From 868b44cfa0b086710dcaf49e9b029a0b05bc8826 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 15:46:22 +0100 Subject: fixing maven errors --- id/server/moa-id-commons/pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 9ec756f85..3862a0d82 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -101,6 +101,7 @@ org.apache.maven.plugins maven-jar-plugin + true true false @@ -187,4 +188,4 @@ - \ No newline at end of file + -- cgit v1.2.3 From ed19c3b21b338e05efae1067216a5bbb7d60efe4 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 16:09:46 +0100 Subject: changing chars to reflect utf8 --- id/ConfigWebTool/ConfigurationInterface.iml | 168 +++++++++++++++++++++ id/server/auth/moa-id-auth.iml | 140 +++++++++++++++++ id/server/idserverlib/moa-id-lib.iml | 131 ++++++++++++++++ id/server/moa-id-commons/moa-id-commons.iml | 63 ++++++++ id/server/moa-id.iml | 13 ++ id/server/proxy/moa-id-proxy.iml | 137 +++++++++++++++++ id/server/stork-saml-engine/stork-saml-engine.iml | 37 +++++ .../clients/api/moa-spss-handbook-apiClient.iml | 51 +++++++ .../handbook/clients/moa-spss-handbook-clients.iml | 13 ++ .../moa-spss-handbook-referencedData.iml | 25 +++ .../moa-spss-handbook-webserviceClient.iml | 51 +++++++ spss/handbook/moa-spss-handbook.iml | 22 +++ spss/server/moa-spss.iml | 13 ++ spss/server/serverlib/moa-spss-lib.iml | 99 ++++++++++++ spss/server/serverws/moa-spss-ws.iml | 63 ++++++++ spss/server/tools/moa-spss-tools.iml | 22 +++ .../moa/spss/server/tools/CertTool.java | 8 +- 17 files changed, 1052 insertions(+), 4 deletions(-) create mode 100644 id/ConfigWebTool/ConfigurationInterface.iml create mode 100644 id/server/auth/moa-id-auth.iml create mode 100644 id/server/idserverlib/moa-id-lib.iml create mode 100644 id/server/moa-id-commons/moa-id-commons.iml create mode 100644 id/server/moa-id.iml create mode 100644 id/server/proxy/moa-id-proxy.iml create mode 100644 id/server/stork-saml-engine/stork-saml-engine.iml create mode 100644 spss/handbook/clients/api/moa-spss-handbook-apiClient.iml create mode 100644 spss/handbook/clients/moa-spss-handbook-clients.iml create mode 100644 spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml create mode 100644 spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml create mode 100644 spss/handbook/moa-spss-handbook.iml create mode 100644 spss/server/moa-spss.iml create mode 100644 spss/server/serverlib/moa-spss-lib.iml create mode 100644 spss/server/serverws/moa-spss-ws.iml create mode 100644 spss/server/tools/moa-spss-tools.iml (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml new file mode 100644 index 000000000..691a1bef9 --- /dev/null +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -0,0 +1,168 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml new file mode 100644 index 000000000..b92baa5b7 --- /dev/null +++ b/id/server/auth/moa-id-auth.iml @@ -0,0 +1,140 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml new file mode 100644 index 000000000..8a104d4dc --- /dev/null +++ b/id/server/idserverlib/moa-id-lib.iml @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml new file mode 100644 index 000000000..e8ef0548b --- /dev/null +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml new file mode 100644 index 000000000..c418d6693 --- /dev/null +++ b/id/server/moa-id.iml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml new file mode 100644 index 000000000..58e8c2e70 --- /dev/null +++ b/id/server/proxy/moa-id-proxy.iml @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/stork-saml-engine/stork-saml-engine.iml b/id/server/stork-saml-engine/stork-saml-engine.iml new file mode 100644 index 000000000..74f42f4a7 --- /dev/null +++ b/id/server/stork-saml-engine/stork-saml-engine.iml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml new file mode 100644 index 000000000..a1234e810 --- /dev/null +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml new file mode 100644 index 000000000..c418d6693 --- /dev/null +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml new file mode 100644 index 000000000..3b8b05541 --- /dev/null +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml new file mode 100644 index 000000000..a1234e810 --- /dev/null +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml new file mode 100644 index 000000000..fe967688a --- /dev/null +++ b/spss/handbook/moa-spss-handbook.iml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml new file mode 100644 index 000000000..c418d6693 --- /dev/null +++ b/spss/server/moa-spss.iml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml new file mode 100644 index 000000000..df5a9edca --- /dev/null +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml new file mode 100644 index 000000000..6617a0a9c --- /dev/null +++ b/spss/server/serverws/moa-spss-ws.iml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml new file mode 100644 index 000000000..5692f09bd --- /dev/null +++ b/spss/server/tools/moa-spss-tools.iml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java index 0c144ce73..d334501d2 100644 --- a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java +++ b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java @@ -60,7 +60,7 @@ public class CertTool { /** Error message if the DN cannot be parsed according to RFC2253. */ private static final String ILLEGAL_RFC2253_NAME = - "Kein gültiger RFC2253-Name"; + "Kein gültiger RFC2253-Name"; /** * Main entry point of the tool. @@ -163,7 +163,7 @@ public class CertTool { certStore.storeCertificate(cert, null); - System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n"); + System.out.println("\nDas Zertifikat wurde erfolreich hinzugef�gt.\n"); } catch (FileNotFoundException e) { System.err.println("Zertifikat nicht gefunden: " + certFile); @@ -175,10 +175,10 @@ public class CertTool { "Fehler beim Lesen des Zertifikats: " + e.getMessage()); } catch (DirectoryStoreException e) { System.err.println( - "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage()); + "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage()); } catch (CertStoreException e) { System.err.println( - "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage()); + "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage()); } catch (Throwable t) { System.err.println("Allgemeiner Fehler: " + t.getMessage()); t.printStackTrace(); -- cgit v1.2.3 From f5c184fb20f87732030868e58653fdf68113f05a Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 27 Jan 2014 18:33:39 +0100 Subject: fix version for oa lib --- id/oa/moa-id-oa.iml | 4 +++- id/oa/pom.xml | 25 +++++++++++++++++++++++-- id/server/idserverlib/moa-id-lib.iml | 31 ++++++++++++++++++++++++++----- id/server/moa-id-commons/pom.xml | 2 +- 4 files changed, 53 insertions(+), 9 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/oa/moa-id-oa.iml b/id/oa/moa-id-oa.iml index 6fc69d99c..412cad133 100644 --- a/id/oa/moa-id-oa.iml +++ b/id/oa/moa-id-oa.iml @@ -12,7 +12,7 @@ - + @@ -32,6 +32,8 @@ + + diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 3b507a223..254b9e119 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -18,10 +18,25 @@ Internet2 https://build.shibboleth.net/nexus/content/groups/public/ + + IAIK Local + iaik/libs + http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/ + oa + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.5 + 1.5 + + + @@ -35,8 +50,13 @@ xmltooling 1.4.0 - - + + javax.servlet + servlet-api + provided + 2.4 + + jstl jstl 1.2 @@ -67,4 +87,5 @@ + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index 474aed209..d2a2c2095 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - + + @@ -20,7 +20,7 @@ - + @@ -37,7 +37,7 @@ - + @@ -47,7 +47,7 @@ - + @@ -94,6 +94,8 @@ + + @@ -126,6 +128,25 @@ + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 9dc17d7c9..3862a0d82 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT moa-id-commons moa-id-commons -- cgit v1.2.3 From 791615f1f887f81ade19a374e2552f3cb1be89ab Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Feb 2014 19:04:01 +0100 Subject: merging again --- id/ConfigWebTool/ConfigurationInterface.iml | 146 +++++++++++++------------- id/oa/moa-id-oa.iml | 5 + id/server/auth/moa-id-auth.iml | 148 ++++++++++++++++++++------ id/server/idserverlib/moa-id-lib.iml | 156 +++++++++++++++------------- id/server/moa-id-commons/moa-id-commons.iml | 5 +- id/server/moa-id-commons/pom.xml | 9 +- id/server/proxy/moa-id-proxy.iml | 148 ++++++++++++++++++++------ spss/server/serverws/pom.xml | 14 +++ 8 files changed, 420 insertions(+), 211 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index a4c74e1d7..18dc5586e 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -25,8 +25,8 @@ - - + + @@ -38,7 +38,7 @@ - + @@ -51,7 +51,7 @@ - + @@ -61,102 +61,100 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + + - - - + + + + - - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + diff --git a/id/oa/moa-id-oa.iml b/id/oa/moa-id-oa.iml index 2167d3b37..0b7bf00de 100644 --- a/id/oa/moa-id-oa.iml +++ b/id/oa/moa-id-oa.iml @@ -51,6 +51,11 @@ + + + + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 41a8f4f0a..fe65bde29 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + @@ -25,42 +25,132 @@ - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index f55be42b2..be1804f70 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - - + + + @@ -13,39 +13,51 @@ - - - - + + + + + + + - - - - - + + + + - - + - - - - - - + - + + + + + + + + + + + + + + + + + @@ -55,76 +67,72 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + - - - - - + + + + + + - - - - - - - - - - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 411421a90..3dfcfd427 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -29,11 +29,10 @@ + - - - + diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 6ff61a12e..9a3cf4f7c 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id -cd id + 1.9.98-SNAPSHOT moa-id-commons moa-id-commons @@ -14,7 +14,12 @@ cd id hyberjaxb http://repository.highsource.org/maven2/releases/ true - + + + JBoss IAIK + http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 4cc27a4d6..7d6378c87 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + @@ -22,42 +22,132 @@ - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index b8a04eba4..4dc5319ec 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -17,6 +17,20 @@ ${basedir}/../../../repository + + + + JBoss IAIK + http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ + + + + IAIK libs + http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/ + + + + -- cgit v1.2.3 From 65fb688c9323696fcc12e1c049a2b6a75d6ff1e5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Feb 2014 17:25:09 +0100 Subject: merging with other code --- id/ConfigWebTool/ConfigurationInterface.iml | 38 +++++++++-- id/server/auth/moa-id-auth.iml | 73 ++++++++++++++-------- id/server/idserverlib/moa-id-lib.iml | 33 ++++++++-- id/server/idserverlib/pom.xml | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 1 + .../moa/id/config/stork/STORKConfig.java | 13 +++- id/server/moa-id-commons/moa-id-commons.iml | 9 +-- id/server/proxy/moa-id-proxy.iml | 73 ++++++++++++++-------- .../clients/api/moa-spss-handbook-apiClient.iml | 44 ++----------- .../handbook/clients/moa-spss-handbook-clients.iml | 2 +- .../moa-spss-handbook-referencedData.iml | 2 +- .../moa-spss-handbook-webserviceClient.iml | 44 ++----------- spss/handbook/moa-spss-handbook.iml | 2 +- spss/server/moa-spss.iml | 8 +-- spss/server/serverlib/moa-spss-lib.iml | 3 +- spss/server/serverws/moa-spss-ws.iml | 2 +- spss/server/tools/moa-spss-tools.iml | 2 +- 17 files changed, 188 insertions(+), 163 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 18dc5586e..9c351185e 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -103,7 +103,7 @@ - + @@ -138,16 +138,44 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index fe65bde29..d0aa970fc 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -25,12 +25,54 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + @@ -59,16 +101,12 @@ - - - - @@ -84,12 +122,6 @@ - - - - - - @@ -129,28 +161,15 @@ - - - - - - - - - - - - - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index be1804f70..e79bae817 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -14,7 +14,7 @@ - + @@ -114,11 +114,14 @@ - + - - + + + + + @@ -126,12 +129,30 @@ + - + + + + + + + + + + + + + + + + