein!Geburtsdatum Stern - - -  Format: JJJJ-MM-TT + -  Info
Straße  Straüe laut ZMR Schreibweise +  
Hausnmummer  Hausnummer laut ZMR Schreibweise +  Info
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +  Info
Postleitzahl  Postleitzahl laut ZMR Schreibweise +  Info
Gemeinde  Gemeinde laut ZMR Schreibweise +  Info
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise + Name Stern Info
 Ordnungsbegriff laut ZMR Schreibweise +  Stern Info
Vorname  Dieses Feld muss ausgefüllt sein!Vorname Stern
Name  Dieses Feld muss ausgefüllt sein!Name Stern
Geburtsdatum  Dieses Feld muss ausgefüllt sein!Geburtsdatum Stern - - @@ -83,22 +83,22 @@ Bitte beachten Sie  natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein!Vorname Stern  Vorname laut ZMR Schreibweise
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise + Name Stern Info
Geburtsdatum  Dieses Feld muss ausgefüllt sein!Geburtsdatum Stern - - -  Format: JJJJ-MM-TT + -  Info
Straße  Straüe laut ZMR Schreibweise +  
Hausnmummer  Hausnummer laut ZMR Schreibweise +  Info
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +  Info
Postleitzahl  Postleitzahl laut ZMR Schreibweise +  Info
Gemeinde  Gemeinde laut ZMR Schreibweise +  Info
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise + Name Stern Info
 Ordnungsbegriff laut ZMR Schreibweise +  Stern Info
@@ -127,7 +127,8 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- + +

diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index be07400a8..dc35b644c 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -42,7 +42,7 @@ Bitte beachten Sie

Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person

-
+ @@ -162,7 +162,8 @@ Bitte beachten Sie

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- + +

-- cgit v1.2.3 From 028be490569e4080947f7708f08782f4306503ae Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 13:12:22 +0000 Subject: Fixed path choice on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1028 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../auth/servlet/ProcessValidatorInputServlet.java | 71 +++++++++++++--------- 1 file changed, 42 insertions(+), 29 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 89834307d..e2eda5755 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -124,37 +124,50 @@ public class ProcessValidatorInputServlet extends AuthServlet { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - // Test if we have a user input form sign template - String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); - String inputProcessorSignTemplate = null; - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); - // override template url by url from configuration file - if (oaParam.getInputProcessorSignTemplateURL() != null) { - inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); - } - if (inputProcessorSignTemplateURL != null) { - try { - inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { inputProcessorSignTemplateURL, ex.toString()}, - ex); + String htmlForm = null; + + boolean doInputProcessorSign = false; + String inputProcessorSignForm = req.getParameter("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); + if (doInputProcessorSign) { + // Test if we have a user input form sign template + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + String inputProcessorSignTemplate = null; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); + // override template url by url from configuration file + if (oaParam.getInputProcessorSignTemplateURL() != null) { + inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); + } + if (inputProcessorSignTemplateURL != null) { + try { + inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { inputProcessorSignTemplateURL, ex.toString()}, + ex); + } } + + htmlForm = new GetVerifyAuthBlockFormBuilder().build( + inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); + resp.setContentType("text/html;charset=UTF-8"); + } else { + htmlForm = createXMLSignatureRequestOrRedirect; + resp.setStatus(307); + resp.addHeader("Location", dataURL); + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); } - - - - String htmlForm = new GetVerifyAuthBlockFormBuilder().build( - inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); - - resp.setContentType("text/html;charset=UTF-8"); OutputStream out = resp.getOutputStream(); out.write(htmlForm.getBytes("UTF-8")); -- cgit v1.2.3 From e04b9bd9fc5fce5534d3bdd5f6d9b7fb2d1c1b9b Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 13:26:00 +0000 Subject: Added remark for path choice on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1029 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index e2eda5755..e156ae982 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -126,7 +126,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; - boolean doInputProcessorSign = false; + boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); -- cgit v1.2.3 From d15fb7cedb1215f90fd542679536ee43cfb43ead Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 15:24:13 +0000 Subject: Changed wording in templates git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1030 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../resources/templates/ParepMinTemplate.html | 20 +++++++++---------- .../resources/templates/ParepTemplate.html | 23 +++++++++++----------- 2 files changed, 21 insertions(+), 22 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html index 958f486da..a73ee7df4 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -3,14 +3,14 @@ -Berufliche Parteieinvertretung +Berufsmäßige Parteieinvertretung Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person
- - + + @@ -37,7 +37,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P + Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in deren Namen mit der Bürgerkarte einzuschreiten. @@ -49,7 +49,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P - @@ -68,8 +68,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P - - + @@ -79,7 +78,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P - + @@ -115,7 +114,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P -
Vertreter:

- Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.		  
Vorname Stern Vorname laut ZMR Schreibweise +  Info
otional:optional:
Hausnmummer Hausnummer   Info
-

+


+ diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index dc35b644c..c90709fa5 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -4,7 +4,7 @@ -Berufliche Parteieinvertretung +Berufsmäßige Parteieinvertretung @@ -16,7 +16,7 @@
- + 
@@ -44,8 +44,8 @@ Bitte beachten Sie
- - + + @@ -72,7 +72,7 @@ Bitte beachten Sie + Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in deren Namen mit der Bürgerkarte einzuschreiten. @@ -84,7 +84,7 @@ Bitte beachten Sie - @@ -103,8 +103,7 @@ Bitte beachten Sie - - + @@ -114,7 +113,7 @@ Bitte beachten Sie - + @@ -150,7 +149,7 @@ Bitte beachten Sie - - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index c90709fa5..c7b95f598 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -108,7 +108,7 @@ Bitte beachten Sie - -- cgit v1.2.3 From de1331212b42603ed762ec69c234b32a71fa764d Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 16 Nov 2007 15:18:03 +0000 Subject: Refined Eclipse WTP settings; changed standard configuration git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1041 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../idserverlib/src/main/java/META-INF/MANIFEST.MF | 3 --- .../moa/id/auth/AuthenticationServer.java | 16 ++++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 2 ++ .../auth/builder/GetIdentityLinkFormBuilder.java | 1 - .../auth/servlet/StartAuthenticationServlet.java | 2 +- .../moa/id/config/ConfigurationBuilder.java | 2 ++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 27 ++++++++++++++++++++++ .../resources/properties/id_messages_de.properties | 1 + .../resources/templates/ParepMinTemplate.html | 14 +++++------ .../resources/templates/ParepTemplate.html | 14 +++++------ 10 files changed, 60 insertions(+), 22 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF deleted file mode 100644 index 5e9495128..000000000 --- a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF +++ /dev/null @@ -1,3 +0,0 @@ -Manifest-Version: 1.0 -Class-Path: - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bac66eeab..caeff905b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -265,7 +265,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used - * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateURL URL providing an HTML template for the HTML form generated + * @param scheme determines the protocol used * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder @@ -277,7 +278,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oaURL, String templateURL, String bkuURL, - String sessionID) + String sessionID, + String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (isEmpty(sessionID)) { @@ -322,7 +324,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { - bkuURL = DEFAULT_BKU; + if (scheme!=null && scheme.equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } } session.setBkuURL(bkuURL); session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); @@ -602,6 +608,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // check for party representation in mandates infobox if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + //We need app specific parameters + if (null==verifyInfoboxParameter.getApplicationSpecificParams()) { + throw new ValidateException("validator.66", new Object[] {friendlyName}); + } session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); //ParepUtils.serializeElement(mandate, System.out); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 4f9235949..72f29ed40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -23,6 +23,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** default BKU URL for https connections*/ + public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request"; /** servlet parameter "returnURI" */ public static final String PARAM_RETURN = "returnURI"; /** servlet parameter "Template" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 0d0595b69..9a6c4801f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -95,7 +95,6 @@ public class GetIdentityLinkFormBuilder extends Builder { throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; -// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 9f0cf6606..912b20a0f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -57,7 +57,7 @@ public class StartAuthenticationServlet extends AuthServlet { resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); try { String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 27955602f..d4398102c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -821,6 +821,8 @@ public class ConfigurationBuilder { verifyInfoboxParameter.setSchemaLocations(schemaLocations); } else if (paramName.equals("ApplicationSpecificParameters")) { verifyInfoboxParameter.setApplicationSpecificParams(paramElem); + } else if (paramName.equals("ParepSpecificParameters")) { + verifyInfoboxParameter.appendParepSpecificParams(paramElem); } } // use default values for those parameters not yet set by local configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java index fbd42f975..b64303ce5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -6,9 +6,13 @@ import java.util.List; import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; @@ -121,6 +125,29 @@ public class VerifyInfoboxParameter { applicationSpecificParams_ = applicationSpecificParams; } + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; i Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person -
+
Vertreter:

- Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.		  
Vorname Stern Vorname laut ZMR Schreibweise +  Info
otional:optional:
Hausnmummer Hausnummer   Info
-

- +


+ -- cgit v1.2.3 From eaeae88fff31b34a75fff38fb7f08c6c6415aa3d Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 7 Nov 2007 09:55:40 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1035 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index aed635502..e2a28163f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -76,7 +76,12 @@ public class ParepUtils { nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); if (resultNode != null) { - return resultNode.getTextContent(); + // because following line is not ready for JDK 1.4.x we need to get the childnode; + // return resultNode.getTextContent(); + Node textNode = resultNode.getFirstChild(); + if (textNode != null) { + return textNode.getNodeValue(); + } } return null; } catch (Exception e) { -- cgit v1.2.3 From 99f72fbe280dd652b61660236b5009e547fb76b9 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 9 Nov 2007 09:42:20 +0000 Subject: Mended typo git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1039 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../src/main/resources/resources/templates/ParepMinTemplate.html | 2 +- .../src/main/resources/resources/templates/ParepTemplate.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html index a73ee7df4..61e5adcaa 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -73,7 +73,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P
Straße   +  
Straße   +  
@@ -42,7 +42,7 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P + Vertretene Person: @@ -101,9 +101,9 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P - + - + @@ -124,11 +124,11 @@ Berufsmäßige Parteienvertretung einer natürlichen/juristischen P

- Vetretene Person:
 natürliche Person: 
 
 juristische Person: 
-
-

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- +


diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html index c7b95f598..cd3221b6e 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -42,7 +42,7 @@ Bitte beachten Sie

Berufsmäßige Parteienvertretung einer natürlichen/juristischen Person

-
+ @@ -77,7 +77,7 @@ Bitte beachten Sie + Vertretene Person: @@ -136,9 +136,9 @@ Bitte beachten Sie - + - + @@ -159,11 +159,11 @@ Bitte beachten Sie

- Vetretene Person:
 natürliche Person: 
 
 juristische Person: 
-
-

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

- +


-- cgit v1.2.3 From 4eb6d1fc1018a3e715ef968d2c6683e3e914dd5d Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 21 Nov 2007 12:16:06 +0000 Subject: Extended to can be used with apache commons httpclient 3.1 git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1048 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../client/szrgw/SZRGWSecureSocketFactory.java | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index 41a07d146..de839feba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -4,7 +4,10 @@ import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; + import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; @@ -77,6 +80,32 @@ public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { autoClose ); } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort, + HttpConnectionParams params) + throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException { + + Socket socket = createSocket(host, port, clientHost, clientPort); + if (socket != null) { + // socket.setKeepAlive(false); + if (params.getReceiveBufferSize() >= 0) + socket.setReceiveBufferSize(params.getReceiveBufferSize()); + if (params.getSendBufferSize() >= 0) + socket.setSendBufferSize(params.getSendBufferSize()); + socket.setReuseAddress(true); + if (params.getSoTimeout() >= 0) + socket.setSoTimeout(params.getSoTimeout()); + } + return socket; + + } /** * @see java.lang.Object#equals(java.lang.Object) @@ -91,4 +120,5 @@ public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { public int hashCode() { return SZRGWSecureSocketFactory.class.hashCode(); } + } -- cgit v1.2.3 From 4d92d1f3c7a94df1078583b728fbba20c42fdef6 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 6 Dec 2007 16:34:41 +0000 Subject: Fixed location of CompatibilityMode configuration option for mandates git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1051 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/validator/parep/config/ParepConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index c56555b2e..16daa5452 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -394,7 +394,7 @@ public class ParepConfiguration { } return false; } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); } } -- cgit v1.2.3 From 029b777dfc1bf108ffd8d20b7cbec9988ad4c73a Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 6 Dec 2007 16:47:48 +0000 Subject: Added SessionCleaner which removes sessions began and not picked up SAML-assertions git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1052 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 11 +++++------ .../at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 2 ++ .../resources/resources/properties/id_messages_de.properties | 4 ++-- 3 files changed, 9 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index caeff905b..3457051c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1044,7 +1044,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } else { authData.setBPK(identityLink.getIdentificationValue()); if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online applcation is a public service and we have the Stammzahl + // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); @@ -1202,15 +1202,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { synchronized (authenticationDataStore) { Set keys = new HashSet(authenticationDataStore.keySet()); for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = - (AuthenticationData) authenticationDataStore.get(samlArtifact); + String samlAssertionHandle = (String) iter.next(); + AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlAssertionHandle); if (now - authData.getTimestamp().getTime() > authDataTimeOut) { Logger.info( MOAIDMessageProvider.getInstance().getMessage( "cleaner.03", - new Object[] { samlArtifact })); - authenticationDataStore.remove(samlArtifact); + new Object[] { authData.getAssertionID() })); + authenticationDataStore.remove(samlAssertionHandle); } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 7964e2fb6..dadfc16d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,6 +158,8 @@ public class MOAIDAuthInitializer { .setSecondsAuthDataTimeOut(authDataTimeOut); } + // Starts the session cleaner thread to remove unpicked authentication data + AuthenticationSessionCleaner.start(); } } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 825434b91..552619e45 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -73,8 +73,8 @@ service.03=Fehler beim Aufruf des SPSS-API: {0} cleaner.00=AuthenticationSessionCleaner wurde gestartet cleaner.01=Fehler im AuthenticationSessionCleaner -cleaner.02=MOASession {0} ist abgelaufen -cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen +cleaner.02=Abgelaufene MOASession {0} wurde aus dem Speicher entfernt +cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Speicher entfernt proxy.00=MOA ID Proxy wurde erfolgreich gestartet proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} -- cgit v1.2.3 From 8f74ab07dabef102128bd1244b73c0f4805ed10b Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 15 Jan 2008 17:22:41 +0000 Subject: Changed scope of mandate compatibility mode to be used with all infoboxes git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1054 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3457051c4..5cd03cb18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -606,13 +606,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { "\"-infobox could not be parsed successfully: " + e.getMessage()); throw new ValidateException("validator.43", new Object[] {friendlyName}); } + // set compatibility mode for mandates infobox and all infoboxes (it is possible to be a parep infobox) + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); // check for party representation in mandates infobox if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ //We need app specific parameters if (null==verifyInfoboxParameter.getApplicationSpecificParams()) { throw new ValidateException("validator.66", new Object[] {friendlyName}); } - session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); //ParepUtils.serializeElement(mandate, System.out); String mandateID = ParepUtils.extractRepresentativeID(mandate); -- cgit v1.2.3 From 923c7b6da9eb81500c29e2a68ffc0f4a863d90d7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 15 Jan 2008 17:26:00 +0000 Subject: Minor enhancements git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1056 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parep/client/szrgw/CreateMandateResponse.java | 11 +++- .../parep/client/szrgw/SOAPConstants.java | 19 ++++--- .../validator/parep/client/szrgw/SZRGWClient.java | 7 ++- .../parep/client/szrgw/SZRGWConstants.java | 66 +++++++++++----------- .../validator/parep/config/ParepConfiguration.java | 5 +- 5 files changed, 61 insertions(+), 47 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index 0f6ed8abf..f69a5a739 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -90,7 +90,15 @@ public class CreateMandateResponse { // first check if response is a soap error NodeList list = response.getElementsByTagName("faultstring"); if (list.getLength() > 0) { - throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue()); + String faultCode = ""; + String faultString = ""; + Element snameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); + snameSpaceNode.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + Node faultCodeNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTCODE, snameSpaceNode); + Node faultStringNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTSTRING, snameSpaceNode); + if (faultCodeNode!=null) faultCode = faultCodeNode.getNodeValue(); + if (faultStringNode!=null) faultString = faultStringNode.getNodeValue(); + throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCodeNode + "): " + faultString); } this.mandate = null; @@ -100,7 +108,6 @@ public class CreateMandateResponse { Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); - Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode); if (mandateNode!=null) { this.mandate = (Element) mandateNode; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index d9d248c81..ca914bbab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -11,13 +11,18 @@ public interface SOAPConstants { /* * Namespaces and namespace prefixes for SOAP message handling */ - String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; - String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; - String SOAP_ENV_PREFIX = "soapenv:"; - String SOAP_ENV_POSTFIX = ":soapenv"; + public static final String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + public static final String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; + public static final String SOAP_ENV_PREFIX = "soapenv:"; + public static final String SOAP_ENV_POSTFIX = ":soapenv"; - String ENVELOPE = "Envelope"; - String BODY = "Body"; - String ENCODING_STYLE = "encodingStyle"; + public static final String ENVELOPE = "Envelope"; + public static final String BODY = "Body"; + public static final String FAULT = "Fault"; + public static final String ENCODING_STYLE = "encodingStyle"; + + public static final String XPATH_SOAP_FAULT = "/" + SOAP_ENV_PREFIX + ENVELOPE + "/" + SOAP_ENV_PREFIX + BODY + "/" + SOAP_ENV_PREFIX + FAULT; + public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()"; + public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 1e6dc1039..22f3cfffd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -3,9 +3,10 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; -import java.security.Security; +import java.io.File; import javax.net.ssl.SSLSocketFactory; + import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.protocol.Protocol; @@ -13,7 +14,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; @@ -101,17 +101,18 @@ public class SZRGWClient { soapBody.appendChild(doc.importNode(reqElem, true)); Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + //ParepUtils.saveElementToFile(requestElement, new File("c:/szrRequest.xml")); ByteArrayOutputStream bos = new ByteArrayOutputStream(); ParepUtils.serializeElementAsDocument(requestElement, bos); method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); - client.executeMethod(method); CreateMandateResponse response = new CreateMandateResponse(); bos = new ByteArrayOutputStream(); doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/szrResponse.xml")); response.parse(doc.getDocumentElement()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 4f815f1e7..006b2b9f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -8,44 +8,44 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; public interface SZRGWConstants { //PersonData - String PD_PREFIX = "pr:"; - String PD_POSTFIX = ":pr"; - String PERSON = "Person"; - String PHYSICALPERSON = "PhysicalPerson"; - String CORPORATEBODY = "CorporateBody"; - String IDENTIFICATION = "Identification"; - String VALUE = "Value"; - String TYPE = "Type"; - String NAME = "Name"; - String GIVENNAME = "GivenName"; - String FAMILYNAME = "FamilyName"; - String DATEOFBIRTH = "DateOfBirth"; - String FULLNAME = "FullName"; - String ORGANIZATION = "Organization"; + public static final String PD_PREFIX = "pr:"; + public static final String PD_POSTFIX = ":pr"; + public static final String PERSON = "Person"; + public static final String PHYSICALPERSON = "PhysicalPerson"; + public static final String CORPORATEBODY = "CorporateBody"; + public static final String IDENTIFICATION = "Identification"; + public static final String VALUE = "Value"; + public static final String TYPE = "Type"; + public static final String NAME = "Name"; + public static final String GIVENNAME = "GivenName"; + public static final String FAMILYNAME = "FamilyName"; + public static final String DATEOFBIRTH = "DateOfBirth"; + public static final String FULLNAME = "FullName"; + public static final String ORGANIZATION = "Organization"; - String POSTALADDRESS = "PostalAddress"; - String DELIVERYADDRESS = "DeliveryAddress"; - String MUNICIPALITY = "Municipality"; - String POSTALCODE = "PostalCode"; - String STREETNAME = "StreetName"; - String BUILDINGNUMBER = "BuildingNumber"; - String UNIT = "Unit"; + public static final String POSTALADDRESS = "PostalAddress"; + public static final String DELIVERYADDRESS = "DeliveryAddress"; + public static final String MUNICIPALITY = "Municipality"; + public static final String POSTALCODE = "PostalCode"; + public static final String STREETNAME = "StreetName"; + public static final String BUILDINGNUMBER = "BuildingNumber"; + public static final String UNIT = "Unit"; //String ADDRESS = "Address"; //String COUNTRYCODE = "CountryCode"; //String DOORNUMBER = "DoorNumber"; // SZR-gateway constants - String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; - String SZRGW_PREFIX = "sgw:"; - String SZRGW_POSTFIX = ":sgw"; - String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; - String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; - String ERROR_RESPONSE = "ErrorResponse"; - String MANDATOR = "Mandator"; - String REPRESENTATIVE = "Representative"; - String MANDATE = "Mandate"; - String MANDATE_PREFIX = "md:"; - String MANDATE_POSTFIX = ":md"; + public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + public static final String SZRGW_PREFIX = "sgw:"; + public static final String SZRGW_POSTFIX = ":sgw"; + public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + public static final String ERROR_RESPONSE = "ErrorResponse"; + public static final String MANDATOR = "Mandator"; + public static final String REPRESENTATIVE = "Representative"; + public static final String MANDATE = "Mandate"; + public static final String MANDATE_PREFIX = "md:"; + public static final String MANDATE_POSTFIX = ":md"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index 16daa5452..e3a09b7dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -195,7 +195,7 @@ public class ParepConfiguration { this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); } - Logger.debug("Lade Konfiguration der Parteienvertreter"); + Logger.trace("Lade Konfiguration der Parteienvertreter"); NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { @@ -233,7 +233,7 @@ public class ParepConfiguration { partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); } partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); - Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() + ", representationText=" + partyRepresentative.getRepresentationText() + ")"); @@ -386,6 +386,7 @@ public class ParepConfiguration { public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { try { + if (configElement==null) return false; Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); -- cgit v1.2.3 From 95ea616c2d342cd29daaeb4f098e89204f8fc6d9 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 16 Jan 2008 10:45:11 +0000 Subject: Changed error message on general soap errors git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1057 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/validator/parep/client/szrgw/CreateMandateResponse.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index f69a5a739..e64a857d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,9 +1,6 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; -import java.io.FileInputStream; -import java.util.Hashtable; import org.apache.xpath.XPathAPI; -import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -98,7 +95,7 @@ public class CreateMandateResponse { Node faultStringNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTSTRING, snameSpaceNode); if (faultCodeNode!=null) faultCode = faultCodeNode.getNodeValue(); if (faultStringNode!=null) faultString = faultStringNode.getNodeValue(); - throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCodeNode + "): " + faultString); + throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCode + "): " + faultString); } this.mandate = null; -- cgit v1.2.3 From b1c951bd4c125f52123d4a6947f459b505f8beb1 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 27 Mar 2008 07:36:10 +0000 Subject: Added trace logs, resolved link issues in documentation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1062 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/AuthenticationServer.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5cd03cb18..c49cc41c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -19,6 +19,7 @@ import java.util.Vector; import javax.xml.transform.TransformerException; +import org.apache.axis.AxisFault; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -72,7 +73,9 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; @@ -863,6 +866,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp!=null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils.serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + // validates the VerifyXMLSignatureResponseValidator.getInstance().validate( vsresp, -- cgit v1.2.3 From 3bbc64da1cd1a70fd255442574b354dad49bf3ed Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 3 Jun 2008 12:37:28 +0000 Subject: Changes for load balancing and szr-gateway communication git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1082 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 55 ++++++++++++++-------- .../parep/client/szrgw/CreateMandateRequest.java | 29 ++++++++++-- .../parep/client/szrgw/SZRGWConstants.java | 2 + 3 files changed, 63 insertions(+), 23 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 27e19e830..b5d18b451 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -4,6 +4,9 @@ import java.io.ByteArrayOutputStream; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; /** @@ -15,6 +18,11 @@ import at.gv.egovernment.moa.util.Base64Utils; */ public class SAMLArtifactBuilder { + /** + * The generic configuration parameter for an alternative SourceID. + */ + private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + /** * Constructor for SAMLArtifactBuilder. */ @@ -36,25 +44,34 @@ public class SAMLArtifactBuilder { * @return the 42-byte SAML artifact, encoded BASE64 */ public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID; + // alternative sourceId + String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + if (!ParepUtils.isEmpty(alternativeSourceID)) { + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + } else { + sourceID = md.digest(authURL.getBytes()); + } + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index fe8e263ff..3077ba185 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -6,6 +6,7 @@ import java.util.List; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -204,11 +205,31 @@ public class CreateMandateRequest { Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); // representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); // representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + //Old Version 0.0.1 of SZR-Gateway +// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); +// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); +// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); - representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); - representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - + //New since version 0.0.2 of SZR-Gateway: + // we need to send an identity link and must replace its identification value + representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true)); + try { + Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode); + if (identificationValueElement != null) { + identificationValueElement.setTextContent(identificationValue); + } + Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode); + if (identificationTypeElement != null) { + identificationTypeElement.setTextContent(identificationType); + } + } catch (Exception e) { + throw new SZRGWClientException("validator.63", null); + } this.representative = representativeElem; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 006b2b9f2..cc0cc4862 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -10,6 +10,8 @@ public interface SZRGWConstants { //PersonData public static final String PD_PREFIX = "pr:"; public static final String PD_POSTFIX = ":pr"; + public static final String SAML_PREFIX = "saml:"; + public static final String SAML_POSTFIX = ":saml"; public static final String PERSON = "Person"; public static final String PHYSICALPERSON = "PhysicalPerson"; public static final String CORPORATEBODY = "CorporateBody"; -- cgit v1.2.3 From 65791156815dd5cee7b7c55fb12e7926ff519edc Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 3 Jun 2008 14:03:49 +0000 Subject: Changes for load balancing and szr-gateway communication git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1083 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parep/client/szrgw/CreateMandateRequest.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index 3077ba185..789cb7dd3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -219,13 +219,17 @@ public class CreateMandateRequest { nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); - Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode); - if (identificationValueElement != null) { - identificationValueElement.setTextContent(identificationValue); + Node identificationValueNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value/text()", nameSpaceNode); + if (identificationValueNode != null) { + identificationValueNode.setNodeValue(identificationValue); + } else { + throw new SZRGWClientException("validator.63", null); } - Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode); - if (identificationTypeElement != null) { - identificationTypeElement.setTextContent(identificationType); + Node identificationTypeNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type/text()", nameSpaceNode); + if (identificationTypeNode != null) { + identificationTypeNode.setNodeValue(identificationType); + } else { + throw new SZRGWClientException("validator.63", null); } } catch (Exception e) { throw new SZRGWClientException("validator.63", null); -- cgit v1.2.3 From c6060a2fb6adae58ff8e865448d07bcc2b702ebb Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 27 Aug 2008 17:15:09 +0000 Subject: Removed invalid source file headers. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1086 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/config/proxy/ProxyConfigurationBuilder.java | 27 ---------------------- 1 file changed, 27 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index f578ea634..8c5119013 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -1,30 +1,3 @@ -// Copyright (C) 2002 IAIK -// http://jce.iaik.tugraz.at -// -// Copyright (C) 2007 Stiftung Secure Information and -// Communication Technologies SIC -// http://www.sic.st -// -// All rights reserved. -// -// This source is provided for inspection purposes and recompilation only, -// unless specified differently in a contract with IAIK. This source has to -// be kept in strict confidence and must not be disclosed to any third party -// under any circumstances. Redistribution in source and binary forms, with -// or without modification, are permitted in any case! -// -// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -// SUCH DAMAGE. - package at.gv.egovernment.moa.id.config.proxy; import java.io.ByteArrayInputStream; -- cgit v1.2.3 From afcd856e186b9fd5d8dfcb0f3e6f3599ca920b51 Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 28 Aug 2008 07:55:59 +0000 Subject: Added copyright and license header to all java source files. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1087 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/AuthenticationException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/BuildException.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/ECDSAConverterException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/MOAIDException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/ParseException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/ServiceException.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/AuthenticationServer.java | 15 +++++++++++++++ .../moa/id/auth/AuthenticationSessionCleaner.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/WrongParametersException.java | 15 +++++++++++++++ .../id/auth/builder/AuthenticationAssertionBuilder.java | 15 +++++++++++++++ .../auth/builder/AuthenticationBlockAssertionBuilder.java | 15 +++++++++++++++ .../auth/builder/AuthenticationDataAssertionBuilder.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/builder/Builder.java | 15 +++++++++++++++ .../builder/CertInfoVerifyXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../id/auth/builder/CreateXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/builder/DataURLBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/GetIdentityLinkFormBuilder.java | 15 +++++++++++++++ .../id/auth/builder/GetVerifyAuthBlockFormBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/InfoboxReadRequestBuilder.java | 15 +++++++++++++++ .../id/auth/builder/InfoboxValidatorParamsBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/PersonDataBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SAMLResponseBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SelectBKUFormBuilder.java | 15 +++++++++++++++ .../id/auth/builder/VerifyXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../moa/id/auth/data/AuthenticationSession.java | 15 +++++++++++++++ .../moa/id/auth/data/CreateXMLSignatureResponse.java | 15 +++++++++++++++ .../moa/id/auth/data/ExtendedSAMLAttribute.java | 15 +++++++++++++++ .../moa/id/auth/data/ExtendedSAMLAttributeImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/IdentityLink.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/InfoboxToken.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidationResult.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidationResultImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidatorParams.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidatorParamsImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/auth/data/Schema.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/SchemaImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/VerifyXMLSignatureResponse.java | 15 +++++++++++++++ .../moa/id/auth/invoke/SignatureVerificationInvoker.java | 15 +++++++++++++++ .../id/auth/parser/CreateXMLSignatureResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/ErrorResponseParser.java | 15 +++++++++++++++ .../id/auth/parser/ExtendedInfoboxReadResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/IdentityLinkAssertionParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/InfoboxReadResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/SAMLArtifactParser.java | 15 +++++++++++++++ .../id/auth/parser/VerifyXMLSignatureResponseParser.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/servlet/AuthServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/ConfigurationServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/GetAuthenticationDataService.java | 15 +++++++++++++++ .../moa/id/auth/servlet/ProcessValidatorInputServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/servlet/SelectBKUServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/StartAuthenticationServlet.java | 15 +++++++++++++++ .../id/auth/servlet/VerifyAuthenticationBlockServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 15 +++++++++++++++ .../validator/CreateXMLSignatureResponseValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/IdentityLinkValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/InfoboxValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/ValidateException.java | 15 +++++++++++++++ .../validator/VerifyXMLSignatureResponseValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepInputProcessor.java | 15 +++++++++++++++ .../id/auth/validator/parep/ParepInputProcessorImpl.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepUtils.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/PartyRepresentative.java | 15 +++++++++++++++ .../parep/client/szrgw/CreateMandateRequest.java | 15 +++++++++++++++ .../parep/client/szrgw/CreateMandateResponse.java | 15 +++++++++++++++ .../auth/validator/parep/client/szrgw/SOAPConstants.java | 15 +++++++++++++++ .../id/auth/validator/parep/client/szrgw/SZRGWClient.java | 15 +++++++++++++++ .../parep/client/szrgw/SZRGWClientException.java | 15 +++++++++++++++ .../auth/validator/parep/client/szrgw/SZRGWConstants.java | 15 +++++++++++++++ .../parep/client/szrgw/SZRGWSecureSocketFactory.java | 15 +++++++++++++++ .../auth/validator/parep/config/ParepConfiguration.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationException.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationProvider.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/config/ConnectionParameter.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/config/OAParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/AuthConfigurationProvider.java | 15 +++++++++++++++ .../egovernment/moa/id/config/auth/OAAuthParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/VerifyInfoboxParameters.java | 15 +++++++++++++++ .../egovernment/moa/id/config/proxy/OAConfiguration.java | 15 +++++++++++++++ .../egovernment/moa/id/config/proxy/OAProxyParameter.java | 15 +++++++++++++++ .../moa/id/config/proxy/ProxyConfigurationBuilder.java | 15 +++++++++++++++ .../moa/id/config/proxy/ProxyConfigurationProvider.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/data/AuthenticationData.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/data/Cookie.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/data/CookieManager.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/data/IssuerAndSerial.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/data/SAMLStatus.java | 15 +++++++++++++++ .../moa/id/iaik/config/CertStoreConfigurationImpl.java | 15 +++++++++++++++ .../egovernment/moa/id/iaik/config/LoggerConfigImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/PKIConfigurationImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/RevocationConfigurationImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/ValidationConfigurationImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java | 15 +++++++++++++++ .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java | 15 +++++++++++++++ .../moa/id/iaik/servertools/observer/ObservableImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/ConnectionBuilderFactory.java | 15 +++++++++++++++ .../moa/id/proxy/DefaultConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/DefaultLoginParameterResolver.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/ElakConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/EnhancedConnectionBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/LoginParameterResolver.java | 15 +++++++++++++++ .../moa/id/proxy/LoginParameterResolverException.java | 15 +++++++++++++++ .../moa/id/proxy/LoginParameterResolverFactory.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/MOAIDProxyInitializer.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/proxy/NotAllowedException.java | 15 +++++++++++++++ .../id/proxy/XMLLoginParameterResolverEncryptedData.java | 15 +++++++++++++++ .../moa/id/proxy/XMLLoginParameterResolverPlainData.java | 15 +++++++++++++++ .../moa/id/proxy/builder/SAMLRequestBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/invoke/GetAuthenticationDataInvoker.java | 15 +++++++++++++++ .../proxy/parser/AuthenticationDataAssertionParser.java | 15 +++++++++++++++ .../moa/id/proxy/parser/SAMLResponseParser.java | 15 +++++++++++++++ .../moa/id/proxy/servlet/ConfigurationServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/servlet/ProxyException.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/util/AxisSecureSocketFactory.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/util/ECDSAConstants.java | 15 +++++++++++++++ .../egovernment/moa/id/util/ECDSAKeyValueConverter.java | 15 +++++++++++++++ .../egovernment/moa/id/util/HTTPRequestJSPForwarder.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/util/HTTPUtils.java | 15 +++++++++++++++ .../moa/id/util/InOrderServletRequestWrapper.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/util/MOAIDMessageProvider.java | 15 +++++++++++++++ .../egovernment/moa/id/util/ParameterInOrderFilter.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/util/Random.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/util/ServletUtils.java | 15 +++++++++++++++ 134 files changed, 2010 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java index 96a5e0673..86ecc96d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java index 785dce7a3..fc14afec5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java index 682395a83..6b78fb214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java index bce2c4778..40a52c8d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; import java.io.PrintStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java index a5e0088d9..29d0bbfa5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java index 9e6ab2361..57e0a7807 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index c49cc41c6..971fbcef2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 7e5ed6ec7..8c06f7961 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 72f29ed40..5aa1bf45e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index dadfc16d6..6ececb8f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 3ce2798ea..398a6731d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 241cf0afc..b99ee2472 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 60cd11ed6..f9d8e7091 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 11628517e..2e1c608a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index cc228298b..c2c43b7bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java index 3a2ee07de..2cd1370c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 06c81f49e..f4481453b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index e9a9f308d..290dc429a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 30cc1df5a..4048f3c0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 9a6c4801f..2e1132d32 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java index c053ee896..a94c705a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index c2bafe43b..030c68d48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index e70b64a6a..18744e5f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 819ed79bb..ee578fe43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index b5d18b451..f0e9c7484 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 64cb16181..2978b54a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java index 312179e73..a291d24df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 758f28150..ffe4ad9b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import javax.xml.parsers.DocumentBuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 946f0a9c4..969e628f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java index d121f2c55..81dc2f736 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java index 795079227..aa3c937b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index e7e490924..2646377e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 844451035..0c8dbc455 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java index 6b1f24aba..88fb201ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java index f1ff30a8a..0f9e85eeb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java index b8dd7f18e..4591d8bf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java index 97f52fb55..d2e7a2847 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index 01b9d9359..a52e57b13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 3747fa93b..e2acab73c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java index 76ba6366d..d0c2de8f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java index c113f16b8..9caed16b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java index 964725416..9cd2de975 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index de636b6cf..881dbdf94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index a18cf7322..7042c7721 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.invoke; import java.util.Vector; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index a8b870f04..74bad617c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index e3c54095d..b2082786c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index e493f07fb..574dd811e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index d8a57fd2f..f9c268715 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index e59c88ddc..954488173 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java index 7c4c01abe..c4a02676c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 995c9aba5..5e085b751 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import iaik.utils.Base64InputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 96e8e6dd6..76b131258 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index f33377547..be8b5e272 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index 0ea858a71..0e3aae185 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.util.Calendar; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index e156ae982..894b05428 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 6e2a932d8..78c028767 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 912b20a0f..961511ee7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index b81107ff2..43947f6f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index b9d8f8c75..329749e96 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e0fd67d64..99c49ca09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index 444f706e4..1c9b66124 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 74e61e076..e6b05d852 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java index a6685fca8..abb430450 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index d5650b897..bc7db72f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import iaik.asn1.structures.Name; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java index 58c28161f..5fb30d1ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 1501dad57..6d46a9a1a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index e2a28163f..a8e22562a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 30a8da50c..2a0126b82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java index d6b71ad83..641bfaad4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index 789cb7dd3..25c3d7199 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index e64a857d1..f19c21513 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import org.apache.xpath.XPathAPI; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index ca914bbab..eaf07da13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 22f3cfffd..6c367594b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java index 11aaf289b..25390dc0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index cc0cc4862..476573ec0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index de839feba..af66ca331 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index e3a09b7dd..de3496374 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index d4398102c..d22fef5e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import iaik.pki.pathvalidation.ChainingModes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java index 2ebec0398..e5e6c1f55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index e65c47bad..3c1612ef6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index 30b09cfe0..9193a591e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 19a27b463..b55164eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b4af6592c..fc988f161 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 132bebce3..c095d9fc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java index b64303ce5..114b5b0fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java index 15c0c328c..fae42f100 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.util.Hashtable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java index d25cb3b2b..b7ed82977 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index 83ab73dcd..2f8691f70 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import at.gv.egovernment.moa.id.config.ConnectionParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index 8c5119013..f67349a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 572ce5708..fbd6474bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 4fc35c1e6..ad1944211 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.Date; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java index 6ed133c5a..81eb59652 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.HashMap; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java index 1762a52b7..9c67b4ca0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java index a47dd8b29..fa718341c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java index ed61827b6..43c0c4405 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index c338e96fc..56c567890 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java index 3cd02a2b5..311a18feb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.logging.LogConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java index b41de3c44..327503355 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import at.gv.egovernment.moa.id.config.ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java index fff75775d..6f4de4ce1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.revocation.RevocationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java index c500e2e8e..9bb1f8ed7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.pathvalidation.ValidationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java index 3c37706e1..16101571e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.pki; import java.security.cert.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java index 9da006d35..15634ef84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.pki.jsse; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java index 8f36ac5c0..2165816f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.servertools.observer; import iaik.pki.store.observer.NotificationData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java index 731212ef8..8a8a55442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java index ff7787839..5ea2c1f86 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 151b1cec3..34a1f389b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 3df76656b..d13a6829c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 909e2d51e..bc39044ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index f934ab80b..49affe745 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index b47389950..2b087ff1f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java index 3aa2368bf..7f42a64fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index 8edd23438..ff7451143 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 3f615b01c..f34da55b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java index 849160a7b..aff4e3a78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 9bfd9de9b..b16bd417f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import iaik.security.provider.IAIK; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index aedafdf85..2183278c3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index e0e1fde4a..28bf04e6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index f7e5299ab..3b6ea273f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.invoke; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 6bf5da02b..b051fe182 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java index 9f77578fd..9c50990cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index 4ab2e2cf7..38db17f10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java index 0080c010e..993f4b935 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 6d215c35e..543b33879 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java index 954a87e62..201f6df19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.io.BufferedWriter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java index c5dad8bc4..565442335 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 20.01.2005 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index 6fb78edb7..d1beaab98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import iaik.security.ecc.ecdsa.ECDSAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java index 7c4731555..076df34ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 17.02.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 035c47eb9..0e9208362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index 4330133f0..20f811e39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 01.10.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java index d31aa6ec1..0503e6bc9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.util.Locale; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java index 3f5fddba2..1e31397ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index da75b4213..225a5e246 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.util.Date; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 9fa0803c4..5f8e95925 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import iaik.pki.PKIConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index a4a89e183..7fa3fe8f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ -- cgit v1.2.3 From 527f2ec316c6d67498ed6dfe37a95218a2ab6f54 Mon Sep 17 00:00:00 2001 From: spuchmann Date: Mon, 15 Sep 2008 07:33:53 +0000 Subject: raised version to 1.4.4 moved licenses to root folder fixed Bug 332 and 333 slVersion changed from 1.1 to 1.2 (MOA-ID-Configuration-1.4.4.xsd) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1091 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 290dc429a..fe73ce16b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -46,7 +46,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { " <{3}:SignatureEnvironment>" + nl + " <{4}:XMLContent>{0}" + nl + " " + nl + - " <{3}:SignatureLocation Index=''2''>/saml:Assertion" + nl + + " <{3}:SignatureLocation xmlns:saml=''" + SAML_NS_URI + "'' Index=''2''>/saml:Assertion" + nl + " " + nl + ""; -- cgit v1.2.3 From eb00b32adb0b6eecd08137164c26cb56e4da0849 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 15 Apr 2009 13:55:28 +0000 Subject: Removed duplicated setting of Content-Type during stream copying process git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1097 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 543b33879..8e1767916 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -107,7 +107,7 @@ public class ProxyServlet extends HttpServlet { /** Name of the Attribute for user binding */ private static final String ATT_OA_USER_BINDING = "UserBinding"; /** For extended internal debug messages */ - private static final boolean INTERNAL_DEBUG = false; + private static final boolean INTERNAL_DEBUG = false; /** Message to be given if browser login failed */ private static final String RET_401_MSG = "Ein Fehler ist aufgetreten

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

Fehler bei der Anmeldung.
Prüfen Sie bitte ihre Berechtigung.
Abbruch durch den Benutzer.

"; @@ -610,7 +610,8 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map resp.setStatus(conn.getResponseCode()); - resp.setContentType(conn.getContentType()); + //Issue by Gregor Karlinger - content type was annotated twice + //resp.setContentType(conn.getContentType()); if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue); -- cgit v1.2.3 From aebb5cd04d43b25b8d65237ba49fddf5f5dd1a8c Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 7 Jul 2009 14:27:40 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1114 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../iaik/config/RevocationConfigurationImpl.java | 4 +++ .../moa/id/proxy/DefaultConnectionBuilder.java | 23 ++++++++++------- .../moa/id/proxy/ElakConnectionBuilder.java | 29 ++++++++++++---------- .../moa/id/proxy/EnhancedConnectionBuilder.java | 16 ++++++------ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 5 ++-- 5 files changed, 46 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java index 6f4de4ce1..cedaf2ccc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -48,4 +48,8 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return false; } + public Integer getCrlRetentionInterval(String arg0) { + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 34a1f389b..a742a0aae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -32,8 +32,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; +//import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -96,12 +96,14 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + + // JSSE-Abhängigkeit + /*if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); if (cbDisableHostnameVerification) httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } + }*/ return conn; } @@ -151,14 +153,17 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { + + // JSSE Abhängigkeit + //private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } +//JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index bc39044ac..c8c1e85d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -38,8 +38,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; +//import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -198,12 +198,13 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (cbDisableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } + // JSSE Abhängigkeit +// if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { +// HttpsURLConnection httpsConn = (HttpsURLConnection) conn; +// httpsConn.setSSLSocketFactory(sslSocketFactory); +// if (cbDisableHostnameVerification) +// httpsConn.setHostnameVerifier(new HostnameNonVerifier()); +// } return conn; } @@ -251,14 +252,16 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { +//JSSE Abhängigkeit +// private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } +//JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 49affe745..9ce1e3c8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -31,7 +31,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HostnameVerifier; import HTTPClient.HttpURLConnection; import HTTPClient.HTTPConnection; @@ -160,16 +160,18 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { + // JSSE Abhängigkeit + //private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } - + // JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } +// /** * Removes parameters from the query-URL recursively * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 5f8e95925..bf38c40d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -68,8 +68,9 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + // JSSE Abhängigkeit +// Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); +// System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); } /** -- cgit v1.2.3 From 4c7661af6d16a8b598a11548a1df61d526b86b4d Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 9 Jul 2009 12:52:53 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1115 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java | 5 +++++ .../java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 76b131258..ddd1df628 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -75,11 +75,16 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { req.setAttribute("ErrorMessage", errorMessage ); } + if (null != exceptionThrown) { if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); Logger.error(errorMessage, exceptionThrown); req.setAttribute("ExceptionThrown", exceptionThrown); } + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 8e1767916..b986d7c2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -842,7 +842,11 @@ protected void handleError( Logger.error(errorMessage, exceptionThrown); //req.setAttribute("ExceptionThrown", exceptionThrown); } - + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } + //forward this to errorpage-proxy.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); -- cgit v1.2.3 From 27be7994027944015c290e41e688e8723965bd48 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 26 Aug 2009 11:00:54 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1139 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/AuthServlet.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index ddd1df628..0656d37d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -161,10 +161,26 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { if (item.isFormField()) { // Process only form fields - no file upload items + String logString = item.getString("UTF-8"); + + // TODO use RegExp + String startS = ""; + String endS = "urn:publicid:gv.at:baseid"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, logString.length()); + } + } parameters.put(item.getFieldName(), item.getString("UTF-8")); Logger.debug("Processed multipart/form-data request parameter: \nName: " + item.getFieldName() + "\nValue: " + - item.getString("UTF-8")); + logWithMaskedBaseid); } } } -- cgit v1.2.3 From afa2a5ca9f92e81b594e8f29d9588d5e8690fba8 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 17 Sep 2009 09:45:46 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1145 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/proxy/DefaultConnectionBuilder.java | 34 ++++++++++-------- .../moa/id/proxy/ElakConnectionBuilder.java | 40 ++++++++++++---------- .../moa/id/proxy/EnhancedConnectionBuilder.java | 25 ++++++++------ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 8 +++-- 4 files changed, 62 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index a742a0aae..7f0dfe509 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -19,21 +19,22 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URL; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; import java.util.Iterator; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.URLEncoder; + -//import com.sun.net.ssl.HostnameVerifier; -//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -97,13 +98,14 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE-Abhängigkeit - /*if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + // JSSE Abhängigkeit + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); if (cbDisableHostnameVerification) httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - }*/ + } + return conn; } @@ -155,15 +157,19 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { */ // JSSE Abhängigkeit - //private class HostnameNonVerifier implements HostnameVerifier { - + private class HostnameNonVerifier implements HostnameVerifier { + + public boolean verify(String hostname, SSLSession session) { + return true; + } + + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ -//JSSE Abhängigkeit -// public boolean verify(String arg0, String arg1) { -// return true; -// } -// } + /*public boolean verify(String arg0, String arg1) { + return true; + }*/ + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index c8c1e85d9..6810c9223 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -18,17 +18,15 @@ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; - -import com.ibm.webdav.HTTPHeaders; -import com.ibm.webdav.protocol.URLStreamHandlerFactory; -import com.ibm.webdav.protocol.http.WebDAVURLConnection; -import java.util.StringTokenizer; import java.net.URL; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; import java.net.URLStreamHandler; import java.util.Iterator; +import java.util.StringTokenizer; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -37,9 +35,10 @@ import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +import com.ibm.webdav.protocol.http.WebDAVURLConnection; -//import com.sun.net.ssl.HostnameVerifier; -//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -199,12 +198,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); // JSSE Abhängigkeit -// if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { -// HttpsURLConnection httpsConn = (HttpsURLConnection) conn; -// httpsConn.setSSLSocketFactory(sslSocketFactory); -// if (cbDisableHostnameVerification) -// httpsConn.setHostnameVerifier(new HostnameNonVerifier()); -// } + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } return conn; } @@ -253,15 +252,20 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ //JSSE Abhängigkeit -// private class HostnameNonVerifier implements HostnameVerifier { + private class HostnameNonVerifier implements HostnameVerifier { - /** + public boolean verify(String hostname, SSLSession session) { + // TODO Auto-generated method stub + return true; + } + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ -//JSSE Abhängigkeit // public boolean verify(String arg0, String arg1) { // return true; // } -// } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 9ce1e3c8e..4af2561b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -21,20 +21,19 @@ import java.net.URLStreamHandler; import java.util.Iterator; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; +import HTTPClient.HTTPConnection; +import HTTPClient.HttpURLConnection; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -//import com.sun.net.ssl.HostnameVerifier; -import HTTPClient.HttpURLConnection; -import HTTPClient.HTTPConnection; - /** * Outlook Web Access (OWA) Implementierung von ConnectionBuilder. @@ -161,17 +160,21 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ // JSSE Abhängigkeit - //private class HostnameNonVerifier implements HostnameVerifier { + private class HostnameNonVerifier implements HostnameVerifier { - /** + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - // JSSE Abhängigkeit -// public boolean verify(String arg0, String arg1) { + public boolean verify(String hostname, SSLSession session) { + return true; + } + +// public boolean verify(String arg0, String arg1) { // return true; // } -// } -// + + } + /** * Removes parameters from the query-URL recursively * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index bf38c40d9..e287e7118 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,6 +20,7 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -69,8 +70,11 @@ public class SSLUtils { public static void initialize() { sslSocketFactories = new HashMap(); // JSSE Abhängigkeit -// Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); -// System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + + } /** -- cgit v1.2.3 From 68af85701b6f797b0d662b89b95e043ee949defd Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 2 Jul 2010 07:14:41 +0000 Subject: Merged branch 1.4.7_MOASP_TSL back into trunk. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 417 +++++++++++++++++++-- .../moa/id/auth/MOAIDAuthConstants.java | 4 + .../moa/id/auth/WrongParametersException.java | 8 +- .../AuthenticationBlockAssertionBuilder.java | 81 +++- .../CreateXMLSignatureRequestBuilderForeign.java | 126 +++++++ .../InfoboxReadRequestBuilderCertificate.java | 94 +++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 62 +++ .../moa/id/auth/data/AuthenticationSession.java | 16 +- .../id/auth/data/CreateXMLSignatureResponse.java | 32 +- .../parser/CreateXMLSignatureResponseParser.java | 26 ++ .../id/auth/parser/InfoboxReadResponseParser.java | 51 +++ .../moa/id/auth/servlet/AuthServlet.java | 1 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 287 ++++++++++++++ .../auth/servlet/ProcessValidatorInputServlet.java | 9 +- .../moa/id/auth/servlet/SelectBKUServlet.java | 12 + .../auth/servlet/StartAuthenticationServlet.java | 25 +- .../servlet/VerifyAuthenticationBlockServlet.java | 13 +- .../id/auth/servlet/VerifyCertificateServlet.java | 286 ++++++++++++++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 57 ++- .../CreateXMLSignatureResponseValidator.java | 116 +++--- .../client/szrgw/CreateIdentityLinkResponse.java | 27 ++ .../validator/parep/client/szrgw/SZRGWClient.java | 133 ++++++- .../moa/id/config/ConfigurationBuilder.java | 50 ++- .../moa/id/config/ConnectionParameter.java | 9 + .../gv/egovernment/moa/id/config/OAParameter.java | 24 ++ .../moa/id/config/TargetToSectorNameMapper.java | 67 ++++ .../moa/id/config/TargetsAndSectorNames.java | 194 ++++++++++ .../id/config/auth/AuthConfigurationProvider.java | 19 + .../moa/id/config/auth/OAAuthParameter.java | 86 +++-- .../moa/id/proxy/DefaultConnectionBuilder.java | 3 +- .../id/proxy/DefaultLoginParameterResolver.java | 5 +- .../moa/id/proxy/ElakConnectionBuilder.java | 4 +- .../moa/id/proxy/EnhancedConnectionBuilder.java | 7 +- .../moa/id/proxy/servlet/ProxyServlet.java | 6 +- .../moa/id/util/ParamValidatorUtils.java | 158 ++++++++ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 8 +- .../gv/egovernment/moa/id/util/ServletUtils.java | 29 ++ .../resources/properties/id_messages_de.properties | 1 + 38 files changed, 2352 insertions(+), 201 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 971fbcef2..fcaa4f053 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -19,7 +19,6 @@ import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.File; -import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -34,7 +33,6 @@ import java.util.Vector; import javax.xml.transform.TransformerException; -import org.apache.axis.AxisFault; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -90,7 +88,6 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; @@ -176,9 +173,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); @@ -193,7 +190,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); } else { if (!isEmpty(target)) { Logger.info("Ignoring target parameter thus application type is \"businessService\""); @@ -220,7 +217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // bkuSelectionType==HTMLSelect String bkuSelectTag; try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); + bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); } catch (Throwable ex) { throw new AuthenticationException( "auth.11", @@ -273,9 +270,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Creates an HTML form for querying the identity link from the * security layer implementation. *
    Form parameters include - *
      + *
        *
      • the <InfoboxReadRequest>
        • - *
      • the data URL where the security layer implementation sends it response to
        • + *
      • the data URL where the security layer implementation sends it response to
        • *
      *
    * @param authURL URL of the servlet to be used as data URL @@ -302,7 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(sessionID)) { if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) String boolStr = @@ -311,7 +308,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); } AuthenticationSession session; OAAuthParameter oaParam; @@ -327,7 +324,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.00", new Object[] { oaURL }); if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); } else { target = null; } @@ -411,8 +408,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Verifies all additional infoboxes returned from the BKU
    • *
  • Creates an authentication block to be signed by the user
    • *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the - * security layer implementation
    • + * containg the authentication block, meant to be returned to the + * security layer implementation * * * @param sessionID ID of associated authentication session data @@ -441,6 +438,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.01", new Object[] { sessionID }); session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2)) + CharSequence se = "ErrorCode>2911".substring(0); + boolean b = xmlInfoboxReadResponse.contains(se); + if (b) { // no identity link found + Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID."); + return null; + } + // spezifikationsgemäßer (SL1.2) Errorcode + se = "ErrorCode>4002"; + b = xmlInfoboxReadResponse.contains(se); + if (b) { // Unbekannter Infoboxbezeichner + Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); + return null; + } + // parses the IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); @@ -495,6 +509,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + //BZ.., calculate bPK for signing to be already present in AuthBlock + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + identityLink.setIdentificationValue(bpkBase64); + } + //..BZ + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); @@ -513,6 +539,186 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } + /** + * Returns a CreateXMLSignatureRequest for the foreign ID.
    + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU + * @param cert The certificate of the foreign ID + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + + return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + //BZ.., calculate bPK for signing to be already present in AuthBlock +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK( +// identityLink.getIdentificationValue(), +// session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// } + //..BZ + + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session); +// session.setAuthBlock(authBlock); + // builds the + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, + oaParam.getKeyBoxIdentifier(), + transformsInfos, + oaParam.getSlVersion12()); + return createXMLSignatureRequest; +} + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
    + *
      + *
    • Validates given <CreateXMLSignatureResponse>
      • + *
    • Parses response enclosed in <CreateXMLSignatureResponse>
      • + *
    • Verifies signature by calling the MOA SP component
      • + *
    • Returns the signer certificate
      • + *
    + * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from + * the BKU including the <CreateXMLSignatureResponse> + */ + public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + + String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE); + + System.out.println(xmlCreateXMLSignatureResponse); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthenticationSession session = getSession(sessionID); + /*if (session.getTimestampIdentityLink() != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID });*/ + //session.setTimestampIdentityLink(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p.parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().buildDsig( + createXMLSignatureResponse, authConf.getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + + //int code = verifyXMLSignatureResponse.getSignatureCheckCode(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
    + *
      + *
    • Validates given <CreateXMLSignatureResponse>
      • + *
    • Parses response enclosed in <CreateXMLSignatureResponse>
      • + *
    • Verifies signature by calling the MOA SP component
      • + *
    • Returns the signer certificate
      • + *
    + * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from + * the BKU including the <ReadInfoboxResponse> + */ + public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + + String xmlReadInfoboxResponse = (String)readInfoboxResponseParameters.get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser(xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + /** * Builds an authentication block <saml:Assertion> from given session data. * @param session authentication session @@ -523,16 +729,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); + + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); + //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + //String oaURL = session.getPublicOAURLPrefix(); + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock( issuer, @@ -824,19 +1033,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Validates given <CreateXMLSignatureResponse>
    • *
  • Parses <CreateXMLSignatureResponse> for error codes
    • *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • + * <CreateXMLSignatureResponse> *
  • Verifies authentication block by calling the MOA SP component
    • *
  • Creates authentication data
    • *
  • Creates a corresponding SAML artifact
    • *
  • Stores authentication data in the authentication data store - * indexed by the SAML artifact
    • + * indexed by the SAML artifact *
  • Deletes authentication session
    • *
  • Returns the SAML artifact, encoded BASE64
    • * * * @param sessionID session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse String representation of the - * <CreateXMLSignatureResponse> + * <CreateXMLSignatureResponse> * @return SAML artifact needed for retrieving authentication data, encoded BASE64 */ public String verifyAuthenticationBlock( @@ -851,9 +1060,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { ValidateException { if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses @@ -874,11 +1083,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output - + // invokes the call Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); // debug output - + // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); @@ -1015,6 +1224,150 @@ public class AuthenticationServer implements MOAIDAuthConstants { "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } + + /** + * Gets the foreign authentication data.
    + *
      + *
    • Creates authentication data
      • + *
    • Creates a corresponding SAML artifact
      • + *
    • Stores authentication data in the authentication data store + * indexed by the SAML artifact
      • + *
    • Deletes authentication session
      • + *
    • Returns the SAML artifact, encoded BASE64
      • + *
    + * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String getForeignAuthenticationData( + String sessionID) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + AuthenticationSession session = getSession(sessionID); + //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + try { + String serializedAssertion = DOMUtils.serializeNode(session.getIdentityLink().getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session.getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getForeignSignerCertificate(); + vsresp.setX509certificate(cert); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + } + /** * Builds the AuthenticationData object together with the * corresponding <saml:Assertion> @@ -1076,13 +1429,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setWBPK(identityLink.getIdentificationValue()); } else { authData.setBPK(identityLink.getIdentificationValue()); + + //BZ.., calculation of bPK already before sending AUTHBlock + /* if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); authData.setBPK(bpkBase64); - } + }*/ + } String ilAssertion = oaParam.getProvideIdentityLink() @@ -1186,7 +1543,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param id Session ID * @return AuthenticationSession created * @exception AuthenticationException - * thrown when an AuthenticationSession is running + * thrown when an AuthenticationSession is running * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 5aa1bf45e..88859dc3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -54,6 +54,10 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */ + public static final String REQ_GET_FOREIGN_ID = "GetForeignID"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */ + public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 398a6731d..f4827c189 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -29,8 +29,10 @@ public class WrongParametersException extends MOAIDException { /** * Constructor */ - public WrongParametersException(String call, String parameter) { - super("auth.05", new Object[] {call, parameter}); + public WrongParametersException(String call, String parameter, String errorID) { + super(errorID, new Object[] {call, parameter}); + //super("auth.5", new Object[] {call, parameter}); + //super("auth.12", new Object[] {call, parameter}); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index f9d8e7091..d684c16c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -18,11 +18,21 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.List; +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication block <saml:Assertion> @@ -66,6 +76,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " " + NL + " " + NL; + + private static String PR_IDENTIFICATION_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " {1}" + NL + + " " + NL; + /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ @@ -123,20 +140,72 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; + + //BZ.., reading OA parameters + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + //..BZ + + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { - // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator - gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); - wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + + //BZ.., adding type of wbPK domain identifier + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); + //..BZ + } else { - // We do not have a wbPK, therefore no SAML-Attribute is provided - session.setSAMLAttributeGebeORwbpk(false); + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); } } else { - gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + // OA is a govermental application + //BZ.. + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); + //..BZ + + //BZ.., no business service, adding bPK + + Element bpkSamlValueElement; + try { + bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement(); + } catch (Exception e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(bpkAttribute); + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + //..BZ } + //BZ.., adding friendly name of OA + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + //..BZ + String assertion; try { assertion = MessageFormat.format( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java new file mode 100644 index 000000000..9227d5303 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -0,0 +1,126 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + + +/** + * Builder for CreateXMLSignatureRequest to sign data from a foreign + * eID card. + * + */ + +public class CreateXMLSignatureRequestBuilderForeign extends Builder { + + /** special tag in the XML template to be substituted for the KeyboxIdentifier */ + private static final String KEYBOXID_TAG = ""; + /** special tag in the XML template to be substituted for the content */ + private static final String XMLCONTENT_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_XML_TEMPLATE = + "" + + "" + + "" + KEYBOXID_TAG + "" + + "" + + "" + + "" + XMLCONTENT_TAG + "" + + "" + + "" + + "" + + "text/plain" + + "" + + "" + + "" + + ""; + + /** default HTML template */ + private static final String DEFAULT_XHTML_TEMPLATE = + "" + + "" + + "" + KEYBOXID_TAG + "" + + "" + + "" + + "" + XMLCONTENT_TAG + "" + + "" + + "" + + "" + + "application/xhtml+xml" + + "" + + "" + + "" + + ""; + + /** + * Constructor for CreateXMLSignatureRequestBuilderForeign. + */ + public CreateXMLSignatureRequestBuilderForeign() { + super(); + } + /** + * Builds the XML request. + * + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String keyboxIdentifier, + String xmlContent) + throws BuildException + { + String xmlRequest = DEFAULT_XHTML_TEMPLATE; + xmlRequest = replaceTag(xmlRequest, KEYBOXID_TAG, keyboxIdentifier, true, ALL); + //htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + xmlRequest = replaceTag(xmlRequest, XMLCONTENT_TAG, xmlContent, true, ALL); + return xmlRequest; + } + /** + * Encodes a string for inclusion as a parameter in the form. + * Double quotes are substituted by "&quot;". + * @param s the string to be encoded + * @return the string encoded + * @throws BuildException on any exception encountered + */ + public static String encodeParameter(String s) throws BuildException { + StringReader in = new StringReader(s); + StringWriter out = new StringWriter(); + try { + for (int ch = in.read(); ch >= 0; ch = in.read()) { + if (ch == '"') + out.write("""); + else if (ch == '<') + out.write("<"); + else if (ch == '>') + out.write(">"); + else if (ch == 'ä') + out.write("ä"); + else if (ch == 'ö') + out.write("ö"); + else if (ch == 'ü') + out.write("ü"); + else if (ch == 'Ä') + out.write("Ä"); + else if (ch == 'Ö') + out.write("Ö"); + else if (ch == 'Ü') + out.write("Ü"); + else if (ch == 'ß') + out.write("ß"); + else + out.write(ch); + } + } + catch (IOException ex) { + throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); + } + return out.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java new file mode 100644 index 000000000..60feb7d2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java @@ -0,0 +1,94 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $ + */ +public class InfoboxReadRequestBuilderCertificate implements Constants { + + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilderCertificate() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * + * @return <InfoboxReadRequest> as String + */ + public String build(boolean slVersion12) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>Certificates"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":AssocArrayParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>"); + sb.append(""); + sb.append(""); + + return sb.toString(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index ffe4ad9b6..a14d0325f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -217,5 +217,67 @@ public class VerifyXMLSignatureRequestBuilder { return requestElem_; } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed data with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element buildDsig( + CreateXMLSignatureResponse csr, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + + // insert the dsig:Signature + xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 969e628f4..eca02a77b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -15,6 +15,8 @@ */ package at.gv.egovernment.moa.id.auth.data; +import iaik.x509.X509Certificate; + import java.util.ArrayList; import java.util.Date; import java.util.Iterator; @@ -87,7 +89,11 @@ public class AuthenticationSession { * service or not */ private boolean businessService; - + + /** + * Signer certificate of the foreign citizen + */ + private X509Certificate signerCertificate; /** * SAML attributes from an extended infobox validation to be appended * to the SAML assertion delivered to the final online application. @@ -149,6 +155,14 @@ public class AuthenticationSession { infoboxValidators = new ArrayList(); } + public X509Certificate getForeignSignerCertificate() { + return signerCertificate; + } + + public void setForeignSignerCertificate(X509Certificate signerCertificate) { + this.signerCertificate = signerCertificate; + } + /** * Returns the identityLink. * @return IdentityLink diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java index 81dc2f736..fc3831161 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -1,18 +1,3 @@ -/* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; @@ -35,6 +20,11 @@ private SAMLAttribute[] samlAttributes; * the original saml:Assertion-Element */ private Element samlAssertion; + + /** + * the original dsig:Signature-Element + */ + private Element dsigSignature; /** * Returns the samlAssertion. * @return Element @@ -43,6 +33,14 @@ public Element getSamlAssertion() { return samlAssertion; } +/** + * Returns the dsig:Signature + * @return Element + */ +public Element getDsigSignature() { + return dsigSignature; +} + /** * Returns the samlAttribute. * @return SAMLAttribute[] @@ -67,6 +65,10 @@ public void setSamlAssertion(Element samlAssertion) { this.samlAssertion = samlAssertion; } +public void setDsigSignature(Element dsigSignature) { + this.dsigSignature = dsigSignature; +} + /** * Sets the samlAttribute. * @param samlAttributes The samlAttributes to set diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index 74bad617c..d5b6f9aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.List; import org.w3c.dom.Element; +import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.AuthenticationException; @@ -129,6 +130,31 @@ public class CreateXMLSignatureResponseParser { throw new ParseException("parser.01", new Object[] { t.toString()}, t); } } + + /** + * Unmarshalls the <@link sigResponse> to an + * <CreateXMLSignatureResponse> object. + * + * @return a <CreateXMLSignatureResponse> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponseDsig() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + + NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + Element dsigSignatureNode = (Element) list.item(0); + + Element dsigSignatureElement = (Element) dsigSignatureNode; + cResp.setDsigSignature(dsigSignatureElement); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } /** * Unmarshalls the <@link sigResponse> to an diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 954488173..b53a1a2dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -15,17 +15,31 @@ */ package at.gv.egovernment.moa.id.auth.parser; +import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.security.cert.CertificateException; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.axis.encoding.Base64; +import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; +import com.sun.org.apache.xpath.internal.XPathAPI; + /** * Parses an <InfoboxReadResponse>. * @@ -175,6 +189,43 @@ public class InfoboxReadResponseParser { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); return ilParser.parseIdentityLink(); } + + /** + * Returns the certificate given in the InfoboxReadResponse + * @return + * @throws ParseException + */ + public X509Certificate parseCertificate() throws ParseException { + try { + DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element nameSpaceNode = doc.createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI); + + Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode); + + if (base64ContentElement == null) { + throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."}); + } + + String base64Content = DOMUtils.getText(base64ContentElement); + + // Decode Base64 value to X509Certificate + byte[] content = Base64.decode(base64Content); + return new X509Certificate(content); + + } catch (ParserConfigurationException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (TransformerException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (CertificateException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 0656d37d3..bff0a3fca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -123,6 +123,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * Logs all servlet parameters for debugging purposes. */ protected void logParameters(HttpServletRequest req) { + //@TODO Parameter? for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { String parname = (String)params.nextElement(); Logger.debug("Parameter " + parname + req.getParameter(parname)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java new file mode 100644 index 000000000..0599c79bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -0,0 +1,287 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateEncodingException; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.axis.encoding.Base64; +import org.apache.commons.fileupload.FileUploadException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class GetForeignIDServlet extends AuthServlet { + + /** + * Constructor for GetForeignIDServlet. + */ + public GetForeignIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET GetForeignIDServlet"); + + + } + + /** + * Verifies the identity link and responds with a new + * CreateXMLSignatureRequest. + *
    + * Request parameters: + *
      + *
    • MOASessionID: ID of associated authentication session
      • + *
    • XMLResponse: <InfoboxReadResponse>
      • + *
    + * Response: + *
      + *
    • Content type: "text/xml"
      • + *
    • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
      • + *
    • Error status: 500 + *
    + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetForeignIDServlet"); + + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + String redirectURL = null; + X509Certificate cert = null; + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); + +// Element signature = AuthenticationServer.getInstance().getDsigElement +// (sessionID, parameters); + +// if (signature == null) { + if (cert == null) { + handleError("Error retrieving signature from foreign eID card.", null, req, resp); + } + else { + + // make SZR request + //Element samlAssertion = getIdentityLink(signature); + Element samlAssertion = getIdentityLink(cert); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + + } + catch (ParseException ex) { + handleError(null, ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + catch (SZRGWClientException ex) { + handleError(null, ex, req, resp); + } + } + + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + /** + * Does the request to the SZR-GW + * @param givenname + * @param familyname + * @param dateofbirth + * @return Identity link assertion + * @throws SZRGWClientException + */ + /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ + private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; + Logger.debug("Connection Parameters: " + connectionParameters); + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (GeneralSecurityException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (PKIException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + + + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + + } + // create request + Document doc = buildGetIdentityLinkRequest(cert); + Element request = doc.getDocumentElement(); + CreateIdentityLinkResponse response = null; + + //try { + response = client.createIdentityLinkResponse(request); + //} catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + // client = new SZRGWClient(url); + // response = client.createIdentityLinkResponse(request); + // } + + + return response.getAssertion(); + + } + + /** + * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW + * @param givenname + * @param familyname + * @param birthday + * @return + */ + private static Document buildGetIdentityLinkRequest(X509Certificate cert) { + + try { + byte[] certbyte = cert.getEncoded(); + String certstring = Base64.encode(certbyte); + + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); + doc.appendChild(getIdentityLink); + + Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); + getIdentityLink.appendChild(x509certificate); + Text certbase64 = doc.createTextNode(certstring); + x509certificate.appendChild(certbase64); + + return doc; + } catch (ParserConfigurationException e) { + e.printStackTrace(); + } catch (CertificateEncodingException e) { + e.printStackTrace(); + } + return null; + + } + + /** + * Checks a parameter. + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 894b05428..317af3e06 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -73,7 +73,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); - } + } String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); @@ -124,7 +124,8 @@ public class ProcessValidatorInputServlet extends AuthServlet { } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); - } + } + //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); @@ -142,13 +143,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed + //@TODO Parameter String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); if (doInputProcessorSign) { - // Test if we have a user input form sign template + // Test if we have a user input form sign template + //@TODO Parameter String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); String inputProcessorSignTemplate = null; OAAuthParameter oaParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 78c028767..09b3ae15f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -74,6 +75,7 @@ public class SelectBKUServlet extends AuthServlet { authURL = authURL.concat(":" + req.getServerPort()); } authURL = authURL.concat(req.getContextPath() + "/"); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); @@ -84,6 +86,16 @@ public class SelectBKUServlet extends AuthServlet { resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); try { + + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + + String returnValue = AuthenticationServer.getInstance().selectBKU( authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 961511ee7..8165f90f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(":" + req.getServerPort()); } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); + + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - try { + + + try { + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 43947f6f0..824df9ca8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -16,9 +16,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.util.Iterator; import java.util.Map; -import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; @@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } + //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java new file mode 100644 index 000000000..c9c1e794d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -0,0 +1,286 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateEncodingException; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.axis.encoding.Base64; +import org.apache.commons.fileupload.FileUploadException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class VerifyCertificateServlet extends AuthServlet { + + /** + * Constructor for VerifyCertificateServlet. + */ + public VerifyCertificateServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyCertificateServlet"); + + + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and + * responds with a new + * CreateXMLSignatureRequest. + *
    + * Request parameters: + *
      + *
    • MOASessionID: ID of associated authentication session
      • + *
    • XMLResponse: <InfoboxReadResponse>
      • + *
    + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyCertificateServlet"); + + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + //@TODO Parameter + String sessionID = req.getParameter(PARAM_SESSIONID); + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + + System.out.println(cert); + + String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); + + System.out.println(createXMLSignatureRequest); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_GET_FOREIGN_ID, + session.getSessionID()); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + +// Logger.debug("Send CreateXMLSignatureRequest to BKU"); +// String keyboxIdentifier = "SecureSignatureKeypair"; +// //String keyboxIdentifier = "CertifiedKeypair"; +// String xmlContent = " " + +// "CreateXMLSignatureRequest" + +// ""; + request += ""; + request += ""; + request += "

    Authentication Data:

    "; + request += "

    Personal Data

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    Name:"; + request += subject; + request += "
    "; + request += "

    Application Data

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    Name:"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "
    Country:Austria
    "; + request += "

    Technical Parameters

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += ""; + request += ""; + request += ""; + request += ""; + } + else { + // OA is publicservice + request += ""; + request += ""; + request += ""; + request += ""; + + } + + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    URL:"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "
    "; + request += identifierType + ":"; + request += ""; + request += identifier; + request += "
    "; + request += "Sector:"; + request += target + " (" + sectorName + ")"; + request += "
    Date:"; + request += date; + request += "
    Time:"; + request += time; + request += "
    "; + + request += "

    I hereby request to access this e-government application by using my " + + "domestic electronic identity.
    " + + "I further affirm that I am not yet registered with the Austrian Central " + + "Residents Registry and that I am not obliged to register with the Austrian " + + "Central Residents Registry according to Austrian law.
    " + + "In the event I am not yet registered with the Supplementary Register, I " + + "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + + "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

    "; + + request += ""; + request += ""; + + request += ""; + request += ""; + request += ""; + request += ""; + request += "application/xhtml+xml"; + request += ""; + request += ""; + request += ""; + request += ""; + + return request; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 0599c79bd..c2de2e3e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,38 +1,31 @@ package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; -import iaik.x509.X509Certificate; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.cert.CertificateEncodingException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String redirectURL = null; - X509Certificate cert = null; AuthenticationSession session = null; try { // check parameter @@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); - -// Element signature = AuthenticationServer.getInstance().getDsigElement -// (sessionID, parameters); + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + Logger.debug(xmlCreateXMLSignatureResponse); + + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig(); -// if (signature == null) { - if (cert == null) { - handleError("Error retrieving signature from foreign eID card.", null, req, resp); + Element signature = csresp.getDsigSignature(); + + // make SZR request to the identity link + CreateIdentityLinkResponse response = getIdentityLink(signature); + + if (response.isError()) { + throw new SZRGWClientException(response.getError()); } else { - - // make SZR request - //Element samlAssertion = getIdentityLink(signature); - Element samlAssertion = getIdentityLink(cert); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); - IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); - - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - } - catch (ParseException ex) { - handleError(null, ex, req, resp); + Element samlAssertion = response.getAssertion(); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } catch (MOAIDException ex) { handleError(null, ex, req, resp); @@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet { /** * Does the request to the SZR-GW - * @param givenname - * @param familyname - * @param dateofbirth + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException { - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + throw new SZRGWClientException(e); + } catch (GeneralSecurityException e) { + throw new SZRGWClientException(e); + } catch (PKIException e) { + throw new SZRGWClientException(e); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } - return response.getAssertion(); + + return response; } @@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet { * @param birthday * @return */ - private static Document buildGetIdentityLinkRequest(X509Certificate cert) { - - try { - byte[] certbyte = cert.getEncoded(); - String certstring = Base64.encode(certbyte); - - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); - doc.appendChild(getIdentityLink); - - Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); - getIdentityLink.appendChild(x509certificate); - Text certbase64 = doc.createTextNode(certstring); - x509certificate.appendChild(certbase64); - - return doc; - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } - return null; - - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } +// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { +// +// try { +// byte[] certbyte = cert.getEncoded(); +// String certstring = Base64.encode(certbyte); +// +// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// Document doc = builder.newDocument(); +// +// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); +// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); +// doc.appendChild(getIdentityLink); +// +// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); +// getIdentityLink.appendChild(x509certificate); +// Text certbase64 = doc.createTextNode(certstring); +// x509certificate.appendChild(certbase64); +// +// return doc; +// } catch (ParserConfigurationException e) { +// e.printStackTrace(); +// } catch (CertificateEncodingException e) { +// e.printStackTrace(); +// } +// return null; +// +// } +// +// /** +// * Checks a parameter. +// * @param param parameter +// * @return true if the parameter is null or empty +// */ +// private boolean isEmpty(String param) { +// return param == null || param.length() == 0; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 8165f90f8..2430095b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); - + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 824df9ca8..8ae951dda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9c1e794d..1b96ce8a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); AuthenticationSession session = null; try { @@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - System.out.println(cert); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); - - System.out.println(createXMLSignatureRequest); - + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); // build dataurl (to the GetForeignIDSerlvet) - String dataurl = + String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_GET_FOREIGN_ID, session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); -// Logger.debug("Send CreateXMLSignatureRequest to BKU"); -// String keyboxIdentifier = "SecureSignatureKeypair"; -// //String keyboxIdentifier = "CertifiedKeypair"; -// String xmlContent = " " + -// "CreateXMLSignatureRequest" + -// ""; + +// request += ""; request += ""; request += ""; request += "

    Authentication Data:

    "; @@ -151,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; request += ""; - request += ""; request += ""; @@ -160,21 +166,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "
    Name:"; + request += ""; request += subject; request += "
    "; request += ""; request += ""; - request += ""; request += ""; request += ""; request += ""; - request += ""; + request += ""; request += ""; request += "
    Name:"; + request += ""; // friendlyname from OA request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); request += "
    Country:AustriaAustria
    "; request += "

    Technical Parameters

    "; request += ""; request += ""; request += ""; - request += ""; @@ -188,7 +194,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; - request += ""; request += ""; @@ -198,7 +204,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += ""; request += ""; @@ -207,19 +213,19 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += ""; request += ""; request += ""; request += ""; - request += ""; request += ""; request += "
    URL:"; + request += ""; //public URL prefix from OA request += oaParam.getPublicURLPrefix(); request += ""; request += identifierType + ":"; request += ""; + request += ""; request += identifier; request += "
    "; request += "Sector:"; + request += ""; request += target + " (" + sectorName + ")"; request += "
    Date:"; + request += ""; request += date; request += "
    Time:"; + request += ""; request += time; request += "
    "; - request += "

    I hereby request to access this e-government application by using my " + + request += "

    I hereby request to access this e-government application by using my " + "domestic electronic identity.
    " + "I further affirm that I am not yet registered with the Austrian Central " + "Residents Registry and that I am not obliged to register with the Austrian " + -- cgit v1.2.3 From 7848a953758fe645da5abc16eb8abff1fdc11da8 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 27 Jul 2010 20:15:31 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1177 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 34 ++++++++++++++++++++-- .../moa/id/auth/MOAIDAuthConstants.java | 5 +++- .../builder/VerifyXMLSignatureRequestBuilder.java | 1 + .../id/auth/servlet/VerifyIdentityLinkServlet.java | 2 ++ .../id/auth/validator/IdentityLinkValidator.java | 3 ++ .../VerifyXMLSignatureResponseValidator.java | 1 + 6 files changed, 43 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 01c6a512f..103274c29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,10 +15,14 @@ */ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -32,10 +36,13 @@ import java.util.Map; import java.util.Set; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import org.xml.sax.SAXException; +import HTTPClient.Util; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -431,6 +438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); + if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); @@ -455,8 +463,30 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); return null; } - - // parses the + + // for testing new identity link certificate +// xmlInfoboxReadResponse = null; +// try { +// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); +// FileInputStream fis; +// +// fis = new FileInputStream(file); +// byte[] array = Utils.readFromInputStream(fis); +// +// xmlInfoboxReadResponse = new String(array); +// System.out.println(xmlInfoboxReadResponse); +// +// } catch (FileNotFoundException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (UtilsException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } + + + + // parses the IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); // validates the identity link diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 88859dc3f..84f8f6985 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -86,7 +86,10 @@ public interface MOAIDAuthConstants { */ public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", - "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission", + "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index a14d0325f..2c97f01ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -131,6 +131,7 @@ public class VerifyXMLSignatureRequestBuilder { Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + for (int i = 0; i < dsigTransforms.length; i++) { Element verifyTransformsInfoProfileElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 1fc5013f3..ba3e2141b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -106,6 +106,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + Logger.debug(createXMLSignatureRequestOrRedirect); if (createXMLSignatureRequestOrRedirect == null) { // no identity link found diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index 1c9b66124..baaa21db2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -155,6 +155,9 @@ public class IdentityLinkValidator implements Constants { if (attributeValue==null) attributeValue = (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); if (attributeValue == null) throw new ValidateException("validator.02", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index bc7db72f4..affa95c2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -124,6 +124,7 @@ public class VerifyXMLSignatureResponseValidator { catch (RFC2253NameParserException e) { throw new ValidateException("validator.17", null); } + System.out.println("subjectDN: " + subjectDN); // check the authorisation to sign the identity link if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { // subject DN check failed, try OID check: -- cgit v1.2.3 From 2055901cfa1622e18249528878b760d492522a50 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 28 Jul 2010 18:19:42 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1180 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 5 +++-- .../main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 103274c29..6b6f48646 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -465,6 +465,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // for testing new identity link certificate + // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample // xmlInfoboxReadResponse = null; // try { // File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); @@ -474,7 +475,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // byte[] array = Utils.readFromInputStream(fis); // // xmlInfoboxReadResponse = new String(array); -// System.out.println(xmlInfoboxReadResponse); +// //System.out.println(xmlInfoboxReadResponse); // // } catch (FileNotFoundException e) { // // TODO Auto-generated catch block @@ -483,7 +484,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // // TODO Auto-generated catch block // e.printStackTrace(); // } - +// // parses the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 84f8f6985..0e361ee57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -86,9 +86,7 @@ public interface MOAIDAuthConstants { */ public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", - "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission", - "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; - //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; -- cgit v1.2.3 From 63994a018a74808e6124e45e32a970c9a24410ee Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 26 Aug 2010 13:49:48 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1186 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 12 ++++++------ .../gv/egovernment/moa/id/auth/WrongParametersException.java | 2 +- .../main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6b6f48646..8de82a8d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -181,9 +181,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); @@ -198,7 +198,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { if (!isEmpty(target)) { Logger.info("Ignoring target parameter thus application type is \"businessService\""); @@ -307,7 +307,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(sessionID)) { if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) String boolStr = @@ -316,7 +316,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); } AuthenticationSession session; OAAuthParameter oaParam; @@ -332,7 +332,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.00", new Object[] { oaURL }); if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { target = null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index f4827c189..720bb9bb0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -31,7 +31,7 @@ public class WrongParametersException extends MOAIDException { */ public WrongParametersException(String call, String parameter, String errorID) { super(errorID, new Object[] {call, parameter}); - //super("auth.5", new Object[] {call, parameter}); + //super("auth.05", new Object[] {call, parameter}); //super("auth.12", new Object[] {call, parameter}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a50a366a5..c40c07b38 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,6 +20,7 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -70,9 +71,9 @@ public class SSLUtils { public static void initialize() { sslSocketFactories = new HashMap(); // JSSE Abhängigkeit - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - //Security.addProvider(new IAIK()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); } -- cgit v1.2.3 From 9419526705fcc60555a686c3c91bc45d06efe739 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 24 Jan 2011 13:51:25 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1194 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/util/InOrderServletRequestWrapper.java | 36 +++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index 20f811e39..958ae646e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -106,9 +106,9 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { bodyParameters = new Hashtable(); //Insert code for Query string parsing - String rawQuery = req.getQueryString(); + String rawQuery = req.getQueryString(); queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true); - + //analyze HTTP Post body parameters if (req.getMethod().equalsIgnoreCase("POST")) { @@ -118,6 +118,7 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { if (req.getContentType().equals("application/x-www-form-urlencoded")) { + try { bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc); @@ -217,25 +218,38 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { { String pair = (String) st.nextToken(); int pos = pair.indexOf('='); - if (pos == -1) - { - throw new IllegalArgumentException(); - } +// if (pos == -1) +// { +// throw new IllegalArgumentException(); +// } try { if (decode) { - key = URLDecoder.decode(pair.substring(0, pos), encoding); - val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + if (pos == -1) { // query is not a key=value pair, it is just a key + key = URLDecoder.decode(pair, encoding); + val = ""; // value is empty string + } + else { + key = URLDecoder.decode(pair.substring(0, pos), encoding); + val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + } } else { - key = pair.substring(0, pos); - val = pair.substring(pos + 1, pair.length()); + if (pos == -1) { // query is not a key=value pair, it is just a key + key = pair; + val = ""; // value is empty string + } + else { + key = pair.substring(0, pos); + val = pair.substring(pos + 1, pair.length()); + } } //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos)); //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length())); } catch (Exception e) { - throw new IllegalArgumentException(); + Logger.error("Error encoding query", e); + throw new IllegalArgumentException(); } if (ht.containsKey(key)) { -- cgit v1.2.3 From 2a31c88fda199a37fb7136d86100a9c330e5de34 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 28 Mar 2011 17:22:32 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1197 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 0cd0a0b7a..ce15b75bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -659,18 +659,14 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } else { Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); } - if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { - chunked = true; - transferEncodingKey = headerKey; + if (isTransferEncodingChunkedHeader(headerKey, headerValue) || "content-length".equalsIgnoreCase(headerKey)) { + respHeaders.remove(respHeader); + Logger.debug("Resp header " + headerKey + " REMOVED"); } - if ("content-length".equalsIgnoreCase(headerKey)) - contentLengthKey = headerKey; + i++; } - if (chunked && contentLengthKey != null) { - respHeaders.remove(transferEncodingKey); - Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); - } + String headerValue; String respHeader[] = new String[2]; -- cgit v1.2.3 From ab7c7b6a64edca60b78a89b18a1972ad5e38586e Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 1 Apr 2011 08:03:14 +0000 Subject: =?UTF-8?q?-=20Update=20Parameter=C3=BCberpr=C3=BCfung=20-=20Updat?= =?UTF-8?q?e=20MOA-Template=20zur=20B=C3=BCrgerkartenauswahl=20-=20=C3=84n?= =?UTF-8?q?derung=20der=20Konfiguration=20f=C3=BCr:=20=09-=20Angabe=20eine?= =?UTF-8?q?r=20Liste=20von=20vertrauensw=C3=BCrdigen=20BKUs=20(aufgrund=20?= =?UTF-8?q?Parameterpr=C3=BCfung)=20-=20Fixed=20Bug=20#552=20(http://egovl?= =?UTF-8?q?abs.gv.at/tracker/index.php=3Ffunc=3Ddetail&aid=3D552&group=5Fi?= =?UTF-8?q?d=3D6&atid=3D105)=20-=20Fixed=20Bug=20#551=20(http://egovlabs.g?= =?UTF-8?q?v.at/tracker/index.php=3Ffunc=3Ddetail&aid=3D551&group=5Fid=3D6?= =?UTF-8?q?&atid=3D105)=20-=20Fixed=20Bug=20#550=20(http://egovlabs.gv.at/?= =?UTF-8?q?tracker/index.php=3Ffunc=3Ddetail&aid=3D550&group=5Fid=3D6&atid?= =?UTF-8?q?=3D105)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 8 +- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/auth/servlet/AuthServlet.java | 16 +- .../moa/id/auth/servlet/ConfigurationServlet.java | 7 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 24 +- .../auth/servlet/ProcessValidatorInputServlet.java | 63 ++- .../moa/id/auth/servlet/SelectBKUServlet.java | 27 +- .../auth/servlet/StartAuthenticationServlet.java | 24 +- .../servlet/VerifyAuthenticationBlockServlet.java | 20 + .../id/auth/servlet/VerifyCertificateServlet.java | 16 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 18 +- .../moa/id/config/ConfigurationBuilder.java | 20 + .../id/config/auth/AuthConfigurationProvider.java | 17 +- .../moa/id/util/ParamValidatorUtils.java | 465 +++++++++++++++++---- .../java/at/gv/egovernment/moa/id/util/Random.java | 15 +- 15 files changed, 635 insertions(+), 107 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 8de82a8d6..64eaf30cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -800,9 +800,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); + if (verifyInfoboxParameters != null) { - session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes - session.setExtendedSAMLAttributesOA(new Vector()); + infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -1556,7 +1558,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); + String sessionID = Random.nextRandom(); AuthenticationSession newSession = new AuthenticationSession(sessionID); synchronized (sessionStore) { AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 0e361ee57..259b21db7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -28,6 +28,8 @@ public interface MOAIDAuthConstants { /** servlet parameter "Target" */ public static final String PARAM_TARGET = "Target"; + /** servlet parameter "useMandate" */ + public static final String PARAM_USEMANDATE = "useMandate"; /** servlet parameter "OA" */ public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index bff0a3fca..109d17d11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -53,7 +53,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { /** - * Handles an error.
    + * Handles an error.
    > *

      *
    • Logs the error
      • *
    • Places error message and exception thrown into the request @@ -89,7 +89,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); @@ -111,6 +117,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); @@ -123,7 +134,6 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * Logs all servlet parameters for debugging purposes. */ protected void logParameters(HttpServletRequest req) { - //@TODO Parameter? for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { String parname = (String)params.nextElement(); Logger.debug("Parameter " + parname + req.getParameter(parname)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index be8b5e272..a9082dd8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -48,6 +49,12 @@ public class ConfigurationServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 23d4eab20..c83650587 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -12,11 +12,13 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -61,7 +63,12 @@ public class GetForeignIDServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET GetForeignIDServlet"); - + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } @@ -87,6 +94,11 @@ public class GetForeignIDServlet extends AuthServlet { Logger.debug("POST GetForeignIDServlet"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -97,16 +109,24 @@ public class GetForeignIDServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + String redirectURL = null; AuthenticationSession session = null; try { + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) + throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); session = AuthenticationServer.getSession(sessionID); - String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + Logger.debug(xmlCreateXMLSignatureResponse); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 317af3e06..54d08c59e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -24,10 +24,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -36,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -66,7 +70,12 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET ProcessInput"); + Logger.debug("GET ProcessInput"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { parameters = getParameters(req); @@ -78,8 +87,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); - try { + try { + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); String outputStream; @@ -103,7 +119,10 @@ public class ProcessValidatorInputServlet extends AuthServlet { out.flush(); out.close(); Logger.debug("Finished GET ProcessInput"); - } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { handleError(null, ex, req, resp); } @@ -117,7 +136,13 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("POST ProcessInput"); + Logger.debug("POST ProcessInput"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { parameters = getParameters(req); @@ -125,13 +150,20 @@ public class ProcessValidatorInputServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter + String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); - try { + try { + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthenticationServer.processInput(session, parameters); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); @@ -143,16 +175,22 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed - //@TODO Parameter + String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); - if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + // escape parameter strings + inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm); if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); if (doInputProcessorSign) { // Test if we have a user input form sign template - //@TODO Parameter - String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + + if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) + throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); + String inputProcessorSignTemplate = null; OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); @@ -199,7 +237,10 @@ public class ProcessValidatorInputServlet extends AuthServlet { resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } - } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { handleError(null, ex, req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 09b3ae15f..6e285a2c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -24,7 +24,10 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -70,6 +73,12 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String authURL = req.getScheme() + "://" + req.getServerName(); if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { authURL = authURL.concat(":" + req.getServerPort()); @@ -80,6 +89,14 @@ public class SelectBKUServlet extends AuthServlet { String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); String templateURL = req.getParameter(PARAM_TEMPLATE); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); + + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); @@ -89,11 +106,13 @@ public class SelectBKUServlet extends AuthServlet { // check parameter if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) + throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); String returnValue = AuthenticationServer.getInstance().selectBKU( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 2430095b2..10b4041df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -17,12 +17,16 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; +import java.io.Reader; +import java.io.StringReader; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -64,16 +68,27 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); + String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); + String useMandate = req.getParameter(PARAM_USEMANDATE); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + sessionID = StringEscapeUtils.escapeHtml(sessionID); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + //System.out.println("useMandate: " + useMandate); try { // check parameter @@ -83,10 +98,14 @@ public class StartAuthenticationServlet extends AuthServlet { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(templateURL)) + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + + String getIdentityLinkForm = @@ -97,6 +116,7 @@ public class StartAuthenticationServlet extends AuthServlet { out.print(getIdentityLinkForm); out.flush(); Logger.debug("Finished GET StartAuthentication"); + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 8ae951dda..ad01de6c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -23,9 +23,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -60,6 +62,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET VerifyAuthenticationBlock"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } /** @@ -87,6 +95,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyAuthenticationBlock"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -98,11 +112,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + String redirectURL = null; try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 1b96ce8a4..76c5476ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -17,12 +17,14 @@ import javax.xml.parsers.ParserConfigurationException; import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -64,7 +66,10 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("GET VerifyCertificateServlet"); - + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** @@ -84,6 +89,11 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("POST VerifyCertificateServlet"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -94,6 +104,10 @@ public class VerifyCertificateServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + AuthenticationSession session = null; try { // check parameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index ba3e2141b..dff366829 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -23,10 +23,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; @@ -61,6 +63,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET VerifyIdentityLink"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** @@ -85,6 +92,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyIdentityLink"); + Map parameters; try { @@ -95,10 +103,16 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); - - + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 7cc33ca52..dbfbda535 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -161,6 +161,10 @@ public class ConfigurationBuilder { protected static final String GENERIC_CONFIGURATION_XPATH = ROOT + CONF + "GenericConfiguration"; + /** an XPATH-Expression */ + protected static final String TRUSTED_BKUS = + ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL"; + /** an XPATH-Expression */ protected static final String CHAINING_MODES_XPATH = ROOT + CONF + "ChainingModes"; @@ -372,6 +376,22 @@ public class ConfigurationBuilder { return result; } + public List getTrustedBKUs() { + + List trustedBKUs = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS); + + Element vtElem; + + while ((vtElem = (Element) bkuIter.nextNode()) != null) { + String bkuURL = DOMUtils.getText(vtElem); + trustedBKUs.add(bkuURL); + } + + return trustedBKUs; + + } /** * Returns a list containing all X509 Subject Names diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index a25bc1af5..6e296b4f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private ConnectionParameter foreignIDConnectionParameter; + /** + * Parameter for trusted BKUs + */ + private List trustedBKUs; + /** * Return the single instance of configuration data. * @@ -271,7 +276,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + trustedBKUs = builder.getTrustedBKUs(); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -411,6 +417,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public List getIdentityLinkX509SubjectNames() { return identityLinkX509SubjectNames; } + + /** + * Returns the trustBKUs. + * @return List + */ + public List getTrustedBKUs() { + return this.trustedBKUs; + } + /** * Returns the bKUConnectionParameter. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 684291c59..79db9907b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -1,14 +1,25 @@ package at.gv.egovernment.moa.id.util; -import java.io.BufferedReader; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; +import java.io.StringReader; import java.net.MalformedURLException; import java.net.URL; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.servlet.http.HttpServletRequest; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + public class ParamValidatorUtils { @@ -19,52 +30,266 @@ public class ParamValidatorUtils { */ public static boolean isValidTarget(String target) { + Logger.debug("Überprüfe Parameter Target"); + // if non parameter is given return true - if (target == null) - return true; + if (target == null) { + Logger.debug("Parameter Target ist null"); + return true; + } + Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); Matcher matcher = pattern.matcher(target); - return matcher.matches(); + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter Target erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + } /** - * Checks if the given bkuURI is valid + * Checks if the given useMandate is valid * @param target HTTP parameter from request * @return */ - public static boolean isValidBKUURI(String bkuURI) { + public static boolean isValidUseMandate(String usemandate) { + Logger.debug("Überprüfe Parameter useMandate"); + // if non parameter is given return true - if (bkuURI == null) - return true; + if (usemandate== null) { + Logger.debug("Parameter useMandate ist null"); + return true; + } + - // check if bkuURI is a valid URL - try { - new URL(bkuURI); - return true; - } catch (MalformedURLException e) { - return false; + if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) { + Logger.debug("Parameter useMandate erfolgreich überprüft"); + return true; } + else { + Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')"); + return false; + } + + + + + } /** - * Checks if the given template is valid + * Checks if the given bkuURI is valid * @param target HTTP parameter from request * @return */ - public static boolean isValidTemplate(String template) { + public static boolean isValidBKUURI(String bkuURI) { + Logger.debug("Überprüfe Parameter bkuURI"); + // if non parameter is given return true + if (bkuURI == null) { + Logger.debug("Parameter bkuURI ist null"); + return true; + } + + // check if template is a valid URL + try { + // check if bku url starts with http or https + if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) { + URL url =new URL(bkuURI); + + // check if bkuURI is a local BKU + if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 || + bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0) { + Logger.debug("Parameter bkuURI erfolgreich überprüft"); + return true; + } + else { + Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs."); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + List trustedBKUs = authConf.getTrustedBKUs(); + boolean b = trustedBKUs.contains(bkuURI); + if (b) { + Logger.debug("Parameter bkuURI erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)"); + return false; + } + } + + + } + else { + Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https"); + return false; + } + + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter bkuURI", e); + return false; + } catch (ConfigurationException e) { + Logger.error("Fehler Überprüfung Parameter bkuURI", e); + return false; + } + } + +// private static boolean testBKUConnection(URL url) { +// +// // make NullOperationRequest +// //String request = ""; +// String request = ""; +// +// HttpURLConnection connection; +// if (url != null) { +// try { +// if (url.toExternalForm().startsWith("https")) { +// connection = (HttpsURLConnection)url.openConnection(); +// } +// else { +// connection = (HttpURLConnection)url.openConnection(); +// } +// +// connection.setRequestMethod("POST"); +// connection.setDoOutput(true); +// +// connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); +// +// String toSend = URLEncoder.encode(request, "UTF-8"); +// toSend = "XMLRequest=" + toSend; +// connection.setRequestProperty("Content-Length", String.valueOf(toSend.getBytes().length)); +// +// Logger.debug("Send NullOperationRequest to BKU."); +// +// OutputStream out = connection.getOutputStream(); +// out.write(toSend.getBytes()); +// +// // get response +// connection.connect(); +// int responseCode = connection.getResponseCode(); +// +// if (responseCode != 200) { +// InputStream is = connection.getErrorStream(); +// int ch; +// String ret = ""; +// while ((ch = is.read()) != -1) +// ret += (char)ch; +// +// is.close(); +// +// System.out.println("ret: " + ret); +// +// Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200."); +// return false; +// } +// +// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// +// //Document doc = builder.parse(connection.getInputStream()); +// +// System.out.println(convertStreamToString(connection.getInputStream())); +// +//// NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse"); +//// if (l.getLength() != 0) { +//// Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen."); +//// return false; +//// } +// +// Logger.debug("Parameter Template bkuURI erfolgreich überprüft"); +// return true; +// +//// } catch (SAXException e) { +//// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +//// return false; +// } catch (IOException e) { +// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +// return false; +// } catch (ParserConfigurationException e) { +// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +// return false; +// } +// } +// else { +// Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null."); +// return false; +// } +// +// +// } + +// public static String convertStreamToString(InputStream is) { +// if (is != null) { +// Writer writer = new StringWriter(); +// +// char[] buffer = new char[1024]; +// try { +// Reader reader = new BufferedReader(new InputStreamReader(is, "UTF-8")); +// int n; +// while ((n = reader.read(buffer)) != -1) { +// writer.write(buffer, 0, n); +// } +// } catch (IOException e) { +// e.printStackTrace(); +// } +// +// return writer.toString(); +// } +// else { +// return ""; +// } +// } + + /** + * Checks if the given template is valid + * @param req + * @param template + * @return + */ + public static boolean isValidTemplate(HttpServletRequest req, String template) { + Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL"); + // if non parameter is given return true - if (template == null) - return true; + if (template == null) { + Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null"); + return true; + } // check if template is a valid URL try { - new URL(template); - return true; + + // check if template url starts with http or https + if (template.startsWith("http") || template.startsWith("https")) { + + // check if template url is from same server + if (template.contains(req.getServerName())) { + new URL(template); + Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")"); + return false; + } + + } + else { + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https."); + return false; + } + + } catch (MalformedURLException e) { - e.printStackTrace(); + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e); return false; } } @@ -75,16 +300,31 @@ public class ParamValidatorUtils { * @return */ public static boolean isValidSessionID(String sessionID) { - + Logger.debug("Überprüfe Parameter MOASessionId"); + // if non parameter is given return true - if (sessionID == null) - return true; + if (sessionID == null) { + Logger.debug("Parameter MOASessionId ist null"); + return true; + } + Pattern pattern = Pattern.compile("[0-9-]*"); Matcher matcher = pattern.matcher(sessionID); - return matcher.matches(); - + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter MOASessionId erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)"); + return false; + } + + + + } /** @@ -93,18 +333,68 @@ public class ParamValidatorUtils { * @return */ public static boolean isValidOA(String oa) { + Logger.debug("Überprüfe Parameter oa"); + // if non parameter is given return true + if (oa == null) { + Logger.debug("Parameter oa ist null"); + return true; + } + + // check if template is a valid URL + try { + + // check if template url starts with http or https + if (oa.startsWith("http") || oa.startsWith("https")) { + new URL(oa); + Logger.debug("Parameter oa erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https"); + return false; + } + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter oa", e); + return false; + } + + } - // if non parameter is given return true - if (oa == null) - return true; - - // check if oa is a valid URL - try { - new URL(oa); - return true; - } catch (MalformedURLException e) { - return false; - } + /** + * Checks if the given signurl is valid + * @param target HTTP parameter from request + * @return + */ + public static boolean isValidSignUrl(String signurl) { + + Logger.debug("Überprüfe Parameter signurl"); + + // if non parameter is given return true + if (signurl == null) { + Logger.debug("Parameter signurl ist null"); + return true; + } + + // check if template is a valid URL + try { + + // check if signurl starts with http or https + if (signurl.startsWith("http") || signurl.startsWith("https")) { + new URL(signurl); + Logger.debug("Parameter signurl erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https"); + return false; + } + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter signurl", e); + return false; + } + } /** @@ -115,44 +405,69 @@ public class ParamValidatorUtils { * @param data * @return */ - private static boolean checkPlaceHolders(String data) { - - boolean bku = data.contains(""); - boolean xmlrequest = data.contains(""); - boolean dataurl = data.contains(""); - boolean certinfoxmlrequest = data.contains(""); - boolean certinfodataurl = data.contains(""); - - System.out.println("Check Data: "); - System.out.println("bku: " + bku); - System.out.println("xmlrequest: " + xmlrequest); - System.out.println("dataurl: " + dataurl); - System.out.println("certinfoxmlrequest: " + certinfoxmlrequest); - System.out.println("certinfodataurl: " + certinfodataurl); - - - //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl; - return true; - - } +// private static boolean checkPlaceHolders(String data) { +// +// boolean bku = data.contains(""); +// boolean xmlrequest = data.contains(""); +// boolean dataurl = data.contains(""); +// boolean certinfoxmlrequest = data.contains(""); +// boolean certinfodataurl = data.contains(""); +// +// System.out.println("Check Data: "); +// System.out.println("bku: " + bku); +// System.out.println("xmlrequest: " + xmlrequest); +// System.out.println("dataurl: " + dataurl); +// System.out.println("certinfoxmlrequest: " + certinfoxmlrequest); +// System.out.println("certinfodataurl: " + certinfodataurl); +// +// +// //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl; +// return true; +// +// } - /** - * Converts an input stream to a string - * @param is - * @return - * @throws Exception - */ - private static String convertStreamToString(InputStream is) throws Exception { - BufferedReader reader = new BufferedReader(new InputStreamReader(is)); - StringBuilder sb = new StringBuilder(); - String line = null; - while ((line = reader.readLine()) != null) { - sb.append(line); - } - is.close(); - return sb.toString(); - } +// /** +// * Converts an input stream to a string +// * @param is +// * @return +// * @throws Exception +// */ +// private static String convertStreamToString(InputStream is) throws Exception { +// BufferedReader reader = new BufferedReader(new InputStreamReader(is)); +// StringBuilder sb = new StringBuilder(); +// String line = null; +// while ((line = reader.readLine()) != null) { +// sb.append(line); +// } +// is.close(); +// return sb.toString(); +// } + + public static boolean isValidXMLDocument(String document) { + + Logger.debug("Überprüfe Parameter XMLDocument"); + try { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder = factory.newDocumentBuilder(); + InputSource is = new InputSource(new StringReader(document)); + builder.parse(is); + + Logger.debug("Parameter XMLDocument erfolgreich überprüft"); + return true; + + } catch (ParserConfigurationException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } catch (SAXException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } catch (IOException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 225a5e246..450c002f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -15,7 +15,8 @@ */ package at.gv.egovernment.moa.id.util; -import java.util.Date; +import java.nio.ByteBuffer; +import java.security.SecureRandom; /** * Random number generator used to generate ID's @@ -25,13 +26,21 @@ import java.util.Date; public class Random { /** random number generator used */ - private static java.util.Random random = new java.util.Random(new Date().getTime()); + private static SecureRandom random = new SecureRandom(); /** * Creates a new random number, to be used as an ID. * * @return random long as a String */ public static String nextRandom() { - return "" + random.nextLong(); + + byte[] b = new byte[16]; // 16 bytes = 128 bits + random.nextBytes(b); + + + ByteBuffer bb = ByteBuffer.wrap(b); + long l = bb.getLong(); + + return "" + l; } } -- cgit v1.2.3 From ac9a6c52e96f4c737de3392a7ba16b8fa8958b85 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 6 Apr 2011 15:29:11 +0000 Subject: =?UTF-8?q?-=20IAIK=20Libraries=20(repository)=20aktualisiert:=20?= =?UTF-8?q?=09iaik-moa:=20=20=20=20=20=20=20=20=20=20=20Version=201.29=20?= =?UTF-8?q?=09iaik=5Fjce=5Ffull:=09=09Version=204.0=5FMOA=20=09iaik=5Fcms:?= =?UTF-8?q?=09=09=09Version=204.1=5FMOA=20-=20Einbindung=20von=20Online-Vo?= =?UTF-8?q?llmachten=20-=20Update=20MOA-Template=20zur=20B=C3=BCrgerkarten?= =?UTF-8?q?auswahl=20-=20Update=20Doku=20-=20Update=20Transformationen=20(?= =?UTF-8?q?f=C3=BCr=20Online-Vollmachten)=20-=20=C3=84nderung=20der=20Konf?= =?UTF-8?q?iguration=20f=C3=BCr:=20=09-=20Online-Vollmachten?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 240 ++++++++++++++++++- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../auth/builder/GetIdentityLinkFormBuilder.java | 67 ++++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 79 +++++++ .../moa/id/auth/data/AuthenticationSession.java | 45 ++++ .../moa/id/auth/servlet/GetForeignIDServlet.java | 9 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 174 ++++++++++++++ .../auth/servlet/ProcessValidatorInputServlet.java | 4 +- .../auth/servlet/StartAuthenticationServlet.java | 18 +- .../servlet/VerifyAuthenticationBlockServlet.java | 2 + .../id/auth/servlet/VerifyCertificateServlet.java | 214 +++++++++++------ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 37 ++- .../moa/id/auth/validator/parep/ParepUtils.java | 9 +- .../id/auth/validator/parep/ParepValidator.java | 6 +- .../moa/id/config/ConfigurationBuilder.java | 32 ++- .../id/config/auth/AuthConfigurationProvider.java | 15 ++ .../moa/id/config/auth/OAAuthParameter.java | 21 ++ .../moa/id/proxy/servlet/ProxyServlet.java | 12 +- .../moa/id/util/ParamValidatorUtils.java | 3 + .../gv/egovernment/moa/id/util/ServletUtils.java | 3 +- .../moa/id/util/client/mis/simple/MISMandate.java | 48 ++++ .../id/util/client/mis/simple/MISSessionId.java | 22 ++ .../id/util/client/mis/simple/MISSimpleClient.java | 261 +++++++++++++++++++++ .../mis/simple/MISSimpleClientException.java | 22 ++ .../resources/properties/id_messages_de.properties | 4 + 25 files changed, 1250 insertions(+), 99 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 64eaf30cd..a772e0457 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,14 +15,11 @@ */ package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -39,10 +36,11 @@ import java.util.Vector; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import HTTPClient.Util; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used + * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated * @param scheme determines the protocol used * @return HTML form @@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oaURL, String templateURL, String bkuURL, + String useMandate, String sessionID, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { @@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); + session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), - oaParam.getBusinessService(), + oaParam.getBusinessService(), oaParam.getIdentityLinkDomainIdentifier()); + + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + session.setUseMandate(useMandate); + } + else { + session.setUseMandate("false"); + } String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants { return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); } + + /** + * Processes an Mandate sent by the + * MIS.
      + *
        + *
      • Validates given Mandate
        • + *
      • Verifies Mandate by calling the MOA SP component
        • + *
      • Creates an authentication block to be signed by the user
        • + *
      • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the + * security layer implementation
        • + *
      + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU including the <InfoboxReadResponse> + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String verifyMandate(String sessionID, MISMandate mandate) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID}); + + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + try { + // set extended SAML attributes + setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + } catch (SAXException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } + + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + /** + * + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) throws ConfigurationException, @@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } + + /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
      *
        @@ -926,6 +1010,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException + { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business); + + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); + + } + /** * Intermediate processing of the infoboxes. The first pending infobox * validator may validate the provided input @@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { int length = extendedSAMLAttributes.length; for (int i=0; i" + nl + "" + nl + ""; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = + "" + nl + + "" + nl + + "" + nl + + "Vollmachten-Anmeldung" + nl + + "" + nl + + "" + nl + + "" + nl + + "
        " + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
        " + nl + + "
        " + nl + + " " + nl + + " " + nl + +// " " + nl + + " " + nl + + "
        " + nl + + "" + nl + + ""; /** * Constructor for GetIdentityLinkFormBuilder. @@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder { htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); return htmlForm; } + + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String buildCreateSignature( + String bkuURL, + String xmlRequest, + String dataURL) + throws BuildException + { + String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + return htmlForm; + } /** * Encodes a string for inclusion as a parameter in the form. * Double quotes are substituted by "&quot;". diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 2c97f01ae..a6b61e747 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder { return requestElem_; } + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(byte[]mandate, String trustProfileID) + throws ParseException + { + try { + // build the request +// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); +// requestElem_.appendChild(dateTimeElem); +// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); +// dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + //String serializedAssertion = identityLink.getSerializedSamlAssertion(); + //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); + String base64EncodedAssertion = Base64Utils.encode(mandate); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +// // add the transforms +// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); +// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); +// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); +// +// for (int i = 0; i < dsigTransforms.length; i++) { +// Element verifyTransformsInfoProfileElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); +// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); +// } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + /** * Builds a <VerifyXMLSignatureRequest> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index eca02a77b..554b5012e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -68,6 +68,16 @@ public class AuthenticationSession { * URL of the BKU */ private String bkuURL; + + /** + * Use mandate + */ + private boolean useMandate; + + /** + * SessionID for MIS + */ + private String misSessionID; /** * identity link read from smartcard */ @@ -582,4 +592,39 @@ public class AuthenticationSession { this.pushInfobox = pushInfobox; } + /** + * + * @param useMandate indicates if mandate is used or not + */ + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + this.useMandate = true; + else + this.useMandate = false; + + } + + /** + * Returns if mandate is used or not + * @return + */ + public boolean getUseMandate() { + return this.useMandate; + } + + /** + * + * @param misSessionID indicates the MIS session ID + */ + public void setMISSessionID(String misSessionID) { + this.misSessionID = misSessionID; + } + + /** + * Returns the MIS session ID + * @return + */ + public String getMISSessionID() { + return this.misSessionID; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index c83650587..9a6670617 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet { try { client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); } catch (IOException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (GeneralSecurityException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (PKIException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } } Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java new file mode 100644 index 000000000..4c0abdb0f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -0,0 +1,174 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + +// Logger.debug("GET GetMISSessionIDServlet"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and + * responds with a new + * CreateXMLSignatureRequest. + *
        + * Request parameters: + *
          + *
        • MOASessionID: ID of associated authentication session
          • + *
        • XMLResponse: <InfoboxReadResponse>
          • + *
        + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + +// Map parameters; +// try +// { +// parameters = getParameters(req); +// } catch (FileUploadException e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + //System.out.println("MIS Session ID (GetMISServlet): " + misSessionID); + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate)list.get(0); + + // verify mandate signature + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); + + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_AUTH_BLOCK, + session.getSessionID()); + + Logger.debug(createXMLSignatureRequestOrRedirect); + + String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(request); + out.flush(); + + + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } + } + + private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException { + return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL); + + } + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 54d08c59e..b50a1edde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet { * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - + throws ServletException, IOException { + Logger.debug("GET ProcessInput"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 10b4041df..2e7d59fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -15,11 +15,14 @@ */ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; + import java.io.IOException; import java.io.PrintWriter; -import java.io.Reader; -import java.io.StringReader; +import java.security.GeneralSecurityException; +import java.util.List; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; /** @@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet { resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - //System.out.println("useMandate: " + useMandate); - + try { // check parameter if (!ParamValidatorUtils.isValidTarget(target)) @@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index ad01de6c8..f1fb15be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + //doPost(req, resp); + Logger.debug("GET VerifyAuthenticationBlock"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 76c5476ae..d101df1fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -8,12 +8,14 @@ import java.security.GeneralSecurityException; import java.security.cert.CertificateEncodingException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; @@ -22,24 +24,25 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Text; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID @@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_GET_FOREIGN_ID, - session.getSessionID()); - - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + if (cert == null) { + Logger.error("Certificate could not be read."); + throw new AuthenticationException("auth.14", null); + } + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + // Mandate Modus + // make request to MIS + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); +// byte[] idl = DOMUtils.nodeToByteArray(elem); +// String s = new String(idl); + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + String redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); + + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + else { + // Foreign Identities Modus + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_GET_FOREIGN_ID, + session.getSessionID()); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + + + Logger.debug("Send CreateXMLSignatureRequest to BKU"); + } - Logger.debug("Send CreateXMLSignatureRequest to BKU"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); + } } /** @@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet { * @throws SZRGWClientException */ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { - - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - - - return response.getAssertion(); - - } +// private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { +// +// SZRGWClient client = new SZRGWClient(); +// +// try { +// AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); +// ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); +// //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; +// Logger.debug("Connection Parameters: " + connectionParameters); +// client.setAddress(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { +// Logger.debug("Initialisiere SSL Verbindung"); +// try { +// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (GeneralSecurityException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (PKIException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } +// } +// +// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); +// +// +// } +// catch (ConfigurationException e) { +// Logger.warn(e); +// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); +// +// } +// // create request +// Document doc = buildGetIdentityLinkRequest(cert); +// Element request = doc.getDocumentElement(); +// CreateIdentityLinkResponse response = null; +// +// //try { +// response = client.createIdentityLinkResponse(request); +// //} catch (SZRGWClientException e) { +// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. +// // client = new SZRGWClient(url); +// // response = client.createIdentityLinkResponse(request); +// // } +// +// +// return response.getAssertion(); +// +// } /** * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index dff366829..23861d290 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (createXMLSignatureRequestOrRedirect == null) { // no identity link found + boolean useMandate = session.getUseMandate(); + if (useMandate) { + Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null); + } + try { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - // create the InfoboxReadRequest to get the certificate + // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the GetForeignIDSerlvet) @@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + } catch(Exception e) { @@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } else { - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + boolean useMandate = session.getUseMandate(); + if (useMandate) { // Mandate modus + // read certificate and set dataurl to VerifyCertificateForMandatesServlet + + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + } + else { + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index a8e22562a..51551834e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** @@ -245,9 +246,13 @@ public class ParepUtils { try { Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); - + + String s = DOMUtils.serializeNode(mandator); + // check if physical person - Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, // "descendant-or-self::pr:CorporateBody", nameSpaceNode); return physicalPerson != null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 2a0126b82..9d5c0f7cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator { public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + + /** */ + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; /** register and register number for non physical persons - the domain identifier for business applications*/ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index dbfbda535..b5275cdd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -125,6 +125,10 @@ public class ConfigurationBuilder { public static final String AUTH_FOREIGN_IDENTITIES_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; + /** an XPATH-Expression */ + public static final String AUTH_ONLINEMANDATES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; + /** an XPATH-Expression */ @@ -146,6 +150,8 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; + /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ @@ -242,6 +248,18 @@ public class ConfigurationBuilder { return buildConnectionParameter(foreignid); } + + /** + * Build a ConnectionParameter containing all information + * of the OnlineMandates element in the authentication component + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter buildOnlineMandatesConnectionParameter() { + Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); + if (onlinemandates==null) return null; + return buildConnectionParameter(onlinemandates); + + } /** * Method buildAuthBKUSelectionType. @@ -529,7 +547,19 @@ public class ConfigurationBuilder { } Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( - verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + + Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); + if (mandateProfilesNode != null) { + if ("businessService".equalsIgnoreCase(oaType)) { + Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); + throw new ConfigurationException("config.02", null); + } + else { + String profiles = DOMUtils.getText(mandateProfilesNode); + oap.setMandateProfiles(profiles); + } + } } OA_set.add(oap); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6e296b4f4..ceb047280 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private ConnectionParameter foreignIDConnectionParameter; + /** + * parameter for connection to OnlineMandates Service + */ + private ConnectionParameter onlineMandatesConnectionParameter; + /** * Parameter for trusted BKUs */ @@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); + onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); defaultChainingMode = builder.getDefaultChainingMode(); @@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public ConnectionParameter getForeignIDConnectionParameter() { return foreignIDConnectionParameter; } + + /** + * Return a ConnectionParameter bean containing all information + * of the authentication component OnlineMandates element + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter getOnlineMandatesConnectionParameter() { + return onlineMandatesConnectionParameter; + } /** * Return a string with a url-reference to the VerifyIdentityLink trust diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c352fae6c..aa5aa21a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -88,6 +88,11 @@ public class OAAuthParameter extends OAParameter { */ private VerifyInfoboxParameters verifyInfoboxParameters; + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + /** * BZ * Type for authentication number (e.g. Firmenbuchnummer) @@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter { public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index ce15b75bd..6802005f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; @@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet { protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - //@TODO Parameter + + String artifact = req.getParameter(PARAM_SAMLARTIFACT); + artifact = StringEscapeUtils.escapeHtml(artifact); + try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null) { + if (artifact != null) { // check if SAML Artifact was already used in this session (in case of page reload) HttpSession session = req.getSession(); - if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) { if (session.getAttribute(ATT_BROWSERREQU)==null) { tunnelRequest(req, resp); }else{ @@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map Vector parameters = new Vector(); -//@TODO Parameter for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { String paramName = (String) enu.nextElement(); if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 79db9907b..d35fc875d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -446,6 +446,9 @@ public class ParamValidatorUtils { public static boolean isValidXMLDocument(String document) { + if (document == null) + return false; + Logger.debug("Überprüfe Parameter XMLDocument"); try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 1915ce40a..24e5ff3d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -64,7 +64,8 @@ public class ServletUtils { out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); out.close(); - Logger.debug("Finished POST " + servletName); + Logger.debug("Finished POST " + servletName); + } else { String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); resp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java new file mode 100644 index 000000000..59ca0d5ca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISMandate { + + final static private String OID_NOTAR = "1.2.40.0.10.3.1"; + final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; + + final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2"; + final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"; + + final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3"; + final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft"; + + final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4"; + final static private String TEXT_ORGANWALTER = "Organwalter"; + + + private String oid = null; + private byte[] mandate = null; + + public String getProfRep() { + return oid; + } + public void setProfRep(String oid) { + this.oid = oid; + } + public byte[] getMandate() { + return mandate; + } + public void setMandate(byte[] mandate) { + this.mandate = mandate; + } + + public String getTextualDescriptionOfOID() { + if (this.oid.equalsIgnoreCase(OID_NOTAR)) + return TEXT_NOTAR; + if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT)) + return TEXT_RECHTSANWALT; + if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER)) + return TEXT_ZIVILTECHNIKER; + if (this.oid.equalsIgnoreCase(OID_ORGANWALTER)) + return TEXT_ORGANWALTER; + + return "Keine textuelle Beschreibung für OID " + oid; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java new file mode 100644 index 000000000..d8bec4900 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISSessionId { + + private String sessiondId = null; + private String redirectURL = null; + + public String getSessiondId() { + return sessiondId; + } + public void setSessiondId(String sessiondId) { + this.sessiondId = sessiondId; + } + public String getRedirectURL() { + return redirectURL; + } + public void setRedirectURL(String redirectURL) { + this.redirectURL = redirectURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java new file mode 100644 index 000000000..25c341584 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -0,0 +1,261 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.methods.StringRequestEntity; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xerces.parsers.DOMParser; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; +import org.xml.sax.SAXNotSupportedException; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + + +public class MISSimpleClient { + + + private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd"; + + private static Element NS_NODE = null; + + + static { + try { + NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test"); + NS_NODE.setAttribute("xmlns:soap", SOAP_NS); + NS_NODE.setAttribute("xmlns:mis", MIS_NS); + } catch (Exception e) { + Logger.warn("Error initializing namespace node.", e); + } + } + + public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + if (webServiceURL == null) { + throw new NullPointerException("Argument webServiceURL must not be null."); + } + if (sessionId == null) { + throw new NullPointerException("Argument sessionId must not be null."); + } + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); + Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID"); + sessionIdElement.appendChild(doc.createTextNode(sessionId)); + mirElement.appendChild(sessionIdElement); + + // send soap request + Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + + // check for error + checkForError(mandateIssueResponseElement); + + // check for session id + NodeList mandateElements = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE); + + if (mandateElements == null || mandateElements.getLength() == 0) { + throw new MISSimpleClientException("No mandates found in response."); + } + + ArrayList foundMandates = new ArrayList(); + for (int i=0; i 0) { + Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate"); + certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert))); + // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + mirElement.appendChild(certElement); + } + Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL"); + redirectElement.appendChild(doc.createTextNode(redirectURL)); + mirElement.appendChild(redirectElement); + if (mandateIdentifier != null && mandateIdentifier.length > 0) { + Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); + Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); + for (int i=0; iURL "{0}" Interne Fehlermeldung: {1} auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}" +auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt. +auth.14=Zertifikat konnte nicht ausgelesen werden. +auth.15=Fehler bei Anfrage an Vollmachten Service. +auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar -- cgit v1.2.3 From 07449c789f2561bb768d111e5b7d2c14e5dec26f Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 7 Apr 2011 19:22:50 +0000 Subject: =?UTF-8?q?*=20Update=20Parameter=C3=BCberpr=C3=BCfung=20Templates?= =?UTF-8?q?=20*=20Update=20Beispiel-Konfigurationen=20*=20Update=20Content?= =?UTF-8?q?Type=20f=C3=BCr=20InfoBoxReadRequest=20(Zertifikat)=20bei=20Onl?= =?UTF-8?q?ine-Mandates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1202 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/servlet/VerifyCertificateServlet.java | 2 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 6 ++- .../moa/id/util/ParamValidatorUtils.java | 8 +++- .../gv/egovernment/moa/id/util/ServletUtils.java | 54 +++++++++++++++++----- 4 files changed, 55 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index d101df1fa..0014d2647 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -110,7 +110,7 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); - + AuthenticationSession session = null; try { // check parameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 23861d290..740c85942 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -108,6 +108,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); @@ -178,7 +179,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index d35fc875d..a1e039661 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -270,8 +270,12 @@ public class ParamValidatorUtils { // check if template url starts with http or https if (template.startsWith("http") || template.startsWith("https")) { - // check if template url is from same server - if (template.contains(req.getServerName())) { + // check if template url is from same server + String name = req.getServerName(); + String httpName = "http://" + name; + String httpsName = "https://" + name; + + if (template.startsWith(httpName) || template.startsWith(httpsName)) { new URL(template); Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft"); return true; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 24e5ff3d0..c3d548d54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -18,16 +18,17 @@ */ package at.gv.egovernment.moa.id.util; -import java.io.IOException; -import java.io.OutputStream; - -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; +import java.io.IOException; +import java.io.OutputStream; +import java.net.URLEncoder; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; /** * @author Peter Danner @@ -96,7 +97,7 @@ public class ServletUtils { //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) resp.setContentType("text/xml;charset=UTF-8"); - + OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); @@ -104,5 +105,36 @@ public class ServletUtils { Logger.debug("Finished POST " + servletName); } + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) + throws MOAIDException, + IOException { + resp.setStatus(200); + Logger.debug("ContentType set to: application/x-www-form-urlencoded"); + + resp.setContentType("application/x-www-form-urlencoded"); + + String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" + + "DataURL=" + URLEncoder.encode(dataURL, "UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(content.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + + } } -- cgit v1.2.3 From 9bbe4aa713e2c38dcfba02880c9b2cb63e82a859 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 21 Jun 2011 15:40:44 +0000 Subject: =?UTF-8?q?*=20Update=20MOA-ID=20(Template=20Mechanismus=20f=C3=BC?= =?UTF-8?q?r=20Online-Vollmachten=20inkl.=20MOA-ID=20Config)=20*=20Update?= =?UTF-8?q?=20BK-Auswahl=20Howto=20*=20Update=20Default-Konfigurationen=20?= =?UTF-8?q?*=20L=C3=B6schen=20von=20A1-Signatur=20Texten=20*=20Entfernung?= =?UTF-8?q?=20von=20tempates.war?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1206 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 6 + .../AuthenticationBlockAssertionBuilder.java | 7 +- .../builder/CreateXMLSignatureRequestBuilder.java | 54 +++-- .../auth/builder/GetIdentityLinkFormBuilder.java | 235 ++++++++++++++++----- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 9 + .../moa/id/auth/data/AuthenticationSession.java | 7 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 10 +- .../servlet/VerifyAuthenticationBlockServlet.java | 5 +- .../moa/id/config/ConfigurationBuilder.java | 91 +++++++- .../moa/id/config/OnlineMandatesTemplates.java | 54 +++++ .../moa/id/config/auth/OAAuthParameter.java | 24 ++- .../resources/properties/id_messages_de.properties | 1 + 12 files changed, 424 insertions(+), 79 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a772e0457..af7841321 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -291,6 +291,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * may be null; in this case, the default location will be used * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode) * @param scheme determines the protocol used * @return HTML form * @throws AuthenticationException @@ -391,6 +392,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { ex); } } + + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { @@ -887,6 +890,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes session.setExtendedSAMLAttributesOA(new Vector()); + //System.out.println("SAML set: " + session.getExtendedSAMLAttributesAUTH().size()); + if (verifyInfoboxParameters != null) { infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); @@ -1720,6 +1725,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } AuthenticationData authData = null; synchronized (authenticationDataStore) { + System.out.println("assertionHandle: " + assertionHandle); authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bab387b4a..d105c3206 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -190,9 +190,12 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } ExtendedSAMLAttribute bpkAttribute = new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); - + + System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size()); + extendedSAMLAttributes.add(bpkAttribute); - //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; //..BZ } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index c61e2dd84..4d29c9135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -152,8 +152,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += ""; request += ""; request += ""; - request += "

        Authentication Data:

        "; - request += "

        Personal Data

        "; + request += "

        Anmeldedaten für (Requesting Application Access for):

        "; + request += "

        Persönliche Daten (Personal Data)

        "; request += ""; request += ""; request += ""; @@ -162,21 +162,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; request += "
        Name:
        "; - request += "

        Application Data

        "; + request += "

        Daten zur Anwendung (Application Data)

        "; request += ""; request += ""; - request += ""; + request += ""; request += ""; request += ""; request += ""; - request += ""; - request += ""; + request += ""; + request += ""; request += ""; request += "
        Name:Dienst (Service):"; // friendlyname from OA request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); request += "
        Country:AustriaLand (Country):Österreich (Austria)
        "; - request += "

        Technical Parameters

        "; + request += "

        Technische Parameter (Technical Parameters)

        "; request += ""; request += ""; request += ""; @@ -203,7 +203,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // OA is publicservice request += ""; request += ""; + request += "Sektor (Sector):"; request += ""; @@ -212,27 +212,45 @@ public class CreateXMLSignatureRequestBuilder implements Constants { } request += ""; - request += ""; + request += ""; request += ""; request += ""; request += ""; - request += ""; + request += ""; request += ""; request += ""; request += "
        URL:
        "; - request += "Sector:"; request += target + " (" + sectorName + ")"; request += "
        Date:Datum (Date):"; request += date; request += "
        Time:Zeit (Time):"; request += time; request += "
        "; - request += "

        I hereby request to access this e-government application by using my " + - "domestic electronic identity.
        " + - "I further affirm that I am not yet registered with the Austrian Central " + - "Residents Registry and that I am not obliged to register with the Austrian " + - "Central Residents Registry according to Austrian law.
        " + - "In the event I am not yet registered with the Supplementary Register, I " + - "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + - "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

        "; + request += "

        Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.

        "; + + request += "

        I affirm that I am not registered with the Austrian Central " + + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + + "apply for registration in the Supplementary Register for Natural Persons in order to use " + + "my electronic identity (my electronic ID card) as an Austrian citizen card. I take note " + + "that registration in the Supplementary Register for Natural Persons solely serves keeping " + + "records of those data that are used for validation of unique identity and that those data " + + "is only used for e-government purposes.

        "; + + +// request += "

        I hereby request to access this e-government application by using my " + +// "domestic electronic identity.
        " + +// "I further affirm that I am not yet registered with the Austrian Central " + +// "Residents Registry and that I am not obliged to register with the Austrian " + +// "Central Residents Registry according to Austrian law.
        " + +// "In the event I am not yet registered with the Supplementary Register, I " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

        "; request += ""; request += ""; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 9bab8643f..dcaed084a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -15,11 +15,19 @@ */ package at.gv.egovernment.moa.id.auth.builder; +import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; /** * Builder for HTML form requesting the security layer implementation @@ -43,6 +51,8 @@ public class GetIdentityLinkFormBuilder extends Builder { private static final String CERTINFO_DATAURL_TAG = ""; /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ private static final String PUSHINFOBOX_TAG = ""; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String MANDATE_TAG = ""; /** private static int all contains the representation to replace all tags*/ private static final int ALL = -1; @@ -83,48 +93,101 @@ public class GetIdentityLinkFormBuilder extends Builder { "" + nl + ""; - /** default HTML template */ - private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = + /** default HTML template for mandates */ + private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES_OLD = "" + nl + "" + nl + - "" + nl + + "" + nl + "Vollmachten-Anmeldung" + nl + - "" + nl + - "" + nl + - "" + nl + - "
        " + nl + - " " + nl + - " " + nl + - " " + nl + - " " + nl + - "
        " + nl + - "
        " + nl + - " " + nl + - " " + nl + -// " " + nl + - " " + nl + - "
        " + nl + - "" + nl + + "" + nl + + "" + nl + + "" + nl + + "

        Vollmachten-Anmeldung

        " + nl + + "" + nl + + "" + nl + + ""; + + + /** default HTML template - iFrame */ + private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES_OLD = + "" + + "" + + //"" + + "" + + "Vollmachten-Anmeldung" + + "" + + "" + + "
        " + + " " + + " " + + " " + + " " + + "
        " + + "
        " + + " " + + " " + + " " + + "
        " + + "" + + ""; + + /** default HTML template for Online mandates */ + private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES = + "" + + "" + + "" + + "Vollmachten-Anmeldung" + + "" + + "" + + "
        " + + " " + + " " + + " " + + " " + + "
        " + + "
        " + + " " + + " " + + " " + + "
        " + + "" + ""; /** @@ -167,25 +230,101 @@ public class GetIdentityLinkFormBuilder extends Builder { /** * Builds the HTML form, including XML Request and data URL as parameters. * - * @param htmlTemplate template to be used for the HTML form; - * may be null, in this case a default layout will be produced * @param xmlRequest XML Request to be sent as a parameter in the form * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; * may be null, in this case the default URL will be used * @param dataURL DataURL to be sent as a parameter in the form */ public String buildCreateSignature( - String bkuURL, + String bkuURL, String xmlRequest, - String dataURL) + String dataURL, + String oaUrl) throws BuildException { - String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; - htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); - return htmlForm; + String htmlForm = ""; + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaUrl); + } catch (ConfigurationException e) { + Logger.error("Error on building HTMl form for online mandates: " + e.getMessage()); + throw new BuildException("builder.03", null); + } + + OnlineMandatesTemplates[] templatesOnlineMandates = oaParam.getTemplateOnlineMandates(); + if (templatesOnlineMandates == null) { + // no templates given + htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + } else { + String moaidTemplateUrl = null; + String mandateTemplateUrl = null; + // check for configured bku URL + for (int i = 0; i < templatesOnlineMandates.length; i++) { + if (templatesOnlineMandates[i].getBkuURL().compareToIgnoreCase(bkuURL) == 0) { + moaidTemplateUrl = templatesOnlineMandates[i].getMoaIdTemplateURL(); + mandateTemplateUrl = templatesOnlineMandates[i].getMandatesTemplateURL(); + } + } + if (moaidTemplateUrl == null || mandateTemplateUrl == null) { + Logger.debug("Configured and used BKU URL are not equal. So standard template is used."); + htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + } else { + // use configured templates + String moaidTemplate; + String mandateTemplate; + try { + moaidTemplate = new String(FileUtils.readURL(moaidTemplateUrl)); + } catch (IOException ex) { + throw new BuildException("auth.03", new Object[] { moaidTemplateUrl, ex.toString()},ex); + } + try { + mandateTemplate = new String(FileUtils.readURL(mandateTemplateUrl)); + } catch (IOException ex) { + throw new BuildException("auth.03", new Object[] { mandateTemplateUrl, ex.toString()},ex); + } + + + // Mandatem template with iFrame + htmlForm = mandateTemplate; + + + // HTML form with XML signature request, which is filled into the iFrame + String htmlFormiFrame = moaidTemplate; + htmlFormiFrame = replaceTag(htmlFormiFrame, BKU_TAG, bkuURL, true, ALL); + htmlFormiFrame = replaceTag(htmlFormiFrame, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlFormiFrame = replaceTag(htmlFormiFrame, DATAURL_TAG, dataURL, true, ALL); + htmlFormiFrame = htmlFormiFrame.replaceAll("\"", "\\\""); + htmlFormiFrame = htmlFormiFrame.replaceAll("'", "\\\\'"); + + // add writeln('[data]') for each line in the iframe + BufferedReader reader = new BufferedReader(new StringReader(htmlFormiFrame)); + String str; + String htmlFormiFrameWriteLn = ""; + try { + while ((str = reader.readLine()) != null) { + if (str.length() > 0) + htmlFormiFrameWriteLn += "writeln('" + str + "');"; + } + } catch(IOException e) { + throw new BuildException("builder.03", null); + } + + htmlForm = replaceTag(htmlForm, MANDATE_TAG, htmlFormiFrameWriteLn, true, ALL); + + } + + } + + return htmlForm; + } + /** * Encodes a string for inclusion as a parameter in the form. * Double quotes are substituted by "&quot;". diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index f0e9c7484..c94eb0b25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -64,6 +64,10 @@ public class SAMLArtifactBuilder { byte[] sourceID; // alternative sourceId String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + + System.out.println("alternativeSourceID: " + alternativeSourceID); + System.out.println("authURL: " + authURL); + if (!ParepUtils.isEmpty(alternativeSourceID)) { // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; sourceID = md.digest(alternativeSourceID.getBytes()); @@ -71,6 +75,9 @@ public class SAMLArtifactBuilder { } else { sourceID = md.digest(authURL.getBytes()); } + + System.out.println("sourceID: " + new String(sourceID)); + byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); out.write(0); @@ -78,7 +85,9 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); + System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; } catch (Throwable ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 554b5012e..3d040d476 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -64,6 +64,7 @@ public class AuthenticationSession { * HTML template URL */ private String templateURL; + /** * URL of the BKU */ @@ -363,14 +364,16 @@ public class AuthenticationSession { public String getTemplateURL() { return templateURL; } - + + /** * @param string the template URL */ public void setTemplateURL(String string) { templateURL = string; } - + + /** * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 4c0abdb0f..0270eb3cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -16,6 +16,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; /** * Servlet requested for getting the foreign eID @@ -143,8 +145,8 @@ public class GetMISSessionIDServlet extends AuthServlet { session.getSessionID()); Logger.debug(createXMLSignatureRequestOrRedirect); - - String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl); + + String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); @@ -164,8 +166,8 @@ public class GetMISSessionIDServlet extends AuthServlet { } } - private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException { - return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL); + private static String getHTMLForm(String request, String bkuURI, String dataURL, String oaUrl) throws BuildException { + return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL, oaUrl); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f1fb15be0..44a1f3098 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -102,6 +102,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try @@ -142,8 +143,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } resp.setContentType("text/html"); resp.setStatus(302); - resp.addHeader("Location", redirectURL); + + resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); + } catch (MOAIDException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index b5275cdd5..5a598b03d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -94,6 +94,13 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + + + //protected static final String AUTH_MANDATE_TEMPLATE_XPATH = +// ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "MandateTemplate/@URL"; /** an XPATH-Expression */ protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; @@ -145,6 +152,11 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH = + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU"; + //protected static final String OA_AUTH_COMPONENT_MANDATE_TEMPLATE_XPATH = + //CONF + "Templates/" + CONF + "MandateTemplate/@URL"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ @@ -465,10 +477,12 @@ public class ConfigurationBuilder { String bkuSelectionTemplateURL = XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = - XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); String inputProcessorSignTemplateURL = XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); + OnlineMandatesTemplates[] templatesOnlineMandates = buildTemplateOnlineMandates(configElem_); + List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -536,7 +550,9 @@ public class ConfigurationBuilder { oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); - oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setTemplateOnlineMandates(buildTemplateOnlineMandatesOA(authComponent, templatesOnlineMandates)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); @@ -590,6 +606,77 @@ public class ConfigurationBuilder { } return templateURL; } + + + + protected OnlineMandatesTemplates[] buildTemplateOnlineMandates(Node contextNode) { + String xpathExpr = AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH; + List onlineMandatesTemplatesList = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Element bkuElem; + while ((bkuElem = (Element) bkuIter.nextNode()) != null) { + String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); + String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); + String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); + + OnlineMandatesTemplates template = new OnlineMandatesTemplates(); + template.setBkuURL(bkuUrl); + if (moaidTemplateUrl != null) { + moaidTemplateUrl = FileUtils.makeAbsoluteURL(moaidTemplateUrl, rootConfigFileDir_); + } + if (moaidTemplateUrl != null) { + mandateTemplateUrl = FileUtils.makeAbsoluteURL(mandateTemplateUrl, rootConfigFileDir_); + } + template.setMoaIdTemplateURL(moaidTemplateUrl); + template.setMandatesTemplateURL(mandateTemplateUrl); + + onlineMandatesTemplatesList.add(template); + + } + + if (onlineMandatesTemplatesList.isEmpty()) + return null; + + OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; + onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); + + return onlinemandatesTemplates; + + } + + protected OnlineMandatesTemplates[] buildTemplateOnlineMandatesOA(Node contextNode, OnlineMandatesTemplates[] defaultTemplatesOnlineMandates) { + + String xpathExpr = OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH; + List onlineMandatesTemplatesList = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Element bkuElem; + while ((bkuElem = (Element) bkuIter.nextNode()) != null) { + String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); + String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); + String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); + + OnlineMandatesTemplates template = new OnlineMandatesTemplates(); + template.setBkuURL(bkuUrl); + template.setMoaIdTemplateURL(moaidTemplateUrl); + template.setMandatesTemplateURL(mandateTemplateUrl); + + onlineMandatesTemplatesList.add(template); + + } + + if (onlineMandatesTemplatesList.isEmpty()) + return defaultTemplatesOnlineMandates; + + OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; + onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); + + return onlinemandatesTemplates; + + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java new file mode 100644 index 000000000..9ff2467a0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java @@ -0,0 +1,54 @@ +package at.gv.egovernment.moa.id.config; + +public class OnlineMandatesTemplates { + + private String bkuURL; + + private String moaIdTemplateURL; + + private String mandatesTemplateURL; + + /** + * @return the bkuURL + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * @param bkuURL the bkuURL to set + */ + public void setBkuURL(String bkuURL) { + this.bkuURL = bkuURL; + } + + /** + * @return the moaIdTemplateURL + */ + public String getMoaIdTemplateURL() { + return moaIdTemplateURL; + } + + /** + * @param moaIdTemplateURL the moaIdTemplateURL to set + */ + public void setMoaIdTemplateURL(String moaIdTemplateURL) { + this.moaIdTemplateURL = moaIdTemplateURL; + } + + /** + * @return the mandatesTemplateURL + */ + public String getMandatesTemplateURL() { + return mandatesTemplateURL; + } + + /** + * @param mandatesTemplateURL the mandatesTemplateURL to set + */ + public void setMandatesTemplateURL(String mandatesTemplateURL) { + this.mandatesTemplateURL = mandatesTemplateURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index aa5aa21a3..fbaf32c1c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -16,6 +16,7 @@ package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; /** * Configuration parameters belonging to an online application, @@ -79,6 +80,8 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + + private OnlineMandatesTemplates[] templateOnlineMandates; /** * template for web page "Signatur der Anmeldedaten" */ @@ -167,7 +170,8 @@ public class OAAuthParameter extends OAParameter { return provideCertificate; } - /** + +/** * Returns the key box identifier. * @return String */ @@ -193,6 +197,7 @@ public class OAAuthParameter extends OAParameter { return templateURL; } + /** * Returns the inputProcessorSignTemplateURL url. * @return The inputProcessorSignTemplateURL url or null if no url for @@ -239,6 +244,21 @@ public class OAAuthParameter extends OAParameter { this.transformsInfos = transformsInfos; } /** + * @return the templateOnlineMandates + */ +public OnlineMandatesTemplates[] getTemplateOnlineMandates() { + return templateOnlineMandates; +} + +/** + * @param templateOnlineMandates the templateOnlineMandates to set + */ +public void setTemplateOnlineMandates( + OnlineMandatesTemplates[] templateOnlineMandates) { + this.templateOnlineMandates = templateOnlineMandates; +} + +/** * Sets the provideAuthBlock. * @param provideAuthBlock The provideAuthBlock to set */ @@ -295,7 +315,7 @@ public class OAAuthParameter extends OAParameter { public void setTemplateURL(String templateURL) { this.templateURL = templateURL; } - + /** * Sets the input processor sign form template url. * diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index f206f6bbb..b8ee6ac68 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -70,6 +70,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth builder.00=Fehler beim Aufbau der Struktur "{0}": {1} builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt builder.02=Fehler beim Ausblenden von Stammzahlen +builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint -- cgit v1.2.3 From 573f2a66407e2814e9c89e76af20da626501a8d2 Mon Sep 17 00:00:00 2001 From: tkellner Date: Tue, 21 Jun 2011 16:18:42 +0000 Subject: Copyright notice changed/added git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1207 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/AuthenticationException.java | 37 ++-- .../at/gv/egovernment/moa/id/BuildException.java | 37 ++-- .../moa/id/ECDSAConverterException.java | 37 ++-- .../at/gv/egovernment/moa/id/MOAIDException.java | 37 ++-- .../at/gv/egovernment/moa/id/ParseException.java | 37 ++-- .../at/gv/egovernment/moa/id/ServiceException.java | 37 ++-- .../moa/id/auth/AuthenticationServer.java | 37 ++-- .../moa/id/auth/AuthenticationSessionCleaner.java | 37 ++-- .../moa/id/auth/MOAIDAuthConstants.java | 37 ++-- .../moa/id/auth/MOAIDAuthInitializer.java | 37 ++-- .../moa/id/auth/WrongParametersException.java | 37 ++-- .../builder/AuthenticationAssertionBuilder.java | 37 ++-- .../AuthenticationBlockAssertionBuilder.java | 37 ++-- .../AuthenticationDataAssertionBuilder.java | 37 ++-- .../moa/id/auth/builder/BPKBuilder.java | 37 ++-- .../egovernment/moa/id/auth/builder/Builder.java | 37 ++-- .../CertInfoVerifyXMLSignatureRequestBuilder.java | 37 ++-- .../builder/CreateXMLSignatureRequestBuilder.java | 37 ++-- .../CreateXMLSignatureRequestBuilderForeign.java | 24 +++ .../moa/id/auth/builder/DataURLBuilder.java | 37 ++-- .../auth/builder/GetIdentityLinkFormBuilder.java | 37 ++-- .../builder/GetVerifyAuthBlockFormBuilder.java | 37 ++-- .../id/auth/builder/InfoboxReadRequestBuilder.java | 37 ++-- .../InfoboxReadRequestBuilderCertificate.java | 196 +++++++++++---------- .../builder/InfoboxValidatorParamsBuilder.java | 37 ++-- .../moa/id/auth/builder/PersonDataBuilder.java | 37 ++-- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 37 ++-- .../moa/id/auth/builder/SAMLResponseBuilder.java | 37 ++-- .../moa/id/auth/builder/SelectBKUFormBuilder.java | 37 ++-- .../builder/VerifyXMLSignatureRequestBuilder.java | 37 ++-- .../moa/id/auth/data/AuthenticationSession.java | 37 ++-- .../id/auth/data/CreateXMLSignatureResponse.java | 24 +++ .../moa/id/auth/data/ExtendedSAMLAttribute.java | 37 ++-- .../id/auth/data/ExtendedSAMLAttributeImpl.java | 37 ++-- .../egovernment/moa/id/auth/data/IdentityLink.java | 37 ++-- .../egovernment/moa/id/auth/data/InfoboxToken.java | 37 ++-- .../moa/id/auth/data/InfoboxTokenImpl.java | 37 ++-- .../moa/id/auth/data/InfoboxValidationResult.java | 37 ++-- .../id/auth/data/InfoboxValidationResultImpl.java | 37 ++-- .../moa/id/auth/data/InfoboxValidatorParams.java | 37 ++-- .../id/auth/data/InfoboxValidatorParamsImpl.java | 37 ++-- .../moa/id/auth/data/SAMLAttribute.java | 37 ++-- .../at/gv/egovernment/moa/id/auth/data/Schema.java | 37 ++-- .../egovernment/moa/id/auth/data/SchemaImpl.java | 37 ++-- .../id/auth/data/VerifyXMLSignatureResponse.java | 37 ++-- .../auth/invoke/SignatureVerificationInvoker.java | 37 ++-- .../parser/CreateXMLSignatureResponseParser.java | 37 ++-- .../moa/id/auth/parser/ErrorResponseParser.java | 37 ++-- .../parser/ExtendedInfoboxReadResponseParser.java | 37 ++-- .../auth/parser/IdentityLinkAssertionParser.java | 37 ++-- .../id/auth/parser/InfoboxReadResponseParser.java | 37 ++-- .../moa/id/auth/parser/SAMLArtifactParser.java | 37 ++-- .../parser/VerifyXMLSignatureResponseParser.java | 37 ++-- .../moa/id/auth/servlet/AuthServlet.java | 37 ++-- .../moa/id/auth/servlet/ConfigurationServlet.java | 37 ++-- .../auth/servlet/GetAuthenticationDataService.java | 37 ++-- .../moa/id/auth/servlet/GetForeignIDServlet.java | 24 +++ .../id/auth/servlet/GetMISSessionIDServlet.java | 24 +++ .../auth/servlet/ProcessValidatorInputServlet.java | 37 ++-- .../moa/id/auth/servlet/SelectBKUServlet.java | 37 ++-- .../auth/servlet/StartAuthenticationServlet.java | 37 ++-- .../servlet/VerifyAuthenticationBlockServlet.java | 37 ++-- .../id/auth/servlet/VerifyCertificateServlet.java | 24 +++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 37 ++-- .../CreateXMLSignatureResponseValidator.java | 37 ++-- .../id/auth/validator/IdentityLinkValidator.java | 37 ++-- .../moa/id/auth/validator/InfoboxValidator.java | 37 ++-- .../moa/id/auth/validator/ValidateException.java | 37 ++-- .../VerifyXMLSignatureResponseValidator.java | 37 ++-- .../auth/validator/parep/ParepInputProcessor.java | 37 ++-- .../validator/parep/ParepInputProcessorImpl.java | 37 ++-- .../moa/id/auth/validator/parep/ParepUtils.java | 37 ++-- .../id/auth/validator/parep/ParepValidator.java | 37 ++-- .../auth/validator/parep/PartyRepresentative.java | 37 ++-- .../client/szrgw/CreateIdentityLinkResponse.java | 24 +++ .../parep/client/szrgw/CreateMandateRequest.java | 37 ++-- .../parep/client/szrgw/CreateMandateResponse.java | 24 +++ .../parep/client/szrgw/SOAPConstants.java | 24 +++ .../validator/parep/client/szrgw/SZRGWClient.java | 37 ++-- .../parep/client/szrgw/SZRGWClientException.java | 37 ++-- .../parep/client/szrgw/SZRGWConstants.java | 37 ++-- .../client/szrgw/SZRGWSecureSocketFactory.java | 37 ++-- .../validator/parep/config/ParepConfiguration.java | 37 ++-- .../moa/id/config/ConfigurationBuilder.java | 37 ++-- .../moa/id/config/ConfigurationException.java | 37 ++-- .../moa/id/config/ConfigurationProvider.java | 37 ++-- .../moa/id/config/ConnectionParameter.java | 37 ++-- .../gv/egovernment/moa/id/config/OAParameter.java | 37 ++-- .../moa/id/config/OnlineMandatesTemplates.java | 24 +++ .../moa/id/config/TargetToSectorNameMapper.java | 24 +++ .../moa/id/config/TargetsAndSectorNames.java | 24 +++ .../id/config/auth/AuthConfigurationProvider.java | 37 ++-- .../moa/id/config/auth/OAAuthParameter.java | 37 ++-- .../moa/id/config/auth/VerifyInfoboxParameter.java | 37 ++-- .../id/config/auth/VerifyInfoboxParameters.java | 37 ++-- .../moa/id/config/proxy/OAConfiguration.java | 37 ++-- .../moa/id/config/proxy/OAProxyParameter.java | 37 ++-- .../id/config/proxy/ProxyConfigurationBuilder.java | 37 ++-- .../config/proxy/ProxyConfigurationProvider.java | 37 ++-- .../moa/id/data/AuthenticationData.java | 37 ++-- .../java/at/gv/egovernment/moa/id/data/Cookie.java | 37 ++-- .../gv/egovernment/moa/id/data/CookieManager.java | 37 ++-- .../egovernment/moa/id/data/IssuerAndSerial.java | 37 ++-- .../at/gv/egovernment/moa/id/data/SAMLStatus.java | 37 ++-- .../id/iaik/config/CertStoreConfigurationImpl.java | 37 ++-- .../moa/id/iaik/config/LoggerConfigImpl.java | 37 ++-- .../moa/id/iaik/config/PKIConfigurationImpl.java | 37 ++-- .../iaik/config/RevocationConfigurationImpl.java | 37 ++-- .../iaik/config/ValidationConfigurationImpl.java | 37 ++-- .../moa/id/iaik/pki/PKIProfileImpl.java | 37 ++-- .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java | 37 ++-- .../iaik/servertools/observer/ObservableImpl.java | 37 ++-- .../moa/id/proxy/ConnectionBuilder.java | 37 ++-- .../moa/id/proxy/ConnectionBuilderFactory.java | 37 ++-- .../moa/id/proxy/DefaultConnectionBuilder.java | 37 ++-- .../id/proxy/DefaultLoginParameterResolver.java | 37 ++-- .../moa/id/proxy/ElakConnectionBuilder.java | 37 ++-- .../moa/id/proxy/EnhancedConnectionBuilder.java | 37 ++-- .../moa/id/proxy/LoginParameterResolver.java | 37 ++-- .../id/proxy/LoginParameterResolverException.java | 37 ++-- .../id/proxy/LoginParameterResolverFactory.java | 37 ++-- .../moa/id/proxy/MOAIDProxyInitializer.java | 37 ++-- .../moa/id/proxy/NotAllowedException.java | 37 ++-- .../XMLLoginParameterResolverEncryptedData.java | 37 ++-- .../proxy/XMLLoginParameterResolverPlainData.java | 37 ++-- .../moa/id/proxy/builder/SAMLRequestBuilder.java | 37 ++-- .../proxy/invoke/GetAuthenticationDataInvoker.java | 37 ++-- .../parser/AuthenticationDataAssertionParser.java | 37 ++-- .../moa/id/proxy/parser/SAMLResponseParser.java | 37 ++-- .../moa/id/proxy/servlet/ConfigurationServlet.java | 37 ++-- .../moa/id/proxy/servlet/ProxyException.java | 37 ++-- .../moa/id/proxy/servlet/ProxyServlet.java | 37 ++-- .../moa/id/util/AxisSecureSocketFactory.java | 37 ++-- .../gv/egovernment/moa/id/util/ECDSAConstants.java | 37 ++-- .../moa/id/util/ECDSAKeyValueConverter.java | 37 ++-- .../moa/id/util/HTTPRequestJSPForwarder.java | 37 ++-- .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 37 ++-- .../moa/id/util/InOrderServletRequestWrapper.java | 37 ++-- .../moa/id/util/MOAIDMessageProvider.java | 37 ++-- .../moa/id/util/ParamValidatorUtils.java | 24 +++ .../moa/id/util/ParameterInOrderFilter.java | 37 ++-- .../java/at/gv/egovernment/moa/id/util/Random.java | 37 ++-- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 37 ++-- .../gv/egovernment/moa/id/util/ServletUtils.java | 37 ++-- .../moa/id/util/client/mis/simple/MISMandate.java | 24 +++ .../id/util/client/mis/simple/MISSessionId.java | 24 +++ .../id/util/client/mis/simple/MISSimpleClient.java | 24 +++ .../mis/simple/MISSimpleClientException.java | 24 +++ 148 files changed, 3499 insertions(+), 1928 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java index 86ecc96d4..a8d30a22f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java index fc14afec5..298b9b9cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java index 6b78fb214..13f5f9863 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java index 40a52c8d2..f86e37972 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; import java.io.PrintStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java index 29d0bbfa5..999b64c10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java index 57e0a7807..de56d63a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index af7841321..0bbfe25b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 8c06f7961..82c1da74a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 35dddb476..260b3fd01 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 6ececb8f0..924e9d643 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 720bb9bb0..8f1d7cbf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index b99ee2472..8af4e3af5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index d105c3206..98bc0197f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 2e1c608a6..7af327180 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index c2c43b7bd..b6ba5871d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java index 2cd1370c1..5757c398e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index f4481453b..7528bc2e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 4d29c9135..9c696f245 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java index 9227d5303..6368713db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4048f3c0a..4dd6ac78b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index dcaed084a..f579790f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.BufferedReader; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java index a94c705a6..3e67858a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index 030c68d48..b2acf9f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java index 60feb7d2f..e13101dbb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java @@ -1,94 +1,102 @@ -/* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <InfoboxReadRequest> structure - * used for requesting the identity link from the security layer implementation. - * - * @author Paul Ivancsics - * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $ - */ -public class InfoboxReadRequestBuilderCertificate implements Constants { - - - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilderCertificate() { - } - - - /** - * Builds an <InfoboxReadRequest>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe null if the OA - * is a public service; must not be null - * if the OA is a business service - * - * @return <InfoboxReadRequest> as String - */ - public String build(boolean slVersion12) { - - String slPrefix; - String slNsDeclaration; - - if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; - } else { - slPrefix = SL10_PREFIX; - slNsDeclaration = SL10_NS_URI; - } - - StringBuffer sb = new StringBuffer(""); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>Certificates"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":AssocArrayParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>"); - sb.append(""); - sb.append(""); - - return sb.toString(); - - } - -} +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $ + */ +public class InfoboxReadRequestBuilderCertificate implements Constants { + + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilderCertificate() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * + * @return <InfoboxReadRequest> as String + */ + public String build(boolean slVersion12) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>Certificates"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":AssocArrayParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>"); + sb.append(""); + sb.append(""); + + return sb.toString(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 18744e5f1..fa1de87de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index ee578fe43..05a7cdbea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index c94eb0b25..556b0cb6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 2978b54a1..9d7ae1f46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java index a291d24df..bfc86d608 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index a6b61e747..5e6d47bdf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.builder; import javax.xml.parsers.DocumentBuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3d040d476..d67d5cd83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java index fc3831161..b204b629a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java index aa3c937b0..23d526d2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 2646377e3..276e6414c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0c8dbc455..0d11dc4f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java index 88fb201ba..a0f032bad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java index 0f9e85eeb..b7e0a8e6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java index 4591d8bf8..e79e41515 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java index d2e7a2847..12643939e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index a52e57b13..a4c73cb88 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index e2acab73c..d612313f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java index d0c2de8f8..9b809ac18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java index 9caed16b8..f329be79b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java index 9cd2de975..5c1d448a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 881dbdf94..ce418de01 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 7042c7721..f6c5a14d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.invoke; import java.util.Vector; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index d5b6f9aa9..6004f251f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index b2082786c..9bc22ac98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index 574dd811e..6dff65616 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index f9c268715..da787fe3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index b53a1a2dc..f0dc8293f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import iaik.x509.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java index c4a02676c..204f916e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 5e085b751..001cda196 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.parser; import iaik.utils.Base64InputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 109d17d11..bde0be4a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index a9082dd8e..cb3857ee0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index 0e3aae185..da5ad6ab9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.util.Calendar; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 9a6670617..99cf8af5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 0270eb3cb..ad0592694 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b50a1edde..b5c57d5cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 6e285a2c0..dc1cee3b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 2e7d59fde..0eed89655 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 44a1f3098..5b9995709 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 0014d2647..c9f9491bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 740c85942..5a9fc2fe9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 072b6c48f..f6127eb12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index baaa21db2..a4b98c4c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index e6b05d852..7d951d65f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java index abb430450..65f59a53b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index affa95c2b..cc283b8ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator; import iaik.asn1.structures.Name; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java index 5fb30d1ed..542b03f37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 6d46a9a1a..576d9c358 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 51551834e..1ba38c908 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 9d5c0f7cf..178c15a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java index 641bfaad4..fc845f579 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java index aa6ed32d2..b96beeedf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index b856ee988..53f786eb3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index dcc3161e7..40867536c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index 026632589..2efde3188 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 9cb7c7ab4..4a23df3fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java index a70ccef90..25a31c65e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 4e6f6fa1b..ab559aff9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index bd0595524..306384b53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index de3496374..1932183f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.auth.validator.parep.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 5a598b03d..f11938e91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; import iaik.pki.pathvalidation.ChainingModes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java index e5e6c1f55..cee9397d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 3c1612ef6..fb1dc0293 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index 9193a591e..b1b90f40b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index f5aa9225a..0c747b29f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java index 9ff2467a0..99cf75270 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config; public class OnlineMandatesTemplates { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java index af28be56a..e515152dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index c30e7b2b6..6ca4ef3d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index ceb047280..ec1a478f7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index fbaf32c1c..a48923b07 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java index 114b5b0fd..41d4d4fae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java index fae42f100..821fb2225 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.auth; import java.util.Hashtable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java index b7ed82977..2609737bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index 2f8691f70..ed0de8ebe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.proxy; import at.gv.egovernment.moa.id.config.ConnectionParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index f67349a18..bf8cbcdce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.proxy; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index fbd6474bb..86ae93a4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.config.proxy; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index ad1944211..44eb98dad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.data; import java.util.Date; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java index 81eb59652..3745f2c95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.data; import java.util.HashMap; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java index 9c67b4ca0..cb87f8ff0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.data; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java index fa718341c..625e01e57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.data; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java index 43c0c4405..88843af67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index 56c567890..e1a8673b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java index 311a18feb..fa9323089 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.config; import iaik.logging.LogConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java index 327503355..64bb081b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.config; import at.gv.egovernment.moa.id.config.ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java index cedaf2ccc..25f02c260 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.revocation.RevocationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java index 9bb1f8ed7..a03508adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.pathvalidation.ValidationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java index 16101571e..4a27a8d66 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.pki; import java.security.cert.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java index 15634ef84..9b4853439 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.pki.jsse; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java index 2165816f6..794a1f12f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.iaik.servertools.observer; import iaik.pki.store.observer.NotificationData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java index 8a8a55442..846cdea63 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java index 5ea2c1f86..720031bf3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 8a7b2a8bd..c1e64dd53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index badee38ac..89999ce76 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index f3527055d..dd5d43e06 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 7e27082a0..023b2c272 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index 2b087ff1f..980a132da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java index 7f42a64fb..b97415c94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index ff7451143..bb6b0a476 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index f34da55b5..61f38412e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java index aff4e3a78..248672bf5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index b16bd417f..1fc257ea8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import iaik.security.provider.IAIK; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 2183278c3..6f698770c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 28bf04e6f..5ce952662 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index 3b6ea273f..fa455b4ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.invoke; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index b051fe182..f5083cf2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java index 9c50990cd..18571f19d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index 38db17f10..c4b44f04e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java index 993f4b935..45c9c09f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.servlet; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 6802005f1..d4edc4298 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java index 201f6df19..70c397c42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import java.io.BufferedWriter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java index 565442335..9b08ed4b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /* * Created on 20.01.2005 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index d1beaab98..e1ef1af08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import iaik.security.ecc.ecdsa.ECDSAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java index 076df34ef..ac34d31dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /* * Created on 17.02.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 0e9208362..7b29051f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index 958ae646e..c152d815b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /* * Created on 01.10.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java index 0503e6bc9..a4d0c2ab6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import java.util.Locale; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index a1e039661..e4c1d4742 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java index 1e31397ac..a9d95d65e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 450c002f9..d006dcdfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import java.nio.ByteBuffer; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index c40c07b38..a0add1054 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util; import iaik.pki.PKIConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index c3d548d54..2ff9e5210 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -1,18 +1,27 @@ /* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 59ca0d5ca..6ca059911 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util.client.mis.simple; public class MISMandate { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java index d8bec4900..7268d0d83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util.client.mis.simple; public class MISSessionId { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 25c341584..3b8caca4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.BufferedReader; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java index 6f2627e1d..81251139a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java @@ -1,3 +1,27 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egovernment.moa.id.util.client.mis.simple; public class MISSimpleClientException extends Exception { -- cgit v1.2.3 From 168a6bd6dd7268d6afe001312ef3705e6b87b02d Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 22 Jun 2011 17:02:14 +0000 Subject: =?UTF-8?q?*=20Update=20SAML=20Assertion=20f=C3=BCr=20Vollmachten?= =?UTF-8?q?=20*=20Update=20BK-Auswahl=20Template=20(neue=20Grafiken)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1209 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 149 ++++++++++----------- .../AuthenticationBlockAssertionBuilder.java | 52 ++++++- .../AuthenticationDataAssertionBuilder.java | 4 + .../moa/id/auth/data/AuthenticationSession.java | 23 +++- .../id/auth/servlet/GetMISSessionIDServlet.java | 80 ++++++----- 5 files changed, 191 insertions(+), 117 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0bbfe25b2..e0ebcbab3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -548,7 +548,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, false); } @@ -610,7 +610,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, true); } /** @@ -623,7 +623,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * @throws ValidateException */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, boolean fromMandate) throws ConfigurationException, BuildException, @@ -635,21 +635,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - //BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } - //..BZ + + if (!fromMandate) { + //BZ.., calculate bPK for signing to be already present in AuthBlock + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + identityLink.setIdentificationValue(bpkBase64); + } + //..BZ + } // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); + String authBlock = buildAuthenticationBlock(session, fromMandate); + // session.setAuthBlock(authBlock); // builds the String[] transformsInfos = oaParam.getTransformsInfos(); @@ -832,7 +835,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + private String buildAuthenticationBlock(AuthenticationSession session, boolean fromMandate) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); @@ -857,7 +860,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaURL, gebDat, extendedSAMLAttributes, - session); + session, + fromMandate); return authBlock; } @@ -1204,7 +1208,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dob = ParepUtils.extractMandatorDateOfBirth(mandator); if (dob != null && !"".equals(dob)) { extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } // Mandate @@ -1398,77 +1401,73 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + // Exchange person data information by a mandate if needed + boolean mandateMode = session.getUseMandate(); + List oaAttributes = session.getExtendedSAMLAttributesOA(); IdentityLink replacementIdentityLink = null; - if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { - // look if we have a mandate - boolean foundMandate = false; - Iterator it = oaAttributes.iterator(); - while (!foundMandate && it.hasNext()) { - ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); - if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { - Object value = samlAttribute.getValue(); - if (value instanceof Element) { - Element mandate = (Element) value; - replacementIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); - ParepUtils.HideStammZahlen(prPerson, true, null, null, true); - } - } - replacementIdentityLink.setDateOfBirth(dateOfBirth); - replacementIdentityLink.setFamilyName(familyName); - replacementIdentityLink.setGivenName(givenName); - replacementIdentityLink.setIdentificationType(identificationType); - replacementIdentityLink.setIdentificationValue(identificationValue); - replacementIdentityLink.setPrPerson(prPerson); - try { - replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - } else { - Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); - throw new ValidateException("validator.64", null); - } - } - } - } +// if (mandateMode) { +// Iterator it = oaAttributes.iterator(); +// //ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); +// Element mandate = session.getMandateElem(); +// replacementIdentityLink = new IdentityLink(); +// Element mandator = ParepUtils.extractMandator(mandate); +// String dateOfBirth = ""; +// Element prPerson = null; +// String familyName = ""; +// String givenName = ""; +// String identificationType = ""; +// String identificationValue = ""; +// if (mandator != null) { +// boolean physical = ParepUtils.isPhysicalPerson(mandator); +// if (physical) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// familyName = ParepUtils.extractMandatorFullName(mandator); +// } +// identificationType = ParepUtils.getIdentification(mandator, "Type"); +// identificationValue = ParepUtils.extractMandatorWbpk(mandator); +// prPerson = ParepUtils.extractPrPersonOfMandate(mandate); +// if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { +// // now we calculate the wbPK and do so if we got it from the BKU +// identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); +// identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); +// ParepUtils.HideStammZahlen(prPerson, true, null, null, true); +// } +// +// +// replacementIdentityLink.setDateOfBirth(dateOfBirth); +// replacementIdentityLink.setFamilyName(familyName); +// replacementIdentityLink.setGivenName(givenName); +// replacementIdentityLink.setIdentificationType(identificationType); +// replacementIdentityLink.setIdentificationValue(identificationValue); +// replacementIdentityLink.setPrPerson(prPerson); +// try { +// replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); +// } catch (Exception e) { +// throw new ValidateException("validator.64", null); +// } +// +// } +// +// } // builds authentication data and stores it together with a SAML artifact AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 98bc0197f..d48054e4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -24,10 +24,21 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.io.StringWriter; import java.text.MessageFormat; import java.util.List; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + import org.w3c.dom.Element; +import org.w3c.dom.Node; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -143,7 +154,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session) + AuthenticationSession session, + boolean fromMandate) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); @@ -197,12 +209,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - ExtendedSAMLAttribute bpkAttribute = - new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); - System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size()); +// String s = xmlToString(bpkSamlValueElement); +// System.out.println("bpkSamlValueElement: " + s); + + + if (!fromMandate) { + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + //System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size()); + + extendedSAMLAttributes.add(bpkAttribute); + } + - extendedSAMLAttributes.add(bpkAttribute); //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; @@ -332,6 +353,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } + ExtendedSAMLAttribute bpkAttribute = new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); @@ -370,5 +392,23 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion return assertion; } - + + + public static String xmlToString(Node node) { + try { + Source source = new DOMSource(node); + StringWriter stringWriter = new StringWriter(); + Result result = new StreamResult(stringWriter); + TransformerFactory factory = TransformerFactory.newInstance(); + Transformer transformer = factory.newTransformer(); + transformer.transform(source, result); + return stringWriter.getBuffer().toString(); + } catch (TransformerConfigurationException e) { + e.printStackTrace(); + } catch (TransformerException e) { + e.printStackTrace(); + } + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7af327180..640c60e49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -155,8 +155,12 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getBPK(); } +// System.out.println("pkType; " + pkType); +// System.out.println("pkValue; " + pkValue); + String assertion; try { + assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), authData.getIssuer(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index d67d5cd83..bae95c2a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -32,6 +32,8 @@ import java.util.Iterator; import java.util.List; import java.util.Vector; +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; @@ -84,7 +86,26 @@ public class AuthenticationSession { */ private boolean useMandate; - /** + /** + * Selected mandate + */ + private Element mandateElem; + + /** + * @return the mandateElem + */ + public Element getMandateElem() { + return mandateElem; + } + + /** + * @param mandateElem the mandateElem to set + */ + public void setMandateElem(Element mandateElem) { + this.mandateElem = mandateElem; + } + + /** * SessionID for MIS */ private String misSessionID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index ad0592694..5c193aca1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -24,40 +24,40 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; - -import java.io.IOException; -import java.io.PrintWriter; -import java.security.GeneralSecurityException; -import java.util.List; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; +import iaik.pki.PKIException; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Document; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID @@ -161,7 +161,13 @@ public class GetMISSessionIDServlet extends AuthServlet { // verify mandate signature String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); - + + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Document mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null); + session.setMandateElem(mandateDoc.getDocumentElement()); + //System.out.println("stringMandate: " + stringMandate); + String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -187,6 +193,10 @@ public class GetMISSessionIDServlet extends AuthServlet { handleError(null, e, req, resp); } catch (MISSimpleClientException e) { handleError(null, e, req, resp); + } catch (SAXException e) { + handleError(null, e, req, resp); + } catch (ParserConfigurationException e) { + handleError(null, e, req, resp); } } -- cgit v1.2.3 From 304fa9d89f139bf53abac057de9ca6586f357072 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 12 Aug 2011 08:31:57 +0000 Subject: Update ProxyServlet.java (ELAK) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1212 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/proxy/servlet/ProxyServlet.java | 34 ++++++++++++++++------ 1 file changed, 25 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index d4edc4298..d7e8ae686 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -648,15 +648,31 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE); while ((headerKey = conn.getHeaderFieldKey(i)) != null) { String headerValue = conn.getHeaderField(i); - // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) - if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { - headerValue = "Basic realm=\"" + publicURLPrefix + "\""; - if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { - headerValue = "Basic realm=\"Bitte Passwort eingeben\""; - } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) { - headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; - } - } + + if (headerKey.equalsIgnoreCase("WWW-Authenticate")) { + int start = headerValue.indexOf("Basic realm=\""); + boolean requestsBasicAuth = headerValue.substring(start).startsWith("Basic realm=\""); + if (requestsBasicAuth) { + headerValue = "Basic realm=\"" + publicURLPrefix + "\""; + + if ( OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) + headerValue = "Basic realm=\"Bitte Passwort eingeben\""; + else if ("none".equals(originBinding)) { + headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; + } + } + } + +// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) +// if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { +// headerValue = "Basic realm=\"" + publicURLPrefix + "\""; +// if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { +// headerValue = "Basic realm=\"Bitte Passwort eingeben\""; +// } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) { +// headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; +// } +// } + String respHeader[] = new String[2]; if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { //alter the unauthorized message with template for login -- cgit v1.2.3 From 09cc9a356b945822ba5d8e939c30ca104967d278 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 12 Aug 2011 09:40:12 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1213 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java | 3 ++- .../egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java | 2 +- .../gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index f0dc8293f..48ca083c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -47,7 +47,8 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; -import com.sun.org.apache.xpath.internal.XPathAPI; +//import com.sun.org.apache.xpath.internal.XPathAPI; +import org.apache.xpath.XPathAPI; /** * Parses an <InfoboxReadResponse>. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..1dfc266a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -175,7 +175,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthenticationServer.processInput(session, parameters); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null, false); if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { // Now sign the AUTH Block String dataURL = new DataURLBuilder().buildDataURL( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 5a9fc2fe9..bea81abf3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -174,13 +174,13 @@ public class VerifyIdentityLinkServlet extends AuthServlet { else { boolean useMandate = session.getUseMandate(); if (useMandate) { // Mandate modus - // read certificate and set dataurl to VerifyCertificateForMandatesServlet + // read certificate and set dataurl to VerifyCertificateServlet Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - // build dataurl (to the GetForeignIDSerlvet) + // build dataurl String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), -- cgit v1.2.3 From 9b0b76abd6bdd88383e465117086d65268c25562 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 31 Aug 2011 14:45:52 +0000 Subject: Update Axis-Lib von 1.0 auf 1.1 aufgrund XXE (Xml eXternal Entity) Injection git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1214 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e0ebcbab3..ba3020958 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -461,6 +461,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); + System.out.println("PB: " + xmlInfoboxReadResponse); + if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); -- cgit v1.2.3 From ddd1125b3d9570dec334bd2965ec5a9387585906 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 5 Oct 2011 08:35:56 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1216 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../auth/builder/GetIdentityLinkFormBuilder.java | 194 +-------------------- .../id/auth/servlet/GetMISSessionIDServlet.java | 10 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 48 ++--- .../moa/id/config/ConfigurationBuilder.java | 47 +---- .../moa/id/config/auth/OAAuthParameter.java | 36 ++-- 6 files changed, 56 insertions(+), 281 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ba3020958..94fd4f28e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -461,7 +461,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); - System.out.println("PB: " + xmlInfoboxReadResponse); + //System.out.println("PB: " + xmlInfoboxReadResponse); if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f579790f8..f22db8e39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -102,104 +102,10 @@ public class GetIdentityLinkFormBuilder extends Builder { "" + nl + ""; - /** default HTML template for mandates */ - private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES_OLD = - "" + nl + - "" + nl + - "" + nl + - "Vollmachten-Anmeldung" + nl + - "" + nl + - "" + nl + - "" + nl + - "

        Vollmachten-Anmeldung

        " + nl + - "" + nl + - "" + nl + - ""; - /** default HTML template - iFrame */ - private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES_OLD = - "" + - "" + - //"" + - "" + - "Vollmachten-Anmeldung" + - "" + - "" + - "
        " + - " " + - " " + - " " + - " " + - "
        " + - "
        " + - " " + - " " + - " " + - "
        " + - "" + - ""; - /** default HTML template for Online mandates */ - private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES = - "" + - "" + - "" + - "Vollmachten-Anmeldung" + - "" + - "" + - "
        " + - " " + - " " + - " " + - " " + - "
        " + - "
        " + - " " + - " " + - " " + - "
        " + - "" + - ""; - - /** + /** * Constructor for GetIdentityLinkFormBuilder. */ public GetIdentityLinkFormBuilder() { @@ -236,103 +142,7 @@ public class GetIdentityLinkFormBuilder extends Builder { return htmlForm; } - /** - * Builds the HTML form, including XML Request and data URL as parameters. - * - * @param xmlRequest XML Request to be sent as a parameter in the form - * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; - * may be null, in this case the default URL will be used - * @param dataURL DataURL to be sent as a parameter in the form - */ - public String buildCreateSignature( - String bkuURL, - String xmlRequest, - String dataURL, - String oaUrl) - throws BuildException - { - String htmlForm = ""; - OAAuthParameter oaParam; - try { - oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaUrl); - } catch (ConfigurationException e) { - Logger.error("Error on building HTMl form for online mandates: " + e.getMessage()); - throw new BuildException("builder.03", null); - } - - OnlineMandatesTemplates[] templatesOnlineMandates = oaParam.getTemplateOnlineMandates(); - if (templatesOnlineMandates == null) { - // no templates given - htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; - htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); - } else { - String moaidTemplateUrl = null; - String mandateTemplateUrl = null; - // check for configured bku URL - for (int i = 0; i < templatesOnlineMandates.length; i++) { - if (templatesOnlineMandates[i].getBkuURL().compareToIgnoreCase(bkuURL) == 0) { - moaidTemplateUrl = templatesOnlineMandates[i].getMoaIdTemplateURL(); - mandateTemplateUrl = templatesOnlineMandates[i].getMandatesTemplateURL(); - } - } - if (moaidTemplateUrl == null || mandateTemplateUrl == null) { - Logger.debug("Configured and used BKU URL are not equal. So standard template is used."); - htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES; - htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); - htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); - htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); - } else { - // use configured templates - String moaidTemplate; - String mandateTemplate; - try { - moaidTemplate = new String(FileUtils.readURL(moaidTemplateUrl)); - } catch (IOException ex) { - throw new BuildException("auth.03", new Object[] { moaidTemplateUrl, ex.toString()},ex); - } - try { - mandateTemplate = new String(FileUtils.readURL(mandateTemplateUrl)); - } catch (IOException ex) { - throw new BuildException("auth.03", new Object[] { mandateTemplateUrl, ex.toString()},ex); - } - - - // Mandatem template with iFrame - htmlForm = mandateTemplate; - - - // HTML form with XML signature request, which is filled into the iFrame - String htmlFormiFrame = moaidTemplate; - htmlFormiFrame = replaceTag(htmlFormiFrame, BKU_TAG, bkuURL, true, ALL); - htmlFormiFrame = replaceTag(htmlFormiFrame, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); - htmlFormiFrame = replaceTag(htmlFormiFrame, DATAURL_TAG, dataURL, true, ALL); - htmlFormiFrame = htmlFormiFrame.replaceAll("\"", "\\\""); - htmlFormiFrame = htmlFormiFrame.replaceAll("'", "\\\\'"); - - // add writeln('[data]') for each line in the iframe - BufferedReader reader = new BufferedReader(new StringReader(htmlFormiFrame)); - String str; - String htmlFormiFrameWriteLn = ""; - try { - while ((str = reader.readLine()) != null) { - if (str.length() > 0) - htmlFormiFrameWriteLn += "writeln('" + str + "');"; - } - } catch(IOException e) { - throw new BuildException("builder.03", null); - } - - htmlForm = replaceTag(htmlForm, MANDATE_TAG, htmlFormiFrameWriteLn, true, ALL); - - } - - } - - return htmlForm; - - } + /** * Encodes a string for inclusion as a parameter in the form. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 5c193aca1..b1ae12084 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -176,8 +176,8 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.debug(createXMLSignatureRequestOrRedirect); - String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix()); - + //String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix()); + String request = null; resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(request); @@ -200,11 +200,5 @@ public class GetMISSessionIDServlet extends AuthServlet { } } - private static String getHTMLForm(String request, String bkuURI, String dataURL, String oaUrl) throws BuildException { - return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL, oaUrl); - - } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index bea81abf3..99ae497ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -171,33 +171,33 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } } - else { - boolean useMandate = session.getUseMandate(); - if (useMandate) { // Mandate modus - // read certificate and set dataurl to VerifyCertificateServlet - - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - } +// else { +// boolean useMandate = session.getUseMandate(); +// if (useMandate) { // Mandate modus +// // read certificate and set dataurl to VerifyCertificateServlet +// +// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +// +// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +// +// // build dataurl +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); +// +// +// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); +// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// } else { ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } - } +// } } catch (ParseException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index f11938e91..bdd0c3294 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -490,8 +490,7 @@ public class ConfigurationBuilder { String inputProcessorSignTemplateURL = XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); - OnlineMandatesTemplates[] templatesOnlineMandates = buildTemplateOnlineMandates(configElem_); - + List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -557,10 +556,10 @@ public class ConfigurationBuilder { oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); - oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); + oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); + oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); - oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); - oap.setTemplateOnlineMandates(buildTemplateOnlineMandatesOA(authComponent, templatesOnlineMandates)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present @@ -618,43 +617,7 @@ public class ConfigurationBuilder { - protected OnlineMandatesTemplates[] buildTemplateOnlineMandates(Node contextNode) { - String xpathExpr = AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH; - List onlineMandatesTemplatesList = new ArrayList(); - - NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); - - Element bkuElem; - while ((bkuElem = (Element) bkuIter.nextNode()) != null) { - String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); - String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); - String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); - - OnlineMandatesTemplates template = new OnlineMandatesTemplates(); - template.setBkuURL(bkuUrl); - if (moaidTemplateUrl != null) { - moaidTemplateUrl = FileUtils.makeAbsoluteURL(moaidTemplateUrl, rootConfigFileDir_); - } - if (moaidTemplateUrl != null) { - mandateTemplateUrl = FileUtils.makeAbsoluteURL(mandateTemplateUrl, rootConfigFileDir_); - } - template.setMoaIdTemplateURL(moaidTemplateUrl); - template.setMandatesTemplateURL(mandateTemplateUrl); - - onlineMandatesTemplatesList.add(template); - - } - - if (onlineMandatesTemplatesList.isEmpty()) - return null; - - OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; - onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); - - return onlinemandatesTemplates; - - } - + protected OnlineMandatesTemplates[] buildTemplateOnlineMandatesOA(Node contextNode, OnlineMandatesTemplates[] defaultTemplatesOnlineMandates) { String xpathExpr = OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index a48923b07..1e169aef3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -81,6 +81,10 @@ public class OAAuthParameter extends OAParameter { * determines whether the certificate is to be included in the authentication data */ private boolean provideCertificate; + /** + * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data + */ + private boolean provideFullMandatorData; /** * url to a template for web page "Auswahl der Bürgerkartenumgebung" */ @@ -90,7 +94,6 @@ public class OAAuthParameter extends OAParameter { */ private String templateURL; - private OnlineMandatesTemplates[] templateOnlineMandates; /** * template for web page "Signatur der Anmeldedaten" */ @@ -179,6 +182,16 @@ public class OAAuthParameter extends OAParameter { return provideCertificate; } + /** + * Returns true if the full mandator data should be provided within the + * authentication data, otherwise false. + * @return true if the full mandator data should be provided, + * otherwise false + */ + public boolean getProvideFullMandatorData() { + return provideFullMandatorData; + } + /** * Returns the key box identifier. @@ -252,20 +265,7 @@ public class OAAuthParameter extends OAParameter { public void setTransformsInfos(String[] transformsInfos) { this.transformsInfos = transformsInfos; } - /** - * @return the templateOnlineMandates - */ -public OnlineMandatesTemplates[] getTemplateOnlineMandates() { - return templateOnlineMandates; -} -/** - * @param templateOnlineMandates the templateOnlineMandates to set - */ -public void setTemplateOnlineMandates( - OnlineMandatesTemplates[] templateOnlineMandates) { - this.templateOnlineMandates = templateOnlineMandates; -} /** * Sets the provideAuthBlock. @@ -298,6 +298,14 @@ public void setTemplateOnlineMandates( public void setProvideCertificate(boolean provideCertificate) { this.provideCertificate = provideCertificate; } + + /** + * Sets the provideFullMandatorData variable. + * @param provideFullMandatorData The provideFullMandatorData value to set + */ + public void setProvideFullMandatorData(boolean provideFullMandatorData) { + this.provideFullMandatorData = provideFullMandatorData; + } /** * Sets the key box identifier. -- cgit v1.2.3 From 77c3560745fcba9e3975472dd77cb928924fb35f Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 6 Oct 2011 19:15:53 +0000 Subject: =?UTF-8?q?MOA-ID:=20-=20Fixed=20Bug=20#556=20(https://egovlabs.gv?= =?UTF-8?q?.at/tracker/index.php=3Ffunc=3Ddetail&aid=3D556&group=5Fid=3D6&?= =?UTF-8?q?atid=3D105)=20-=20Update=20Einbindung=20Online-Vollmachten=20(V?= =?UTF-8?q?or=20Auswahl=20der=20Vollmacht=20werden=20die=20Signaturdaten?= =?UTF-8?q?=20signiert)=20-=20Update=20Transformationen=20(f=C3=BCr=20Onli?= =?UTF-8?q?ne-Vollmachten)=20-=20=C3=84nderung=20der=20Konfiguration=20f?= =?UTF-8?q?=C3=BCr=20Online-Vollmachten=20(keine=20Templates=20mehr=20f?= =?UTF-8?q?=C3=BCr=20Online-Vollmachten;=20Attribute=20provideMandatorDate?= =?UTF-8?q?=20in=20OA-Konfiguration)=20-=20sampleTemplates=20in=20Standard?= =?UTF-8?q?-Konfiguration=20gel=C3=B6scht=20-=20Update=20der=20Standard-Ko?= =?UTF-8?q?nfigurationen=20MOA-SPSS:=20-=20Library=20aktualisiert:=20Axis?= =?UTF-8?q?=20-=20Version=201.0=5FIAIK=20(gepatchte=20Variante=20von=20Axi?= =?UTF-8?q?s=201.0=20zur=20Vermeidung=20von=20XXE=20Attacken)=20-=20axis-1?= =?UTF-8?q?.0=5FIAIK.jar=20zu=20repository=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1217 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 432 ++++++++++++--------- .../AuthenticationBlockAssertionBuilder.java | 47 +-- .../AuthenticationDataAssertionBuilder.java | 123 ++++++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 10 +- .../moa/id/auth/data/AuthenticationSession.java | 173 +++++++-- .../id/auth/servlet/GetMISSessionIDServlet.java | 68 ++-- .../auth/servlet/ProcessValidatorInputServlet.java | 2 +- .../servlet/VerifyAuthenticationBlockServlet.java | 24 ++ .../id/auth/servlet/VerifyCertificateServlet.java | 111 +++--- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 30 +- .../id/util/client/mis/simple/MISSimpleClient.java | 19 +- 11 files changed, 669 insertions(+), 370 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 94fd4f28e..9e15e04dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -550,7 +550,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, false); + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); } @@ -571,7 +571,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the BKU including the <InfoboxReadResponse> * @return String representation of the <CreateXMLSignatureRequest> */ - public String verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(String sessionID, MISMandate mandate) throws AuthenticationException, BuildException, @@ -591,28 +591,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationSession session = getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - try { - // set extended SAML attributes - setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - } catch (SAXException e) { - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + if (oaParam.getProvideFullMandatorData()) { + try { + // set extended SAML attributes if provideMandatorData is true + setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + } catch (SAXException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } } - - - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, true); + } /** @@ -625,7 +622,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * @throws ValidateException */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, boolean fromMandate) + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) throws ConfigurationException, BuildException, @@ -638,7 +635,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (!fromMandate) { +// if (!fromMandate) { //BZ.., calculate bPK for signing to be already present in AuthBlock IdentityLink identityLink = session.getIdentityLink(); if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { @@ -649,11 +646,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { identityLink.setIdentificationValue(bpkBase64); } //..BZ - } +// } // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, fromMandate); + String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); // builds the @@ -837,7 +834,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session, boolean fromMandate) throws BuildException { + private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); @@ -862,8 +859,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaURL, gebDat, extendedSAMLAttributes, - session, - fromMandate); + session); return authBlock; } @@ -949,7 +945,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.43", new Object[] {friendlyName}); } // set compatibility mode for mandates infobox and all infoboxes (it is possible to be a parep infobox) - session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + //session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); // check for party representation in mandates infobox if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ //We need app specific parameters @@ -1187,6 +1183,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Vector extendedSamlAttributes = new Vector(); + extendedSamlAttributes.clear(); //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); @@ -1404,72 +1401,189 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - // Exchange person data information by a mandate if needed - boolean mandateMode = session.getUseMandate(); + // builds authentication data and stores it together with a SAML artifact + AuthenticationData authData = buildAuthenticationData(session, vsresp); - List oaAttributes = session.getExtendedSAMLAttributesOA(); - IdentityLink replacementIdentityLink = null; + if (session.getUseMandate()) { + // mandate mode + return null; + } + else { + + String samlAssertion = + new AuthenticationDataAssertionBuilder().build( + authData, + session.getAssertionPrPerson(), + session.getAssertionAuthBlock(), + session.getAssertionIlAssertion(), + session.getBkuURL(), + session.getAssertionSignerCertificateBase64(), + session.getAssertionBusinessService(), + session.getExtendedSAMLAttributesOA()); + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); + } catch (IOException e) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", e.toString()}, + e); + } + + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + + } + + + + + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
        + *
          + *
        • Validates given <CreateXMLSignatureResponse>
          • + *
        • Parses <CreateXMLSignatureResponse> for error codes
          • + *
        • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
          • + *
        • Verifies authentication block by calling the MOA SP component
          • + *
        • Creates authentication data
          • + *
        • Creates a corresponding SAML artifact
          • + *
        • Stores authentication data in the authentication data store + * indexed by the SAML artifact
          • + *
        • Deletes authentication session
          • + *
        • Returns the SAML artifact, encoded BASE64
          • + *
        + * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String verifyAuthenticationBlockMandate( + String sessionID, + Element mandate) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + AuthenticationSession session = getSession(sessionID); + //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); -// if (mandateMode) { -// Iterator it = oaAttributes.iterator(); -// //ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); -// Element mandate = session.getMandateElem(); -// replacementIdentityLink = new IdentityLink(); -// Element mandator = ParepUtils.extractMandator(mandate); -// String dateOfBirth = ""; -// Element prPerson = null; -// String familyName = ""; -// String givenName = ""; -// String identificationType = ""; -// String identificationValue = ""; -// if (mandator != null) { -// boolean physical = ParepUtils.isPhysicalPerson(mandator); -// if (physical) { -// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); -// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); -// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); -// } else { -// familyName = ParepUtils.extractMandatorFullName(mandator); -// } -// identificationType = ParepUtils.getIdentification(mandator, "Type"); -// identificationValue = ParepUtils.extractMandatorWbpk(mandator); -// prPerson = ParepUtils.extractPrPersonOfMandate(mandate); -// if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { -// // now we calculate the wbPK and do so if we got it from the BKU -// identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); -// identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); -// ParepUtils.HideStammZahlen(prPerson, true, null, null, true); -// } -// -// -// replacementIdentityLink.setDateOfBirth(dateOfBirth); -// replacementIdentityLink.setFamilyName(familyName); -// replacementIdentityLink.setGivenName(givenName); -// replacementIdentityLink.setIdentificationType(identificationType); -// replacementIdentityLink.setIdentificationValue(identificationValue); -// replacementIdentityLink.setPrPerson(prPerson); -// try { -// replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); -// } catch (Exception e) { -// throw new ValidateException("validator.64", null); -// } -// -// } -// -// } + + IdentityLink tempIdentityLink = null; + + if (session.getUseMandate()) { + tempIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + + tempIdentityLink.setDateOfBirth(dateOfBirth); + tempIdentityLink.setFamilyName(familyName); + tempIdentityLink.setGivenName(givenName); + tempIdentityLink.setIdentificationType(identificationType); + tempIdentityLink.setIdentificationValue(identificationValue); + tempIdentityLink.setPrPerson(prPerson); + try { + tempIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + + } + + } // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); - String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); + AuthenticationData authData = session.getAssertionAuthData(); //buildAuthenticationData(session, vsresp, replacementIdentityLink); - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + Element mandatePerson = tempIdentityLink.getPrPerson(); + String mandateData = null; + try { + mandateData = DOMUtils.serializeNode(mandatePerson); + } catch (TransformerException e1) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } catch (IOException e1) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String samlAssertion = + new AuthenticationDataAssertionBuilder().buildMandate( + authData, + session.getAssertionPrPerson(), + mandateData, + session.getAssertionAuthBlock(), + session.getAssertionIlAssertion(), + session.getBkuURL(), + session.getAssertionSignerCertificateBase64(), + session.getAssertionBusinessService(), + session.getExtendedSAMLAttributesOA()); + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); + } catch (IOException e) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", e.toString()}, + e); + } + + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + } /** @@ -1540,79 +1654,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - // Exchange person data information by a mandate if needed - List oaAttributes = session.getExtendedSAMLAttributesOA(); - IdentityLink replacementIdentityLink = null; - if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { - // look if we have a mandate - boolean foundMandate = false; - Iterator it = oaAttributes.iterator(); - while (!foundMandate && it.hasNext()) { - ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); - if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { - Object value = samlAttribute.getValue(); - if (value instanceof Element) { - Element mandate = (Element) value; - replacementIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); - ParepUtils.HideStammZahlen(prPerson, true, null, null, true); - } - - } - replacementIdentityLink.setDateOfBirth(dateOfBirth); - replacementIdentityLink.setFamilyName(familyName); - replacementIdentityLink.setGivenName(givenName); - replacementIdentityLink.setIdentificationType(identificationType); - replacementIdentityLink.setIdentificationValue(identificationValue); - replacementIdentityLink.setPrPerson(prPerson); - try { - replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - } else { - Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); - throw new ValidateException("validator.64", null); - } - } - } - } - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getForeignSignerCertificate(); vsresp.setX509certificate(cert); - AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); - String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + AuthenticationData authData = buildAuthenticationData(session, vsresp); + + + String samlAssertion = + new AuthenticationDataAssertionBuilder().build( + authData, + session.getAssertionPrPerson(), + session.getAssertionAuthBlock(), + session.getAssertionIlAssertion(), + session.getBkuURL(), + session.getAssertionSignerCertificateBase64(), + session.getAssertionBusinessService(), + session.getExtendedSAMLAttributesOA()); + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); + } catch (IOException e) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", e.toString()}, + e); + } + + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + + return samlArtifact; } /** @@ -1626,18 +1706,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, - IdentityLink replacementIdentityLink) + VerifyXMLSignatureResponse verifyXMLSigResp) throws ConfigurationException, BuildException { - IdentityLink identityLink; - if (replacementIdentityLink == null) { - identityLink = session.getIdentityLink(); - } else { - // We have got data form a mandate we need now to use to stay compatible with applications - identityLink = replacementIdentityLink; - } - + IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -1661,6 +1733,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setIdentificationValue(identityLink.getIdentificationValue()); } String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -1696,22 +1769,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), ""); } String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = - new AuthenticationDataAssertionBuilder().build( - authData, - prPerson, - authBlock, - ilAssertion, - session.getBkuURL(), - signerCertificateBase64, - businessService, - session.getExtendedSAMLAttributesOA()); - authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml" - + session.setAssertionAuthBlock(authBlock); + session.setAssertionAuthData(authData); + session.setAssertionBusinessService(businessService); + session.setAssertionIlAssertion(ilAssertion); + session.setAssertionPrPerson(prPerson); + session.setAssertionSignerCertificateBase64(signerCertificateBase64); + return authData; + + } catch (Throwable ex) { throw new BuildException( "builder.00", @@ -1735,7 +1803,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } AuthenticationData authData = null; synchronized (authenticationDataStore) { - System.out.println("assertionHandle: " + assertionHandle); + //System.out.println("assertionHandle: " + assertionHandle); authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index d48054e4b..35c4244c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -154,15 +155,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session, - boolean fromMandate) + AuthenticationSession session) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; - //BZ.., reading OA parameters + //reading OA parameters OAAuthParameter oaParam; try { oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -171,7 +171,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - //..BZ if (target == null) { @@ -181,12 +180,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; - //BZ.., adding type of wbPK domain identifier + //adding type of wbPK domain identifier ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); - //..BZ } else { // We do not have a wbPK, therefore no SAML-Attribute is provided @@ -194,13 +192,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } } else { // OA is a govermental application - //BZ.. String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); - //..BZ - //BZ.., no business service, adding bPK + //no business service, adding bPK Element bpkSamlValueElement; try { @@ -213,34 +209,41 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion // String s = xmlToString(bpkSamlValueElement); // System.out.println("bpkSamlValueElement: " + s); - - if (!fromMandate) { - ExtendedSAMLAttribute bpkAttribute = - new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); - - //System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size()); - - extendedSAMLAttributes.add(bpkAttribute); - } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + extendedSAMLAttributes.add(bpkAttribute); + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + String mandateReferenceValue = Random.nextRandom(); + // remove leading "-" + if (mandateReferenceValue.startsWith("-")) + mandateReferenceValue = mandateReferenceValue.substring(1); + + session.setMandateReferenceValue(mandateReferenceValue); + + ExtendedSAMLAttribute mandateReferenceValueAttribute = + new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK); + + extendedSAMLAttributes.add(mandateReferenceValueAttribute); + } //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; - //..BZ } - //BZ.., adding friendly name of OA + //adding friendly name of OA String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(oaFriendlyNameAttribute); - //..BZ String assertion; - try { + try { assertion = MessageFormat.format( AUTH_BLOCK, new Object[] { wbpkNSDeclaration, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 640c60e49..367116c73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -74,6 +74,40 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{12}" + " " + NL + ""; + + /** + * XML template for the <saml:Assertion> to be built + */ + private static final String AUTH_DATA_MANDATE = + "" + NL + + "" + NL + + " " + NL + + " " + NL + + " {4}" + NL + + " " + NL + + " " + MOA_NS_URI + "cm" + NL + + " {5}{6}" + NL + + " " + NL + + " " + NL + + " " + NL + + " {7}" + NL + + " " + NL + + " " + NL + + " {8}" + NL + + " " + NL + + " " + NL + + " {9}" + NL + + " " + NL + + " " + NL + + " {10}" + NL + + " " + NL + + "{11}" + + "{12}" + + "{13}" + + " " + NL + + ""; /** * XML template for the <saml:Attribute> named "isPublicAuthority", * to be inserted into the <saml:Assertion> @@ -181,5 +215,94 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB } return assertion; } + + /** + * Builds the authentication data <saml:Assertion>. + * + * @param authData the AuthenticationData to build the + * <saml:Assertion> from + * @param xmlPersonData lt;pr:Person> element as a String + * @param xmlAuthBlock authentication block to be included in a + * lt;saml:SubjectConfirmationData> element; may include + * the "Stammzahl" or not; may be empty + * @param xmlIdentityLink the IdentityLink + * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe + * an empty string if the signer certificate should not be provided. + * Will be ignored if the businessService parameter is + * set to false. + * @param businessService true if the online application is a + * business service, otherwise false + * @return the <saml:Assertion> + * @throws BuildException if an error occurs during the build process + */ + public String buildMandate( + AuthenticationData authData, + String xmlPersonData, + String xmlMandateData, + String xmlAuthBlock, + String xmlIdentityLink, + String bkuURL, + String signerCertificateBase64, + boolean businessService, + List extendedSAMLAttributes) + throws BuildException + { + + String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; + if (authData.isPublicAuthority()) { + String publicAuthorityIdentification = authData.getPublicAuthorityCode(); + if (publicAuthorityIdentification == null) + publicAuthorityIdentification = "True"; + publicAuthorityAttribute = MessageFormat.format( + PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); + } + + + String signerCertificateAttribute = ""; + if (signerCertificateBase64 != "") { + signerCertificateAttribute = MessageFormat.format( + SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); + } + + String pkType; + String pkValue; + if (businessService) { + pkType = authData.getIdentificationType(); + pkValue = authData.getWBPK(); + + } else { + // always has the bPK as type/value + pkType = URN_PREFIX_BPK; + pkValue = authData.getBPK(); + } + +// System.out.println("pkType; " + pkType); +// System.out.println("pkValue; " + pkValue); + + String assertion; + try { + + assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { + authData.getAssertionID(), + authData.getIssuer(), + authData.getIssueInstant(), + pkType, + pkValue, + StringUtils.removeXMLDeclaration(xmlAuthBlock), + StringUtils.removeXMLDeclaration(xmlIdentityLink), + StringUtils.removeXMLDeclaration(xmlPersonData), + StringUtils.removeXMLDeclaration(xmlMandateData), + isQualifiedCertificate, + bkuURL, + publicAuthorityAttribute, + signerCertificateAttribute, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building Authentication Data Assertion: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()}); + } + return assertion; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 556b0cb6a..41e4cd37d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -74,8 +74,8 @@ public class SAMLArtifactBuilder { // alternative sourceId String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); - System.out.println("alternativeSourceID: " + alternativeSourceID); - System.out.println("authURL: " + authURL); + //System.out.println("alternativeSourceID: " + alternativeSourceID); + //System.out.println("authURL: " + authURL); if (!ParepUtils.isEmpty(alternativeSourceID)) { // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; @@ -85,7 +85,7 @@ public class SAMLArtifactBuilder { sourceID = md.digest(authURL.getBytes()); } - System.out.println("sourceID: " + new String(sourceID)); + //System.out.println("sourceID: " + new String(sourceID)); byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); @@ -94,9 +94,9 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); - System.out.println("samlArtifact: " + new String(samlArtifact)); + //System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - System.out.println("samlArtifact Base64: " + samlArtifactBase64); + //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; } catch (Throwable ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index bae95c2a6..61e4cd28b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -36,6 +36,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -87,25 +88,41 @@ public class AuthenticationSession { private boolean useMandate; /** - * Selected mandate + * Reference value for mandate */ - private Element mandateElem; + private String mandateReferenceValue; /** - * @return the mandateElem - */ - public Element getMandateElem() { - return mandateElem; - } - - /** - * @param mandateElem the mandateElem to set - */ - public void setMandateElem(Element mandateElem) { - this.mandateElem = mandateElem; - } - - /** + * Authentication data for the assertion + */ + private AuthenticationData assertionAuthData; + + /** + * Persondata for the assertion + */ + private String assertionPrPerson; + + /** + * Authblock for the assertion + */ + private String assertionAuthBlock; + + /** + * Identitylink assertion for the (MOA) assertion + */ + private String assertionIlAssertion; + + /** + * Signer certificate (base64 encoded) for the assertion + */ + private String assertionSignerCertificateBase64; + + /** + * bussiness service for the assertion + */ + boolean assertionBusinessService; + + /** * SessionID for MIS */ private String misSessionID; @@ -176,14 +193,7 @@ public class AuthenticationSession { */ private String pushInfobox; - /** - * AppSpecificConfiguration entry of then mandates infobox-validator. Tells - * whether person data from the representative have to be exchanged by data - * from the mandate - */ - private boolean mandateCompatibilityMode = false; - - + /** * Constructor for AuthenticationSession. @@ -562,20 +572,6 @@ public class AuthenticationSession { return null; } - /** - * @return the mandateCompatibilityMode - */ - public boolean isMandateCompatibilityMode() { - return mandateCompatibilityMode; - } - - /** - * @param mandateCompatibilityMode the mandateCompatibilityMode to set - */ - public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { - this.mandateCompatibilityMode = mandateCompatibilityMode; - } - /** * Returns domain identifier (the register and number in the register parameter). * null in the case of not a business service. @@ -660,4 +656,105 @@ public class AuthenticationSession { public String getMISSessionID() { return this.misSessionID; } + + /** + * @return the assertionAuthData + */ + public AuthenticationData getAssertionAuthData() { + return assertionAuthData; + } + + /** + * @param assertionAuthData the assertionAuthData to set + */ + public void setAssertionAuthData(AuthenticationData assertionAuthData) { + this.assertionAuthData = assertionAuthData; + } + + /** + * @return the assertionPrPerson + */ + public String getAssertionPrPerson() { + return assertionPrPerson; + } + + /** + * @param assertionPrPerson the assertionPrPerson to set + */ + public void setAssertionPrPerson(String assertionPrPerson) { + this.assertionPrPerson = assertionPrPerson; + } + + /** + * @return the assertionAuthBlock + */ + public String getAssertionAuthBlock() { + return assertionAuthBlock; + } + + /** + * @param assertionAuthBlock the assertionAuthBlock to set + */ + public void setAssertionAuthBlock(String assertionAuthBlock) { + this.assertionAuthBlock = assertionAuthBlock; + } + + /** + * @return the assertionIlAssertion + */ + public String getAssertionIlAssertion() { + return assertionIlAssertion; + } + + /** + * @param assertionIlAssertion the assertionIlAssertion to set + */ + public void setAssertionIlAssertion(String assertionIlAssertion) { + this.assertionIlAssertion = assertionIlAssertion; + } + + /** + * @return the assertionSignerCertificateBase64 + */ + public String getAssertionSignerCertificateBase64() { + return assertionSignerCertificateBase64; + } + + /** + * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set + */ + public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) { + this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; + } + + /** + * @return the assertionBusinessService + */ + public boolean getAssertionBusinessService() { + return assertionBusinessService; + } + + /** + * @param assertionBusinessService the assertionBusinessService to set + */ + public void setAssertionBusinessService(boolean assertionBusinessService) { + this.assertionBusinessService = assertionBusinessService; + } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index b1ae12084..977784a6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -27,7 +27,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; import java.io.IOException; -import java.io.PrintWriter; import java.security.GeneralSecurityException; import java.util.List; @@ -38,16 +37,14 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -58,6 +55,7 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for getting the foreign eID @@ -139,8 +137,6 @@ public class GetMISSessionIDServlet extends AuthServlet { String misSessionID = session.getMISSessionID(); - //System.out.println("MIS Session ID (GetMISServlet): " + misSessionID); - AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); @@ -158,31 +154,36 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate)list.get(0); - + // verify mandate signature - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); + AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); byte[] byteMandate = mandate.getMandate(); String stringMandate = new String(byteMandate); - Document mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null); - session.setMandateElem(mandateDoc.getDocumentElement()); - //System.out.println("stringMandate: " + stringMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + //session.setMandateElem(mandateDoc.getDocumentElement()); - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_AUTH_BLOCK, - session.getSessionID()); - - Logger.debug(createXMLSignatureRequestOrRedirect); - - //String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix()); - String request = null; - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(request); - out.flush(); - + String redirectURL = null; + String samlArtifactBase64 = + AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); + + + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } catch (MOAIDException ex) { @@ -198,6 +199,21 @@ public class GetMISSessionIDServlet extends AuthServlet { } catch (ParserConfigurationException e) { handleError(null, e, req, resp); } + } + + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 1dfc266a9..b5c57d5cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -175,7 +175,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthenticationServer.processInput(session, parameters); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null, false); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { // Now sign the AUTH Block String dataURL = new DataURLBuilder().buildDataURL( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 5b9995709..f7f9d8fed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -39,8 +39,10 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; @@ -140,6 +142,28 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + if (samlArtifactBase64 == null) { + //mandate Mode + + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + // build dataurl + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + + + //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + } if (!samlArtifactBase64.equals("Redirect to Input Processor")) { redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9f9491bb..181c46bf9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -150,7 +150,9 @@ public class VerifyCertificateServlet extends AuthServlet { throw new AuthenticationException("auth.14", null); } - boolean useMandate = session.getUseMandate(); + boolean useMandate = session.getUseMandate(); + + if (useMandate) { // Mandate Modus // make request to MIS @@ -162,8 +164,6 @@ public class VerifyCertificateServlet extends AuthServlet { // get identitity link as byte[] Element elem = session.getIdentityLink().getSamlAssertion(); String s = DOMUtils.serializeNode(elem); -// byte[] idl = DOMUtils.nodeToByteArray(elem); -// String s = new String(idl); byte[] idl = s.getBytes(); // redirect url @@ -187,8 +187,10 @@ public class VerifyCertificateServlet extends AuthServlet { for(int i = 0; i < profilesArray.length; i++) { profilesArray[i] = profilesArray[i].trim(); } - - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory); + + String oaFriendlyName = oaParam.getFriendlyName(); + String mandateReferenceValue = session.getMandateReferenceValue(); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -235,21 +237,6 @@ public class VerifyCertificateServlet extends AuthServlet { } } - /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - private static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - /** * Does the request to the SZR-GW * @param givenname @@ -312,50 +299,42 @@ public class VerifyCertificateServlet extends AuthServlet { // // } - /** - * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW - * @param givenname - * @param familyname - * @param birthday - * @return - */ - private static Document buildGetIdentityLinkRequest(X509Certificate cert) { - - try { - byte[] certbyte = cert.getEncoded(); - String certstring = Base64.encode(certbyte); - - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); - doc.appendChild(getIdentityLink); - - Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); - getIdentityLink.appendChild(x509certificate); - Text certbase64 = doc.createTextNode(certstring); - x509certificate.appendChild(certbase64); - - return doc; - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } - return null; - - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - +// /** +// * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW +// * @param givenname +// * @param familyname +// * @param birthday +// * @return +// */ +// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { +// +// try { +// byte[] certbyte = cert.getEncoded(); +// String certstring = Base64.encode(certbyte); +// +// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// Document doc = builder.newDocument(); +// +// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); +// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); +// doc.appendChild(getIdentityLink); +// +// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); +// getIdentityLink.appendChild(x509certificate); +// Text certbase64 = doc.createTextNode(certstring); +// x509certificate.appendChild(certbase64); +// +// return doc; +// } catch (ParserConfigurationException e) { +// e.printStackTrace(); +// } catch (CertificateEncodingException e) { +// e.printStackTrace(); +// } +// return null; +// +// } +// + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 99ae497ba..df5abe4f5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -171,33 +171,9 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } } -// else { -// boolean useMandate = session.getUseMandate(); -// if (useMandate) { // Mandate modus -// // read certificate and set dataurl to VerifyCertificateServlet -// -// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); -// -// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); -// -// // build dataurl -// String dataurl = -// new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// REQ_VERIFY_CERTIFICATE, -// session.getSessionID()); -// -// -// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); -// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); -// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -// -// } - else { - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); - } -// } + else { + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + } } catch (ParseException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 3b8caca4c..60678fe22 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -56,6 +56,7 @@ import org.xml.sax.SAXNotSupportedException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; public class MISSimpleClient { @@ -134,7 +135,7 @@ public class MISSimpleClient { } } - public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { if (webServiceURL == null) { throw new NullPointerException("Argument webServiceURL must not be null."); } @@ -165,10 +166,22 @@ public class MISSimpleClient { //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert))); // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); mirElement.appendChild(certElement); - } + } + + if (!StringUtils.isEmpty(oaFriendlyName)) { + Element oaFriendlyNameElement = doc.createElementNS(MIS_NS, "OAFriendlyName"); + oaFriendlyNameElement.appendChild(doc.createTextNode(oaFriendlyName)); + mirElement.appendChild(oaFriendlyNameElement); + } + Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL"); redirectElement.appendChild(doc.createTextNode(redirectURL)); - mirElement.appendChild(redirectElement); + mirElement.appendChild(redirectElement); + + Element referenceValueElement = doc.createElementNS(MIS_NS, "ReferenceValue"); + referenceValueElement.appendChild(doc.createTextNode(referenceValue)); + mirElement.appendChild(referenceValueElement); + if (mandateIdentifier != null && mandateIdentifier.length > 0) { Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); -- cgit v1.2.3 From 6571af05b7574f6d752890301b9743b1243a05bd Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 11 Oct 2011 16:02:54 +0000 Subject: MOA-ID: * Fixed Bug #557 * Update Konfiguration: Target via Konfig fix konfigurierbar * Update Doku Common: * DOMUtils: Parser disabled external entities git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1219 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 16 ++++++-- .../AuthenticationBlockAssertionBuilder.java | 11 +++++- .../moa/id/auth/data/AuthenticationSession.java | 40 +++++++++++++++++++ .../auth/parser/IdentityLinkAssertionParser.java | 14 +++++-- .../moa/id/auth/servlet/SelectBKUServlet.java | 33 ++++++++++++++-- .../auth/servlet/StartAuthenticationServlet.java | 45 +++++++++++++--------- .../CreateXMLSignatureResponseValidator.java | 18 +++++++-- .../moa/id/config/ConfigurationBuilder.java | 23 ++++++++++- .../gv/egovernment/moa/id/config/OAParameter.java | 40 +++++++++++++++++++ 9 files changed, 205 insertions(+), 35 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9e15e04dd..27a2f3050 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -90,7 +94,6 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidat import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -114,6 +117,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; + /** * API for MOA ID Authentication Service.
        * {@link AuthenticationSession} is stored in a session store and retrieved @@ -295,6 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
      * @param authURL URL of the servlet to be used as data URL * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via configuration * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used @@ -310,6 +315,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String startAuthentication( String authURL, String target, + String targetFriendlyName, String oaURL, String templateURL, String bkuURL, @@ -343,15 +349,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { target = null; + targetFriendlyName = null; } session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); + session.setTargetFriendlyName(targetFriendlyName); session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); @@ -509,7 +517,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // e.printStackTrace(); // } // - + // parses the IdentityLink identityLink = @@ -845,6 +853,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) //String oaURL = session.getPublicOAURLPrefix(); String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); @@ -854,6 +863,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { issueInstant, authURL, target, + targetFriendlyName, identificationValue, identificationType, oaURL, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 35c4244c6..db70a6111 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -150,6 +150,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String issueInstant, String authURL, String target, + String targetFriendlyName, String identityLinkValue, String identityLinkType, String oaURL, @@ -192,7 +193,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } } else { // OA is a govermental application - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + + System.out.println("targetFriendlyName: " + targetFriendlyName); + System.out.println("sectorName: " + sectorName); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 61e4cd28b..e13379bda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -60,6 +60,14 @@ public class AuthenticationSession { * if the online application is a business application */ private String target; + /** + * Friendly name for the target, if target is configured via MOA-ID configuration + */ + private String targetFriendlyName; + /** + * Indicates if target from configuration is used or not + */ + private boolean useTargetFromConfig; /** * public online application URL requested */ @@ -277,6 +285,14 @@ public class AuthenticationSession { public String getTarget() { return target; } + + /** + * Returns the target friendly name. + * @return String + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } /** * Sets the oaURLRequested. @@ -318,6 +334,13 @@ public class AuthenticationSession { this.target = target; } } + /** + * Sets the target. If the target includes the target prefix, the prefix will be stripped off. + * @param target The target to set + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } /** * Returns the authURL. @@ -641,6 +664,23 @@ public class AuthenticationSession { return this.useMandate; } + /** + * + * @param useTargetFromConfig indicates if target from config is used or not + */ + public void setUseTargetFromConfig(boolean useTargetFromConfig) { + this.useTargetFromConfig = useTargetFromConfig; + + } + + /** + * Returns if target is used from mandate or not + * @return + */ + public boolean getUseTargetFromConfig() { + return this.useTargetFromConfig; + } + /** * * @param misSessionID indicates the MIS session ID diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index da787fe3f..2e20f483c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -246,10 +246,16 @@ public class IdentityLinkAssertionParser { XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); identityLink.setIdentificationType( XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); - identityLink.setGivenName( - XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); - identityLink.setFamilyName( - XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); + + String givenname = XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""); + String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); + + // replace ' in name with ' + givenname = givenname.replace("'", "'"); + familyname = familyname.replace("'", "'"); + + identityLink.setGivenName(givenname); + identityLink.setFamilyName(familyname); identityLink.setDateOfBirth( XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); NodeIterator dsigRefTransforms = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index dc1cee3b2..dd8a3144a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -35,14 +35,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for selecting a BKU. @@ -114,8 +117,6 @@ public class SelectBKUServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) @@ -123,9 +124,33 @@ public class SelectBKUServlet extends AuthServlet { if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + + String returnValue = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + } + else { + // use target from config + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); + } - String returnValue = AuthenticationServer.getInstance().selectBKU( - authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 0eed89655..ca3883dad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -24,14 +24,9 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; - import java.io.IOException; import java.io.PrintWriter; -import java.security.GeneralSecurityException; -import java.util.List; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -39,19 +34,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for starting a MOA ID authentication session. @@ -109,9 +102,7 @@ public class StartAuthenticationServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - if (!ParamValidatorUtils.isValidOA(oaURL)) + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); @@ -122,12 +113,30 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - - String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); - + String getIdentityLinkForm = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + else { + // use target from config + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index f6127eb12..d49d038fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -96,12 +96,16 @@ public class CreateXMLSignatureResponseValidator { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); } + // replace ' in name with ' + issuer = issuer.replace("'", "'"); + String issueInstant = samlAssertion.getAttribute("IssueInstant"); if (!issueInstant.equals(session.getIssueInstant())) { throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); } String name = identityLink.getName(); + if (!issuer.equals(name)) { throw new ValidateException("validator.33", new Object[] {issuer, name}); } @@ -174,10 +178,16 @@ public class CreateXMLSignatureResponseValidator { } } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - //BZ.. - gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; - //..BZ + foundGB = true; + String targetFriendlyName = session.getTargetFriendlyName(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + gbTarget = gbTarget + " (" + sectorName + ")"; + //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; + System.out.println("Validate: " + gbTarget + " - " + samlAttribute.getValue()); if (!gbTarget.equals((String)samlAttribute.getValue())) { throw new ValidateException("validator.13", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index bdd0c3294..d81435f83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -504,6 +504,8 @@ public class ConfigurationBuilder { oap.setPublicURLPrefix(publicURLPrefix); oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); oap.setFriendlyName(oAElem.getAttribute("friendlyName")); + String targetConfig = oAElem.getAttribute("target"); + String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); // get the type of the online application String oaType = oAElem.getAttribute("type"); @@ -525,6 +527,17 @@ public class ConfigurationBuilder { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } + + if (!StringUtils.isEmpty(targetConfig)) { + Logger.error("Target attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if (!StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); //BZ.., setting type of IdLinkDomainIdentifier @@ -542,11 +555,19 @@ public class ConfigurationBuilder { slVersion = "1.2"; } else { - + + if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + oap.setTarget(targetConfig); + oap.setTargetFriendlyName(targetFriendlyNameConfig); + if (authComponent!=null) { slVersion = authComponent.getAttribute("slVersion"); } + } oap.setSlVersion(slVersion); //Check if there is an Auth-Block to read from configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 0c747b29f..56c97a802 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -54,6 +54,15 @@ public class OAParameter { */ private String friendlyName; + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + /** * Returns the type of the online application. * @return the type of the online application. @@ -119,6 +128,37 @@ public class OAParameter { this.friendlyName = friendlyName; } + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + } -- cgit v1.2.3 From e031b0d5854e4038d28c262109c2529609418ffe Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 12 Oct 2011 10:53:56 +0000 Subject: =?UTF-8?q?*=20Aktualisierung=20imports=20MOA-ID:=20*=20Abfrage=20?= =?UTF-8?q?auf=20Vollmachtenmodus=20bei=20nicht=20=C3=B6ffentlicher=20Andw?= =?UTF-8?q?endung?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1222 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 30 ++++++--- .../auth/builder/GetIdentityLinkFormBuilder.java | 8 --- .../builder/GetVerifyAuthBlockFormBuilder.java | 6 +- .../moa/id/auth/data/AuthenticationSession.java | 2 - .../moa/id/auth/parser/ErrorResponseParser.java | 3 - .../id/auth/parser/InfoboxReadResponseParser.java | 5 +- .../parser/VerifyXMLSignatureResponseParser.java | 4 +- .../moa/id/auth/servlet/GetForeignIDServlet.java | 74 ++++++++++---------- .../id/auth/servlet/VerifyCertificateServlet.java | 78 ++++++++++------------ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 4 -- .../auth/validator/parep/ParepInputProcessor.java | 13 ++-- .../moa/id/auth/validator/parep/ParepUtils.java | 57 ++++++++-------- .../client/szrgw/CreateIdentityLinkResponse.java | 5 +- .../validator/parep/client/szrgw/SZRGWClient.java | 1 - .../validator/parep/config/ParepConfiguration.java | 38 +++++------ .../moa/id/config/ConfigurationBuilder.java | 33 +-------- .../moa/id/config/OnlineMandatesTemplates.java | 78 ---------------------- .../moa/id/config/TargetsAndSectorNames.java | 2 - .../id/config/auth/AuthConfigurationProvider.java | 34 +++++----- .../moa/id/config/auth/OAAuthParameter.java | 1 - .../parser/AuthenticationDataAssertionParser.java | 1 - .../moa/id/proxy/servlet/ProxyServlet.java | 6 +- .../id/util/client/mis/simple/MISSimpleClient.java | 57 +++++++--------- .../resources/properties/id_messages_de.properties | 1 + 24 files changed, 191 insertions(+), 350 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 27a2f3050..c4ab80c66 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,15 +24,11 @@ package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -324,6 +320,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } + else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + if (isEmpty(sessionID)) { if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); @@ -353,6 +363,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } target = null; targetFriendlyName = null; } @@ -376,17 +390,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } session.setBkuURL(bkuURL); session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + session.setUseMandate(useMandateString); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam.getIdentityLinkDomainIdentifier()); - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - session.setUseMandate(useMandate); - } - else { - session.setUseMandate("false"); - } + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f22db8e39..d40cd1909 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.auth.builder; -import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; -import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * Builder for HTML form requesting the security layer implementation diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java index 3e67858a3..ea3d170eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -24,11 +24,7 @@ package at.gv.egovernment.moa.id.auth.builder; -import java.io.IOException; -import java.io.StringReader; -import java.io.StringWriter; - -import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.BuildException; /** * Builder for HTML form requesting a security layer request diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e13379bda..3ab8ff819 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -32,8 +32,6 @@ import java.util.Iterator; import java.util.List; import java.util.Vector; -import org.w3c.dom.Element; - import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index 9bc22ac98..9b95edc77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -24,13 +24,10 @@ package at.gv.egovernment.moa.id.auth.parser; -import java.util.List; - import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.util.DOMUtils; /** * Parses an <ErrorResponse>. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 48ca083c5..760df649d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -36,20 +36,17 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.axis.encoding.Base64; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; -//import com.sun.org.apache.xpath.internal.XPathAPI; -import org.apache.xpath.XPathAPI; - /** * Parses an <InfoboxReadResponse>. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 001cda196..4ddad2429 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -26,16 +26,16 @@ package at.gv.egovernment.moa.id.auth.parser; import iaik.utils.Base64InputStream; import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; import java.io.InputStream; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 99cf8af5e..c135cd3c7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -24,44 +24,42 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; - -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.URLEncoder; +import iaik.pki.PKIException; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for getting the foreign eID diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 181c46bf9..acf8b0b64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -24,49 +24,41 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; -import iaik.x509.X509Certificate; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.cert.CertificateEncodingException; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.axis.encoding.Base64; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Text; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index df5abe4f5..6d4a21674 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -27,7 +27,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Map; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -44,10 +43,7 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java index 542b03f37..c8020cda4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -24,15 +24,10 @@ package at.gv.egovernment.moa.id.auth.validator.parep; -import java.util.Map; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; -import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; /** * Input processor for infobox validators. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 1ba38c908..1e35b1f67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -24,36 +24,35 @@ package at.gv.egovernment.moa.id.auth.validator.parep; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; - -import javax.xml.parsers.DocumentBuilderFactory; - -import org.apache.xml.serialize.OutputFormat; -import org.apache.xml.serialize.XMLSerializer; -import org.apache.xpath.XPathAPI; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; + +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.StringUtils; /** * This class implements a set of utility methods. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java index b96beeedf..eae5dba05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java @@ -25,10 +25,7 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; -import org.apache.xpath.XPathAPI; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; +import org.w3c.dom.Element; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 4a23df3fb..e3457f4de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -27,7 +27,6 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; -import java.io.File; import javax.net.ssl.SSLSocketFactory; import javax.xml.parsers.DocumentBuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index 1932183f1..bc5a0e061 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -24,26 +24,24 @@ package at.gv.egovernment.moa.id.auth.validator.parep.config; -import java.io.File; -import java.io.FileInputStream; -import java.util.HashMap; - -import org.apache.xpath.XPathAPI; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; -import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; +import java.io.File; +import java.io.FileInputStream; +import java.util.HashMap; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; /** * This class implements the Configuration. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index d81435f83..7fe85cfae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -639,38 +639,7 @@ public class ConfigurationBuilder { - protected OnlineMandatesTemplates[] buildTemplateOnlineMandatesOA(Node contextNode, OnlineMandatesTemplates[] defaultTemplatesOnlineMandates) { - - String xpathExpr = OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH; - List onlineMandatesTemplatesList = new ArrayList(); - - NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); - - Element bkuElem; - while ((bkuElem = (Element) bkuIter.nextNode()) != null) { - String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null); - String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null); - String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null); - - OnlineMandatesTemplates template = new OnlineMandatesTemplates(); - template.setBkuURL(bkuUrl); - template.setMoaIdTemplateURL(moaidTemplateUrl); - template.setMandatesTemplateURL(mandateTemplateUrl); - - onlineMandatesTemplatesList.add(template); - - } - - if (onlineMandatesTemplatesList.isEmpty()) - return defaultTemplatesOnlineMandates; - - OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()]; - onlineMandatesTemplatesList.toArray(onlinemandatesTemplates); - - return onlinemandatesTemplates; - - } - + /** * Method buildConnectionParameter: internal Method for creating a diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java deleted file mode 100644 index 99cf75270..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config; - -public class OnlineMandatesTemplates { - - private String bkuURL; - - private String moaIdTemplateURL; - - private String mandatesTemplateURL; - - /** - * @return the bkuURL - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * @param bkuURL the bkuURL to set - */ - public void setBkuURL(String bkuURL) { - this.bkuURL = bkuURL; - } - - /** - * @return the moaIdTemplateURL - */ - public String getMoaIdTemplateURL() { - return moaIdTemplateURL; - } - - /** - * @param moaIdTemplateURL the moaIdTemplateURL to set - */ - public void setMoaIdTemplateURL(String moaIdTemplateURL) { - this.moaIdTemplateURL = moaIdTemplateURL; - } - - /** - * @return the mandatesTemplateURL - */ - public String getMandatesTemplateURL() { - return mandatesTemplateURL; - } - - /** - * @param mandatesTemplateURL the mandatesTemplateURL to set - */ - public void setMandatesTemplateURL(String mandatesTemplateURL) { - this.mandatesTemplateURL = mandatesTemplateURL; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index 6ca4ef3d1..1fe8f13b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -27,8 +27,6 @@ */ package at.gv.egovernment.moa.id.config; -import java.util.HashMap; -import java.util.Map; /** * This interface contains all actual possible targets in Austria (shortcuts and friendly names) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index ec1a478f7..04b92f209 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -316,23 +316,23 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // } // } - /** - * Loads the transformsInfos from files. - * @throws Exception on any exception thrown - */ - private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { - - String[] transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } - return transformsInfos; - } +// /** +// * Loads the transformsInfos from files. +// * @throws Exception on any exception thrown +// */ +// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { +// +// String[] transformsInfos = new String[transformsInfoFileNames.length]; +// for (int i = 0; i < transformsInfoFileNames.length; i++) { +// String fileURL = transformsInfoFileNames[i]; +// +// //if fileURL is relative to rootConfigFileDir make it absolute +// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); +// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); +// transformsInfos[i] = transformsInfo; +// } +// return transformsInfos; +// } /** * Return a string array with all filenames leading * to the Transforms Information for the Security Layer diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 1e169aef3..f85666acf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; -import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates; /** * Configuration parameters belonging to an online application, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index f5083cf2a..f2aca057a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -27,7 +27,6 @@ package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index d7e8ae686..06dbf7d0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -29,11 +29,8 @@ import java.io.BufferedOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.PrintWriter; import java.io.StringWriter; import java.net.HttpURLConnection; -import java.net.MalformedURLException; -import java.net.URL; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; @@ -59,11 +56,10 @@ import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.CookieManager; import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 60678fe22..1181253f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -24,38 +24,31 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.util.ArrayList; -import java.util.List; - -import javax.net.ssl.SSLSocketFactory; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.methods.PostMethod; -import org.apache.commons.httpclient.methods.StringRequestEntity; -import org.apache.commons.httpclient.protocol.Protocol; -import org.apache.xerces.parsers.DOMParser; -import org.apache.xpath.XPathAPI; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; -import org.xml.sax.SAXNotRecognizedException; -import org.xml.sax.SAXNotSupportedException; - -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.methods.StringRequestEntity; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index b8ee6ac68..db6fbe990 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -34,6 +34,7 @@ auth.13=Vollmachtenmodus f auth.14=Zertifikat konnte nicht ausgelesen werden. auth.15=Fehler bei Anfrage an Vollmachten Service. auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" +auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar -- cgit v1.2.3 From 9231e07269419fcf32b17d3d2a57c70a47f36866 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 8 Nov 2011 18:49:53 +0000 Subject: =?UTF-8?q?SAML=20Attribute=20OIDTextualDescription=20hinzugef?= =?UTF-8?q?=C3=BCgt=20(n=C3=B6tig=20f=C3=BCr=20Organwalter=20und=20berufsm?= =?UTF-8?q?.=20Parteienvertreter)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1229 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 74 ++++++++++++++++++++++ 1 file changed, 74 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index c4ab80c66..f58b41a4e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -613,6 +613,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); + + + try { + // sets the extended SAML attributes for OID (Organwalter) + setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam.getBusinessService()); + } catch (SAXException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } + + if (oaParam.getProvideFullMandatorData()) { try { // set extended SAML attributes if provideMandatorData is true @@ -1072,6 +1088,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { } + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandatesOID( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException + { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID(mandate, business); + + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); + + } + /** * Intermediate processing of the infoboxes. The first pending infobox * validator may validate the provided input @@ -1259,6 +1301,38 @@ public class AuthenticationServer implements MOAIDAuthConstants { + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException { + + Vector extendedSamlAttributes = new Vector(); + + + extendedSamlAttributes.clear(); + + String oid = mandate.getProfRep(); + + if (oid != null) { + String oidDescription = mandate.getTextualDescriptionOfOID(); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + + } /** -- cgit v1.2.3 From 345a80135fff432f020053192b0aacae11ec4494 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 9 Nov 2011 11:23:38 +0000 Subject: =?UTF-8?q?SAML=20Attribute=20OID=20hinzugef=C3=BCgt=20(n=C3=B6tig?= =?UTF-8?q?=20f=C3=BCr=20Organwalter=20und=20berufsm.=20Parteienvertreter)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1230 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 ++ .../at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java | 1 + 2 files changed, 3 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f58b41a4e..7caa45347 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1322,8 +1322,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oid = mandate.getProfRep(); if (oid != null) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OID, oid, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); String oidDescription = mandate.getTextualDescriptionOfOID(); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + } ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 178c15a28..7070597fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -106,6 +106,7 @@ public class ParepValidator implements InfoboxValidator { public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + public final static String EXT_SAML_MANDATE_OID = "OID"; /** */ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; -- cgit v1.2.3 From 951546efbf6484c21734656b247c980da4fcda94 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 16 Nov 2011 09:05:26 +0000 Subject: http://127.0.0.1:3495/http-security-layer-request and https://127.0.0.1:3496/https-security-layer-request added to TrustedBKUs. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1231 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index e4c1d4742..8c3bccab3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -114,7 +114,8 @@ public class ParamValidatorUtils { * @return */ public static boolean isValidBKUURI(String bkuURI) { - Logger.debug("Überprüfe Parameter bkuURI"); + Logger.debug("Überprüfe Parameter bkuURI"); + // if non parameter is given return true if (bkuURI == null) { Logger.debug("Parameter bkuURI ist null"); @@ -129,7 +130,9 @@ public class ParamValidatorUtils { // check if bkuURI is a local BKU if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 || - bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0) { + bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 || + bkuURI.compareToIgnoreCase("http://127.0.0.1:3495/http-security-layer-request") == 0 || + bkuURI.compareToIgnoreCase("https://127.0.0.1:3496/https-security-layer-request") == 0) { Logger.debug("Parameter bkuURI erfolgreich überprüft"); return true; } -- cgit v1.2.3 From fd49902f62d361acb1102024c98c304fac265fa1 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 28 Nov 2011 15:33:51 +0000 Subject: Update SAML-Assertion (OID, RepresentationType, Konfig-Attribut: provideStammzahl, etc.) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1232 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 57 +++++++++++++++------- 1 file changed, 39 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7caa45347..68e6b950a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -48,6 +48,8 @@ import javax.xml.transform.TransformerException; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; @@ -112,6 +114,7 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; /** @@ -632,7 +635,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (oaParam.getProvideFullMandatorData()) { try { // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService(), oaParam.getProvideStammzahl()); } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); } catch (IOException e) { @@ -1077,11 +1080,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SAXException */ private void setExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, boolean business) + AuthenticationSession session, MISMandate mandate, boolean business, boolean provideStammzahl) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business); + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business, provideStammzahl); AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); @@ -1241,16 +1244,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SAXException * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException { + private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { Vector extendedSamlAttributes = new Vector(); extendedSamlAttributes.clear(); //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - // RepresentationType - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); // Name Element domMandate = mandateToElement(mandate); @@ -1261,18 +1262,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode); // first check if physical person - Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); - String mandatorname = ParepUtils.extractMandatorName(mandator); + //Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); + //String mandatorname = ParepUtils.extractMandatorName(mandator); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); // Geburtsdatum - String dob = ParepUtils.extractMandatorDateOfBirth(mandator); - if (dob != null && !"".equals(dob)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } + //String dob = ParepUtils.extractMandatorDateOfBirth(mandator); + //if (dob != null && !"".equals(dob)) { + // extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + //} // Mandate extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + // (w)bpk String wbpk = ParepUtils.extractMandatorWbpk(mandator); @@ -1288,11 +1290,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String oid = mandate.getProfRep(); - if (oid != null) { - String oidDescription = mandate.getTextualDescriptionOfOID(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } +// String oid = mandate.getProfRep(); +// if (oid != null) { +// String oidDescription = mandate.getTextualDescriptionOfOID(); +// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +// } ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; extendedSamlAttributes.copyInto(ret); @@ -1319,6 +1321,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { extendedSamlAttributes.clear(); + // RepresentationType + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String oid = mandate.getProfRep(); if (oid != null) { @@ -1639,6 +1645,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { Element mandatePerson = tempIdentityLink.getPrPerson(); String mandateData = null; try { + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); + if (!provideStammzahl) { + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + Node prIdentification = mandatePerson.getFirstChild(); + prIdentification.getFirstChild().setTextContent(""); + } + } + + } mandateData = DOMUtils.serializeNode(mandatePerson); } catch (TransformerException e1) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); -- cgit v1.2.3 From a9b2e962d2853b74d314cb9f614cab446a7134c0 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 26 Jan 2012 21:59:33 +0000 Subject: =?UTF-8?q?*=20optionalen=20useUTC=20Parameter=20in=20Konfig=20ein?= =?UTF-8?q?gef=C3=BCgt=20(damit=20IssueInstant=20in=20SAML=20Assertion=20a?= =?UTF-8?q?uf=20UTC=20einstellbar)=20*=20optionalen=20sourceID=20Parameter?= =?UTF-8?q?=20bei=20MOA-ID=20Aufruf=20eingef=C3=BCgt=20(wird=201:1=20in=20?= =?UTF-8?q?SAML=20Assertion=20=C3=BCbernommen)=20*=20Update=20Doku=20(useU?= =?UTF-8?q?TC,=20sourceID,=20Vollmachten-Profile)=20*=20Ablauf=C3=A4nderun?= =?UTF-8?q?g=20bei=20Vollmachten-Modus=20(Signatur=20Zertifikat=20wird=20a?= =?UTF-8?q?us=20Signatur=20entnommen=20und=20nicht=20mittels=20eigenem=20I?= =?UTF-8?q?nfobox-Request)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1233 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 59 +++++++---- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../builder/AuthenticationAssertionBuilder.java | 26 +++++ .../AuthenticationDataAssertionBuilder.java | 15 ++- .../moa/id/auth/data/AuthenticationSession.java | 28 +++++- .../auth/servlet/GetAuthenticationDataService.java | 9 +- .../auth/servlet/StartAuthenticationServlet.java | 13 ++- .../servlet/VerifyAuthenticationBlockServlet.java | 112 +++++++++++++++++++-- .../id/auth/servlet/VerifyCertificateServlet.java | 62 +----------- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 2 +- .../moa/id/config/ConfigurationBuilder.java | 1 + .../moa/id/config/auth/OAAuthParameter.java | 21 ++++ .../moa/id/data/AuthenticationData.java | 15 +++ .../moa/id/proxy/builder/SAMLRequestBuilder.java | 2 +- .../moa/id/util/ParamValidatorUtils.java | 30 ++++++ .../id/util/client/mis/simple/MISSimpleClient.java | 19 +++- 16 files changed, 310 insertions(+), 106 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 68e6b950a..a68dca65a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; @@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** @@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode) - * @param scheme determines the protocol used + * @param scheme determines the protocol used + * @param sourceID * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder @@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bkuURL, String useMandate, String sessionID, - String scheme) + String scheme, + String sourceID) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { String useMandateString = null; @@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); + session.setBusinessService(oaParam.getBusinessService()); + if (sourceID != null) + session.setSourceID(sourceID); } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // for testing new identity link certificate - // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample // xmlInfoboxReadResponse = null; // try { -// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); +// File file = new File("c:/temp/XXXMuster.xml"); // FileInputStream fis; // // fis = new FileInputStream(file); // byte[] array = Utils.readFromInputStream(fis); // // xmlInfoboxReadResponse = new String(array); -// //System.out.println(xmlInfoboxReadResponse); +// System.out.println(xmlInfoboxReadResponse); // // } catch (FileNotFoundException e) { // // TODO Auto-generated catch block @@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // // TODO Auto-generated catch block // e.printStackTrace(); // } -// + // parses the @@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); + String authBlock = buildAuthenticationBlock(session, oaParam); // session.setAuthBlock(authBlock); // builds the @@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); String identificationValue = identityLink.getIdentificationValue(); String identificationType = identityLink.getIdentificationType(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); @@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // parses CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC); if (session.getUseMandate()) { // mandate mode + //session.setAssertionAuthBlock(assertionAuthBlock) + + // set signer certificate + session.setSignerCertificate(vsresp.getX509certificate()); + return null; } else { @@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { } VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getForeignSignerCertificate(); + X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - AuthenticationData authData = buildAuthenticationData(session, vsresp); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC); String samlAssertion = @@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + boolean useUTC) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); @@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); + authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC)); authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); + authData.setUseUTC(oaParam.getUseUTC()); boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 260b3fd01..f3be98ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -43,6 +43,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ public static final String PARAM_BKU = "bkuURI"; + /** servlet parameter "sourceID" */ + public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 8af4e3af5..410d045f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder { " " + NL + " {2}" + NL + " "+ NL; + + protected static String SAML_ATTRIBUTE_NO_NAMESPACE = + " " + NL + + " {1}" + NL + + " "+ NL; /** * Empty constructor @@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder { } return sb.toString(); } + + /** + * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion + * delivered to the online application. + * The method traverses through the list of given SAML attribute objects and builds an + * XML structure (String representation) for each of the attributes. + * + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or + * to the SAML assertion delivered to the online application. + * @return A string representation including the XML structures of + * the SAML attributes. + * + * @throws ParseException If an error occurs on serializing an SAML attribute. + */ + protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { + StringBuffer sb = new StringBuffer(); + if (sourceID!=null) + sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); + + return sb.toString(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 367116c73..7032e09eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB " " + NL + " {9}" + NL + " " + NL + - "{10}" + - "{11}" + + "{10}" + + "{11}" + "{12}" + + "{13}" + " " + NL + ""; @@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB " " + NL + " {10}" + NL + " " + NL + - "{11}" + - "{12}" + + "{11}" + + "{12}" + "{13}" + + "{14}" + " " + NL + ""; /** @@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, + String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String assertion; try { + assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), authData.getIssuer(), @@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlPersonData), isQualifiedCertificate, bkuURL, + buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, + String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlMandateData), isQualifiedCertificate, bkuURL, + buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3ab8ff819..5a18b720b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -62,6 +62,11 @@ public class AuthenticationSession { * Friendly name for the target, if target is configured via MOA-ID configuration */ private String targetFriendlyName; + + /** + * SourceID + */ + private String sourceID; /** * Indicates if target from configuration is used or not */ @@ -155,7 +160,7 @@ public class AuthenticationSession { private boolean businessService; /** - * Signer certificate of the foreign citizen + * Signer certificate of the foreign citizen or for mandate mode */ private X509Certificate signerCertificate; /** @@ -212,11 +217,11 @@ public class AuthenticationSession { infoboxValidators = new ArrayList(); } - public X509Certificate getForeignSignerCertificate() { + public X509Certificate getSignerCertificate() { return signerCertificate; } - public void setForeignSignerCertificate(X509Certificate signerCertificate) { + public void setSignerCertificate(X509Certificate signerCertificate) { this.signerCertificate = signerCertificate; } @@ -284,6 +289,14 @@ public class AuthenticationSession { return target; } + /** + * Returns the sourceID. + * @return String + */ + public String getSourceID() { + return sourceID; + } + /** * Returns the target friendly name. * @return String @@ -332,6 +345,15 @@ public class AuthenticationSession { this.target = target; } } + + /** + * Sets the sourceID + * @param sourceID The sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + /** * Sets the target. If the target includes the target prefix, the prefix will be stripped off. * @param target The target to set diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index da5ad6ab9..b5c72ef9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants { String statusMessageCode = null; String statusMessage = null; String samlAssertion = ""; + boolean useUTC = false; if (requests.length > 1) { // more than 1 request given as parameter statusCode = "samlp:Requester"; @@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants { requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); try { + AuthenticationData authData = AuthenticationServer.getInstance(). getAuthenticationData(samlArtifact); + + useUTC = authData.getUseUTC(); // success samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; @@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants { } } try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + } catch (MOAIDException e) { AxisFault fault = AxisFault.makeFault(e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index ca3883dad..431af3c31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); - // escape parameter strings target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); sessionID = StringEscapeUtils.escapeHtml(sessionID); useMandate = StringEscapeUtils.escapeHtml(useMandate); - + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); @@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); @@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidTarget(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); } else { // use target from config - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); } resp.setContentType("text/html;charset=UTF-8"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f7f9d8fed..17cbe7a3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -24,26 +24,40 @@ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + import java.io.IOException; +import java.security.GeneralSecurityException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; /** @@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode + + callMISService(session, req, resp); - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { @@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } } + + /** + * Calls the MIS Service + * @param session + * @throws IOException + */ + private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { + + try { + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); + + System.out.println("IDL: " + s); + + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + String redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); + + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + String oaFriendlyName = oaParam.getFriendlyName(); + String mandateReferenceValue = session.getMandateReferenceValue(); + X509Certificate cert = session.getSignerCertificate(); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); + } + } /** * Adds a parameter to a URL. * @param url the URL diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index acf8b0b64..27f956c40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) { - // Mandate Modus - // make request to MIS - - AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); - - // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); - String s = DOMUtils.serializeNode(elem); - byte[] idl = s.getBytes(); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - String redirectURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - GET_MIS_SESSIONID, - session.getSessionID()); - - String oaURL = session.getOAURLRequested(); - OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); - String profiles = oaParam.getMandateProfiles(); - - if (profiles == null) { - Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); - } - - String profilesArray[] = profiles.split(","); - for(int i = 0; i < profilesArray.length; i++) { - profilesArray[i] = profilesArray[i].trim(); - } - - String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); - String redirectMISGUI = misSessionID.getRedirectURL(); - - if (misSessionID == null) { - Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); - throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); - } - - session.setMISSessionID(misSessionID.getSessiondId()); - - resp.setStatus(302); - resp.addHeader("Location", redirectMISGUI); - Logger.debug("REDIRECT TO: " + redirectURL); - + Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null); } else { // Foreign Identities Modus @@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet { } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp); - } catch (PKIException e) { - handleError(null, e, req, resp); - } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); - } catch (TransformerException e) { - handleError(null, e, req, resp); - } + } } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 6d4a21674..fc5d82936 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - // build dataurl (to the GetForeignIDSerlvet) + // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 7fe85cfae..8cc51bf93 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -579,6 +579,7 @@ public class ConfigurationBuilder { oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); + oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index f85666acf..65e21cbce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter { * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data */ private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; /** * url to a template for web page "Auswahl der Bürgerkartenumgebung" */ @@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter { return provideFullMandatorData; } + /** + * Returns true if the IssueInstant should be given in UTC, otherwise false. + * @return true if the IssueInstant should be given in UTC, otherwise false. + */ + public boolean getUseUTC() { + return useUTC; + } + /** * Returns the key box identifier. @@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter { public void setProvideFullMandatorData(boolean provideFullMandatorData) { this.provideFullMandatorData = provideFullMandatorData; } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** * Sets the key box identifier. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 44eb98dad..79f3b4e30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -107,6 +107,9 @@ public class AuthenticationData { * the corresponding lt;saml:Assertion> */ private String samlAssertion; + + /** useUTC */ + private boolean useUTC; /** * creation timestamp */ @@ -166,6 +169,14 @@ public class AuthenticationData { public String getWBPK() { return wbPK; } + + /** + * Returns useUTC + * @return useUTC + */ + public boolean getUseUTC() { + return useUTC; + } /** * Sets the minorVersion. @@ -215,6 +226,10 @@ public class AuthenticationData { this.wbPK = wbPK; } + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + /** * Returns the assertionID. * @return String diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 5ce952662..2493f42b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants { */ public Element build(String requestID, String samlArtifactBase64) throws BuildException { try { - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true); String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); return requestElem; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 8c3bccab3..fa220d13d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -75,6 +75,36 @@ public class ParamValidatorUtils { return false; } + } + + /** + * Checks if the given target is valid + * @param sourceID HTTP parameter from request + * @return + */ + public static boolean isValidSourceID(String sourceID) { + + Logger.debug("Überprüfe Parameter sourceID"); + + // if non parameter is given return true + if (sourceID == null) { + Logger.debug("Parameter Target ist null"); + return true; + } + + + Pattern pattern = Pattern.compile("[\\w-_]{1,50}"); + Matcher matcher = pattern.matcher(sourceID); + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter sourceID erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)"); + return false; + } + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 1181253f1..620919c61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -149,7 +149,8 @@ public class MISSimpleClient { Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink"); - + + idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl)))); mirElement.appendChild(idlElement); @@ -237,7 +238,18 @@ public class MISSimpleClient { } } - private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { + private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { + +// try { +// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request)); +// } catch (TransformerException e1) { +// // TODO Auto-generated catch block +// e1.printStackTrace(); +// } catch (IOException e1) { +// // TODO Auto-generated catch block +// e1.printStackTrace(); +// } + if (webServiceURL == null) { throw new NullPointerException("Argument webServiceURL must not be null."); } @@ -249,7 +261,8 @@ public class MISSimpleClient { PostMethod post = new PostMethod(webServiceURL); StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8"); post.setRequestEntity(re); - int responseCode = httpclient.executeMethod(post); + int responseCode = httpclient.executeMethod(post); + if (responseCode != 200) { throw new MISSimpleClientException("Invalid HTTP response code " + responseCode); } -- cgit v1.2.3 From d89d097cf6ae5f044e592d747a25395a06f95168 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 27 Jan 2012 08:18:03 +0000 Subject: =?UTF-8?q?*=20Update=20Mindestanforderung=20JDK=20f=C3=BCr=20Onli?= =?UTF-8?q?ne-Vollmachten=20*=20Update=20Online-Vollmachten-Ablauf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1234 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../servlet/VerifyAuthenticationBlockServlet.java | 105 +++++++++++++++------ 1 file changed, 74 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 17cbe7a3d..5ae508358 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -161,47 +161,90 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (samlArtifactBase64 == null) { //mandate Mode - callMISService(session, req, resp); - - //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - - //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); + + //System.out.println("IDL: " + s); + + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); - // build dataurl -// String dataurl = -// new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// REQ_VERIFY_CERTIFICATE, -// session.getSessionID()); - - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + String oaFriendlyName = oaParam.getFriendlyName(); + String mandateReferenceValue = session.getMandateReferenceValue(); + X509Certificate cert = session.getSignerCertificate(); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); } + else { - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + + resp.setContentType("text/html"); + resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } } catch (MOAIDException ex) { handleError(null, ex, req, resp); + } catch (GeneralSecurityException e) { + handleError(null, e, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); } } -- cgit v1.2.3 From 453bd7f12223fe4e58049bb8f2f40d80d80bccd7 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 7 Feb 2012 16:15:24 +0000 Subject: =?UTF-8?q?*=20Alte=20MOCCA=20Signaturen=20wieder=20pr=C3=BCfbar?= =?UTF-8?q?=20(Parsererror=20fehlendes=20Target=20Attribut=20in=20Qualifyi?= =?UTF-8?q?ngProperties=20wird=20ignoriert)=20*=20Update=20MOA=20Template?= =?UTF-8?q?=20f=C3=BCr=20B=C3=BCrgerkartenauswahl=20(No-Script-Variante,?= =?UTF-8?q?=20Update=20Bilder=20und=20Text)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1235 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java | 4 +--- .../moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | 2 +- .../main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java | 2 ++ 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index db70a6111..53c1168c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -199,9 +199,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion sectorName = targetFriendlyName; } - System.out.println("targetFriendlyName: " + targetFriendlyName); - System.out.println("sectorName: " + sectorName); - + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index d49d038fa..49105b306 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -187,7 +187,7 @@ public class CreateXMLSignatureResponseValidator { } gbTarget = gbTarget + " (" + sectorName + ")"; //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; - System.out.println("Validate: " + gbTarget + " - " + samlAttribute.getValue()); + if (!gbTarget.equals((String)samlAttribute.getValue())) { throw new ValidateException("validator.13", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index fa220d13d..644e59f72 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -43,6 +43,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; public class ParamValidatorUtils { @@ -506,6 +507,7 @@ public class ParamValidatorUtils { // } public static boolean isValidXMLDocument(String document) { + if (document == null) return false; -- cgit v1.2.3 From 4af2a06ad0d4dc021277b115d15bbeeede3c23b7 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 9 Feb 2012 21:11:31 +0000 Subject: =?UTF-8?q?Update=20MOA-SPSS-Konfig=20Schema=20(Blacklists)=20MOAS?= =?UTF-8?q?ecurityManager=20f=C3=BCr=20Blacklists?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1236 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/AuthenticationServer.java | 19 ++++++++++++++----- .../id/auth/parser/IdentityLinkAssertionParser.java | 4 ++-- .../CreateXMLSignatureResponseValidator.java | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a68dca65a..b8fa4f412 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -501,16 +501,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { // check if an identity link was found // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2)) - CharSequence se = "ErrorCode>2911".substring(0); - boolean b = xmlInfoboxReadResponse.contains(se); - if (b) { // no identity link found + //CharSequence se = "ErrorCode>2911".substring(0); + //boolean b = xmlInfoboxReadResponse.contains(se); + String se = "ErrorCode>2911"; + int b = xmlInfoboxReadResponse.indexOf(se); + if (b!=-1) { // no identity link found Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID."); return null; } // spezifikationsgemäßer (SL1.2) Errorcode se = "ErrorCode>4002"; - b = xmlInfoboxReadResponse.contains(se); - if (b) { // Unbekannter Infoboxbezeichner + //b = xmlInfoboxReadResponse.contains(se); + b = xmlInfoboxReadResponse.indexOf(se); + if (b!=-1) { // Unbekannter Infoboxbezeichner Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); return null; } @@ -1659,6 +1662,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { Element mandatePerson = tempIdentityLink.getPrPerson(); + try { + System.out.println("MANDATE: " + DOMUtils.serializeNode(mandatePerson)); + } + catch(Exception e) { + e.printStackTrace(); + } String mandateData = null; try { OAAuthParameter oaParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index 2e20f483c..cb3ed5ad9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -251,8 +251,8 @@ public class IdentityLinkAssertionParser { String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); // replace ' in name with ' - givenname = givenname.replace("'", "'"); - familyname = familyname.replace("'", "'"); + givenname = givenname.replaceAll("'", "'"); + familyname = familyname.replaceAll("'", "'"); identityLink.setGivenName(givenname); identityLink.setFamilyName(familyname); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 49105b306..dfad29e50 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -97,7 +97,7 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.32", null); } // replace ' in name with ' - issuer = issuer.replace("'", "'"); + issuer = issuer.replaceAll("'", "'"); String issueInstant = samlAssertion.getAttribute("IssueInstant"); if (!issueInstant.equals(session.getIssueInstant())) { -- cgit v1.2.3 From 583d95af8f722f60cf848e603f12f6c0be0e9a59 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 10 Feb 2012 16:21:09 +0000 Subject: * Ausbau MOASecurityManager (nicht anwendbar da SecurityManager nur systemweit gesetzt werden kann) * Update ExternalURIResolver mit ExternalURIVerifier der gegen Blackliste checkt git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1238 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../servlet/VerifyAuthenticationBlockServlet.java | 139 +++++++++++---------- 2 files changed, 71 insertions(+), 70 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b8fa4f412..355918f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -419,7 +419,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { templateURL = session.getTemplateURL(); } if (templateURL != null) { - try { + try { template = new String(FileUtils.readURL(templateURL)); } catch (IOException ex) { throw new AuthenticationException( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 5ae508358..a51fa483f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -225,12 +225,13 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } } @@ -254,72 +255,72 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { * @param session * @throws IOException */ - private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { - - try { - AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); - - // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); - String s = DOMUtils.serializeNode(elem); - - System.out.println("IDL: " + s); - - byte[] idl = s.getBytes(); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - String redirectURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - GET_MIS_SESSIONID, - session.getSessionID()); - - String oaURL = session.getOAURLRequested(); - OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); - String profiles = oaParam.getMandateProfiles(); - - if (profiles == null) { - Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); - } - - String profilesArray[] = profiles.split(","); - for(int i = 0; i < profilesArray.length; i++) { - profilesArray[i] = profilesArray[i].trim(); - } - - String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); - String redirectMISGUI = misSessionID.getRedirectURL(); - - if (misSessionID == null) { - Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); - throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); - } - - session.setMISSessionID(misSessionID.getSessiondId()); - - resp.setStatus(302); - resp.addHeader("Location", redirectMISGUI); - Logger.debug("REDIRECT TO: " + redirectURL); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp); - } catch (PKIException e) { - handleError(null, e, req, resp); - } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); - } catch (TransformerException e) { - handleError(null, e, req, resp); - } - } +// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { +// +// try { +// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); +// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); +// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); +// +// // get identitity link as byte[] +// Element elem = session.getIdentityLink().getSamlAssertion(); +// String s = DOMUtils.serializeNode(elem); +// +// System.out.println("IDL: " + s); +// +// byte[] idl = s.getBytes(); +// +// // redirect url +// // build redirect(to the GetMISSessionIdSerlvet) +// String redirectURL = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// GET_MIS_SESSIONID, +// session.getSessionID()); +// +// String oaURL = session.getOAURLRequested(); +// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); +// String profiles = oaParam.getMandateProfiles(); +// +// if (profiles == null) { +// Logger.error("No Mandate/Profile for OA configured."); +// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); +// } +// +// String profilesArray[] = profiles.split(","); +// for(int i = 0; i < profilesArray.length; i++) { +// profilesArray[i] = profilesArray[i].trim(); +// } +// +// String oaFriendlyName = oaParam.getFriendlyName(); +// String mandateReferenceValue = session.getMandateReferenceValue(); +// X509Certificate cert = session.getSignerCertificate(); +// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); +// String redirectMISGUI = misSessionID.getRedirectURL(); +// +// if (misSessionID == null) { +// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); +// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); +// } +// +// session.setMISSessionID(misSessionID.getSessiondId()); +// +// resp.setStatus(302); +// resp.addHeader("Location", redirectMISGUI); +// Logger.debug("REDIRECT TO: " + redirectURL); +// } +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp); +// } catch (GeneralSecurityException ex) { +// handleError(null, ex, req, resp); +// } catch (PKIException e) { +// handleError(null, e, req, resp); +// } catch (MISSimpleClientException e) { +// handleError(null, e, req, resp); +// } catch (TransformerException e) { +// handleError(null, e, req, resp); +// } +// } /** * Adds a parameter to a URL. * @param url the URL -- cgit v1.2.3 From 5d5eaaa2580163023dbc8f2336c5e996e0bcbad0 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 14 Feb 2012 13:44:52 +0000 Subject: * Update DOMUtils * Update MOA-SPSS Konfiguration Dokumentation * Update Resolver git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1240 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 2 +- .../at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index cc283b8ac..90282a28c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -133,7 +133,7 @@ public class VerifyXMLSignatureResponseValidator { catch (RFC2253NameParserException e) { throw new ValidateException("validator.17", null); } - System.out.println("subjectDN: " + subjectDN); + //System.out.println("subjectDN: " + subjectDN); // check the authorisation to sign the identity link if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { // subject DN check failed, try OID check: diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index c152d815b..74b18a662 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -192,7 +192,7 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { } catch (IOException e) { - System.out.println("Exception =" + e); + //System.out.println("Exception =" + e); return null; } -- cgit v1.2.3 From 173fb9c932bb8900cdcc67288846b4f2e92fcef3 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 15 Feb 2012 21:39:04 +0000 Subject: Update Doku und readmes git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1241 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 1 - .../main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 1 - 2 files changed, 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 355918f2d..5eb23cabc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -405,7 +405,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getBusinessService(), oaParam.getIdentityLinkDomainIdentifier()); - String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 06dbf7d0c..f695319ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -187,7 +187,6 @@ public class ProxyServlet extends HttpServlet { if (session.getAttribute(ATT_BROWSERREQU)==null) { - //@TODO Parameter samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); // String target = req.getParameter(PARAM_TARGET); parameter given but not processed -- cgit v1.2.3 From 92709b7a3e7c18583e127d2160cfd96361ac035b Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 16 Feb 2012 19:03:20 +0000 Subject: =?UTF-8?q?*=20Update=20sourceID=20Parameter=20*=20Blacklist-?= =?UTF-8?q?=C3=9Cbergabe=20an=20iaik-moa=20*=20iaik-moa.jar=20zu=20reposit?= =?UTF-8?q?ory=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1250 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 8 ++-- .../builder/AuthenticationAssertionBuilder.java | 22 +--------- .../AuthenticationDataAssertionBuilder.java | 5 --- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 49 ++++++++++++++++++---- 4 files changed, 45 insertions(+), 39 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5eb23cabc..093d22732 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1538,7 +1538,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1554,7 +1553,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1717,7 +1716,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1816,7 +1815,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1832,7 +1830,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 410d045f0..bcad65eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -114,25 +114,5 @@ public class AuthenticationAssertionBuilder { return sb.toString(); } - /** - * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion - * delivered to the online application. - * The method traverses through the list of given SAML attribute objects and builds an - * XML structure (String representation) for each of the attributes. - * - * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or - * to the SAML assertion delivered to the online application. - * @return A string representation including the XML structures of - * the SAML attributes. - * - * @throws ParseException If an error occurs on serializing an SAML attribute. - */ - protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { - StringBuffer sb = new StringBuffer(); - if (sourceID!=null) - sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); - - return sb.toString(); - } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7032e09eb..b9e44544d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -72,7 +72,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{10}" + "{11}" + "{12}" + - "{13}" + " " + NL + ""; @@ -107,7 +106,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{11}" + "{12}" + "{13}" + - "{14}" + " " + NL + ""; /** @@ -158,7 +156,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -210,7 +207,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlPersonData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -301,7 +297,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlMandateData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 41e4cd37d..145664a2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -67,7 +67,7 @@ public class SAMLArtifactBuilder { * of AssertionHandle * @return the 42-byte SAML artifact, encoded BASE64 */ - public String build(String authURL, String sessionID) throws BuildException { + public String build(String authURL, String sessionID, String sourceIdParam) throws BuildException { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; @@ -77,16 +77,45 @@ public class SAMLArtifactBuilder { //System.out.println("alternativeSourceID: " + alternativeSourceID); //System.out.println("authURL: " + authURL); - if (!ParepUtils.isEmpty(alternativeSourceID)) { - // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; - sourceID = md.digest(alternativeSourceID.getBytes()); - Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); - } else { - sourceID = md.digest(authURL.getBytes()); + // if sourceID is given in GET/POST param - use this as source id + if (!ParepUtils.isEmpty(sourceIdParam)) { + // if GET/POST parameter sourceID is set, use that sourceID instead of authURL; + sourceID = md.digest(sourceIdParam.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + sourceIdParam + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + //System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + //System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; } - //System.out.println("sourceID: " + new String(sourceID)); + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + if (!ParepUtils.isEmpty(alternativeSourceID)) { + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; + } + // default: sourecID from authURL + sourceID = md.digest(authURL.getBytes()); byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); out.write(0); @@ -98,6 +127,10 @@ public class SAMLArtifactBuilder { String samlArtifactBase64 = Base64Utils.encode(samlArtifact); //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; + + //System.out.println("sourceID: " + new String(sourceID)); + + } catch (Throwable ex) { throw new BuildException( -- cgit v1.2.3 From 8c8ddf0a97c65b1b39dad580c45e19cfa7e20a7e Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 17 Feb 2012 18:41:30 +0000 Subject: Update libs (iaik_moa-1.32.jar und iaik_ixsil-1.2.2.5.jar) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1251 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 2 ++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 22 ++++++++++++---------- .../moa/id/util/ParamValidatorUtils.java | 4 ++-- 3 files changed, 16 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 093d22732..bf35b31f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1679,6 +1679,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { Node prIdentification = mandatePerson.getFirstChild(); prIdentification.getFirstChild().setTextContent(""); +// Element.appendChild(Document.createTextNode(String)); +// prIdentification.getFirstChild(). } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 145664a2b..6a78df9b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -74,13 +74,21 @@ public class SAMLArtifactBuilder { // alternative sourceId String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); - //System.out.println("alternativeSourceID: " + alternativeSourceID); - //System.out.println("authURL: " + authURL); - // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { // if GET/POST parameter sourceID is set, use that sourceID instead of authURL; - sourceID = md.digest(sourceIdParam.getBytes()); + //sourceID = md.digest(sourceIdParam.getBytes()); + + // if sourceIdParam is too short (must have 20 characters) - add " " + int length = sourceIdParam.length(); + if (length < 20) { + int l = 20 - length; + for (int i = 0; i < l; i++) { + sourceIdParam += " "; + } + } + + sourceID = sourceIdParam.getBytes(); Logger.info("Building SAMArtifact from sourceID \"" + sourceIdParam + "\" instead of authURL \"" + authURL + "\"."); byte[] assertionHandle = md.digest(sessionID.getBytes()); @@ -90,9 +98,7 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); - //System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; } @@ -108,9 +114,7 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); - System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; } @@ -123,9 +127,7 @@ public class SAMLArtifactBuilder { out.write(sourceID, 0, 20); out.write(assertionHandle, 0, 20); byte[] samlArtifact = out.toByteArray(); - //System.out.println("samlArtifact: " + new String(samlArtifact)); String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; //System.out.println("sourceID: " + new String(sourceID)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 644e59f72..9df55724e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -94,7 +94,7 @@ public class ParamValidatorUtils { } - Pattern pattern = Pattern.compile("[\\w-_]{1,50}"); + Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); Matcher matcher = pattern.matcher(sourceID); boolean b = matcher.matches(); if (b) { @@ -102,7 +102,7 @@ public class ParamValidatorUtils { return true; } else { - Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)"); + Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); return false; } -- cgit v1.2.3 From fb449b592d265d880b5f44dd619748fdfe0e734f Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 20 Feb 2012 09:36:05 +0000 Subject: Minor updates for 1.5.1 release git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1265 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/AuthenticationException.java | 4 + .../at/gv/egovernment/moa/id/BuildException.java | 5 + .../moa/id/ECDSAConverterException.java | 5 + .../at/gv/egovernment/moa/id/MOAIDException.java | 6 +- .../at/gv/egovernment/moa/id/ParseException.java | 5 + .../at/gv/egovernment/moa/id/ServiceException.java | 5 + .../moa/id/auth/AuthenticationServer.java | 6 - .../moa/id/auth/WrongParametersException.java | 5 + .../moa/id/auth/servlet/AuthServlet.java | 5 + .../moa/id/auth/servlet/ConfigurationServlet.java | 5 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 8 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 7 +- .../moa/id/auth/servlet/SelectBKUServlet.java | 5 + .../auth/servlet/StartAuthenticationServlet.java | 6 + .../servlet/VerifyAuthenticationBlockServlet.java | 5 + .../id/auth/servlet/VerifyCertificateServlet.java | 123 ++------------------- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 5 + .../moa/id/auth/validator/ValidateException.java | 5 + .../moa/id/auth/validator/parep/ParepUtils.java | 1 - .../id/auth/validator/parep/ParepValidator.java | 1 - .../parep/client/szrgw/SZRGWClientException.java | 7 +- .../moa/id/config/ConfigurationException.java | 5 + .../id/proxy/DefaultLoginParameterResolver.java | 7 +- .../moa/id/proxy/ElakConnectionBuilder.java | 4 - .../id/proxy/LoginParameterResolverException.java | 5 + .../moa/id/proxy/NotAllowedException.java | 5 + .../moa/id/proxy/servlet/ConfigurationServlet.java | 5 + .../moa/id/proxy/servlet/ProxyException.java | 5 + .../moa/id/proxy/servlet/ProxyServlet.java | 6 +- .../moa/id/util/ParamValidatorUtils.java | 39 ++++--- .../id/util/client/mis/simple/MISSimpleClient.java | 2 - 31 files changed, 146 insertions(+), 161 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java index a8d30a22f..ae4c5fd1e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -34,6 +34,10 @@ package at.gv.egovernment.moa.id; public class AuthenticationException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = 263160314137775182L; +/** * Constructor for AuthenticationException. * @param messageId */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java index 298b9b9cc..c2ef9be6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -34,6 +34,11 @@ package at.gv.egovernment.moa.id; public class BuildException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = 5485716047459933845L; + +/** * Constructor for BuildException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java index 13f5f9863..c7c9e3d07 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -34,6 +34,11 @@ package at.gv.egovernment.moa.id; public class ECDSAConverterException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = 4410043097831285005L; + +/** * Constructor for ECDSAConverterException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java index f86e37972..54b5351de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -48,7 +48,11 @@ import at.gv.egovernment.moa.util.Constants; * @version $Id$ */ public class MOAIDException extends Exception { - /** message ID */ + /** + * + */ + private static final long serialVersionUID = -1507246171708083912L; +/** message ID */ private String messageId; /** wrapped exception */ private Throwable wrapped; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java index 999b64c10..eac65d14f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -34,6 +34,11 @@ package at.gv.egovernment.moa.id; public class ParseException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = -1057863353991948754L; + +/** * Constructor for ParseException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java index de56d63a9..8ba23705e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -34,6 +34,11 @@ package at.gv.egovernment.moa.id; public class ServiceException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = 30082718911952186L; + +/** * Constructor for ServiceException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bf35b31f2..49d421f8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,15 +24,11 @@ package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -530,10 +526,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println(xmlInfoboxReadResponse); // // } catch (FileNotFoundException e) { -// // TODO Auto-generated catch block // e.printStackTrace(); // } catch (UtilsException e) { -// // TODO Auto-generated catch block // e.printStackTrace(); // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 8f1d7cbf8..d98c944de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -36,6 +36,11 @@ import at.gv.egovernment.moa.id.MOAIDException; public class WrongParametersException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = -7501748998171109466L; + +/** * Constructor */ public WrongParametersException(String call, String parameter, String errorID) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index bde0be4a1..a19618dc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -62,6 +62,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { /** + * + */ + private static final long serialVersionUID = -6929905344382283738L; + +/** * Handles an error.
      > *
        *
      • Logs the error
        • diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index cb3857ee0..a77224d10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -50,6 +50,11 @@ import at.gv.egovernment.moa.logging.Logger; public class ConfigurationServlet extends HttpServlet { /** + * + */ + private static final long serialVersionUID = 7455620886605337681L; + +/** * Handle a HTTP GET request, used to indicated that the MOA * configuration needs to be updated (reloaded). * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index c135cd3c7..246a47699 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -69,7 +69,12 @@ import at.gv.egovernment.moa.util.URLEncoder; */ public class GetForeignIDServlet extends AuthServlet { - /** + /** + * + */ + private static final long serialVersionUID = -3415644214702379483L; + +/** * Constructor for GetForeignIDServlet. */ public GetForeignIDServlet() { @@ -171,7 +176,6 @@ public class GetForeignIDServlet extends AuthServlet { // try { // System.out.println(DOMUtils.serializeNode(samlAssertion)); // } catch (TransformerException e) { -// // TODO Auto-generated catch block // e.printStackTrace(); // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 977784a6b..9d26ded8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -65,7 +65,12 @@ import at.gv.egovernment.moa.util.URLEncoder; */ public class GetMISSessionIDServlet extends AuthServlet { - /** + /** + * + */ + private static final long serialVersionUID = 4666952867085392597L; + +/** * Constructor for GetMISSessionIDServlet. */ public GetMISSessionIDServlet() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index dd8a3144a..d544e2f85 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -61,6 +61,11 @@ import at.gv.egovernment.moa.util.StringUtils; public class SelectBKUServlet extends AuthServlet { /** + * + */ + private static final long serialVersionUID = 4764993494204751296L; + +/** * Calls the web application initializer. * * @see javax.servlet.Servlet#init(ServletConfig) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 431af3c31..355e85ce5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -57,6 +57,12 @@ import at.gv.egovernment.moa.util.StringUtils; public class StartAuthenticationServlet extends AuthServlet { /** + * + */ + private static final long serialVersionUID = 3908001651893673395L; + + +/** * Responds with an HTML form which upon submit requests the identity link * from the security layer implementation. *
        diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index a51fa483f..f15f839d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -72,6 +72,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { /** + * + */ + private static final long serialVersionUID = -2409629495345900542L; + +/** * Constructor for VerifyAuthenticationBlockServlet. */ public VerifyAuthenticationBlockServlet() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 27f956c40..acd96dee0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -24,22 +24,17 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.IOException; -import java.security.GeneralSecurityException; import java.util.Map; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; @@ -48,17 +43,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID @@ -68,7 +55,12 @@ import at.gv.egovernment.moa.util.DOMUtils; */ public class VerifyCertificateServlet extends AuthServlet { - /** + /** + * + */ + private static final long serialVersionUID = -4110159749768152538L; + +/** * Constructor for VerifyCertificateServlet. */ public VerifyCertificateServlet() { @@ -171,106 +163,7 @@ public class VerifyCertificateServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp); } - } - - /** - * Does the request to the SZR-GW - * @param givenname - * @param familyname - * @param dateofbirth - * @return Identity link assertion - * @throws SZRGWClientException - */ - /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ -// private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { -// -// SZRGWClient client = new SZRGWClient(); -// -// try { -// AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); -// ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); -// //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; -// Logger.debug("Connection Parameters: " + connectionParameters); -// client.setAddress(connectionParameters.getUrl()); -// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -// Logger.debug("Initialisiere SSL Verbindung"); -// try { -// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -// } catch (IOException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } catch (GeneralSecurityException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } catch (PKIException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } -// } -// -// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); -// -// -// } -// catch (ConfigurationException e) { -// Logger.warn(e); -// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); -// -// } -// // create request -// Document doc = buildGetIdentityLinkRequest(cert); -// Element request = doc.getDocumentElement(); -// CreateIdentityLinkResponse response = null; -// -// //try { -// response = client.createIdentityLinkResponse(request); -// //} catch (SZRGWClientException e) { -// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -// // client = new SZRGWClient(url); -// // response = client.createIdentityLinkResponse(request); -// // } -// -// -// return response.getAssertion(); -// -// } - -// /** -// * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW -// * @param givenname -// * @param familyname -// * @param birthday -// * @return -// */ -// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { -// -// try { -// byte[] certbyte = cert.getEncoded(); -// String certstring = Base64.encode(certbyte); -// -// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); -// factory.setNamespaceAware(true); -// DocumentBuilder builder = factory.newDocumentBuilder(); -// Document doc = builder.newDocument(); -// -// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); -// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); -// doc.appendChild(getIdentityLink); -// -// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); -// getIdentityLink.appendChild(x509certificate); -// Text certbase64 = doc.createTextNode(certstring); -// x509certificate.appendChild(certbase64); -// -// return doc; -// } catch (ParserConfigurationException e) { -// e.printStackTrace(); -// } catch (CertificateEncodingException e) { -// e.printStackTrace(); -// } -// return null; -// -// } -// + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index fc5d82936..17f7deb9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -58,6 +58,11 @@ import at.gv.egovernment.moa.logging.Logger; public class VerifyIdentityLinkServlet extends AuthServlet { /** + * + */ + private static final long serialVersionUID = -7074476974026049958L; + +/** * Constructor for VerifyIdentityLinkServlet. */ public VerifyIdentityLinkServlet() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java index 65f59a53b..7ac3a15dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -35,6 +35,11 @@ import at.gv.egovernment.moa.id.MOAIDException; public class ValidateException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = -3784899738402848497L; + +/** * Constructor for ValidateException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 1e35b1f67..5eeaa5d3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -113,7 +113,6 @@ public class ParepUtils { } } - // TODO: remove unreferenced /** * Dumps all bytes from an input stream to the given output stream. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 7070597fc..7bd6f5e28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -331,7 +331,6 @@ public class ParepValidator implements InfoboxValidator { this.form = ""; try { - // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen. request.setSignature(samlAssertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java index 25a31c65e..49198d79f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -31,7 +31,12 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; */ public class SZRGWClientException extends Exception { - /* + /** + * + */ + private static final long serialVersionUID = 26538259471017714L; + +/* * see super constructor. */ public SZRGWClientException() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java index cee9397d0..b0525978d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java @@ -35,6 +35,11 @@ import at.gv.egovernment.moa.id.MOAIDException; public class ConfigurationException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = -7199539463319751278L; + +/** * Create a MOAConfigurationException. */ public ConfigurationException(String messageId, Object[] parameters) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 89999ce76..7a356aaf0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -42,12 +42,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ public class DefaultLoginParameterResolver implements LoginParameterResolver { - /** - * Constructor - */ - //public DefaultLoginParameterResolver() { - //} - //@TODO: Änderung von 1.4.4 + /** * Configuration mehtod (not used) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index dd5d43e06..29c8b3bca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -168,7 +168,6 @@ public class ElakConnectionBuilder implements ConnectionBuilder { } catch (ClassNotFoundException e) { - // TODO Auto-generated catch block e.printStackTrace(); } URLStreamHandler urlStreamHandler = null; @@ -178,12 +177,10 @@ public class ElakConnectionBuilder implements ConnectionBuilder { } catch (InstantiationException e1) { - // TODO Auto-generated catch block e1.printStackTrace(); } catch (IllegalAccessException e1) { - // TODO Auto-generated catch block e1.printStackTrace(); } //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler); @@ -266,7 +263,6 @@ public class ElakConnectionBuilder implements ConnectionBuilder { public boolean verify(String hostname, SSLSession session) { - // TODO Auto-generated method stub return true; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java index b97415c94..191fb51b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -34,6 +34,11 @@ import at.gv.egovernment.moa.id.MOAIDException; */ public class LoginParameterResolverException extends MOAIDException { + /** + * + */ + private static final long serialVersionUID = 3924645289077681081L; + /** * Constructor for LoginParameterResolverException. * @param messageId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java index 248672bf5..0d435a64f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -36,6 +36,11 @@ import at.gv.egovernment.moa.id.MOAIDException; */ public class NotAllowedException extends MOAIDException { + /** + * + */ + private static final long serialVersionUID = -265024674370936886L; + /** * Constructor for NotAllowedException. * @param messageId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index c4b44f04e..099d663ea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -49,6 +49,11 @@ import at.gv.egovernment.moa.logging.Logger; public class ConfigurationServlet extends HttpServlet { /** + * + */ + private static final long serialVersionUID = -886733697373217942L; + +/** * Handle a HTTP GET request, used to indicated that the MOA * configuration needs to be updated (reloaded). * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java index 45c9c09f8..3a967d8f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -35,6 +35,11 @@ import at.gv.egovernment.moa.id.MOAIDException; public class ProxyException extends MOAIDException { /** + * + */ + private static final long serialVersionUID = -2498996404868930153L; + +/** * Constructor for ProxyException. * @param messageId * @param parameters diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index f695319ac..a55e02cdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -80,7 +80,11 @@ import at.gv.egovernment.moa.util.Base64Utils; * @version $Id$ */ public class ProxyServlet extends HttpServlet { - /** Name of the Parameter for the Target */ + /** + * + */ + private static final long serialVersionUID = 6838184868735988125L; +/** Name of the Parameter for the Target */ private static final String PARAM_TARGET = "Target"; /** Name of the Parameter for the SAMLArtifact */ private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 9df55724e..790651adf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -24,26 +24,25 @@ package at.gv.egovernment.moa.id.util; -import java.io.IOException; -import java.io.StringReader; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.servlet.http.HttpServletRequest; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import java.io.IOException; +import java.io.StringReader; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.servlet.http.HttpServletRequest; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; public class ParamValidatorUtils { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 620919c61..fed9cc72b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -243,10 +243,8 @@ public class MISSimpleClient { // try { // System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request)); // } catch (TransformerException e1) { -// // TODO Auto-generated catch block // e1.printStackTrace(); // } catch (IOException e1) { -// // TODO Auto-generated catch block // e1.printStackTrace(); // } -- cgit v1.2.3 From 42c2088ca9e13febee1f96021ebc7567c56f6801 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 20 Feb 2012 10:47:01 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1266 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 6a78df9b2..a0fe0de1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -118,7 +118,7 @@ public class SAMLArtifactBuilder { return samlArtifactBase64; } - // default: sourecID from authURL + // default: sourecID from authURL sourceID = md.digest(authURL.getBytes()); byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); -- cgit v1.2.3 From 4d1bd93835766d87edf849001b05faf820d72696 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 20 Feb 2012 10:54:45 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1267 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 49d421f8e..e86db4a5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1654,12 +1654,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { Element mandatePerson = tempIdentityLink.getPrPerson(); - try { - System.out.println("MANDATE: " + DOMUtils.serializeNode(mandatePerson)); - } - catch(Exception e) { - e.printStackTrace(); - } +// try { +// System.out.println("MANDATE: " + DOMUtils.serializeNode(mandatePerson)); +// } +// catch(Exception e) { +// e.printStackTrace(); +// } String mandateData = null; try { OAAuthParameter oaParam = -- cgit v1.2.3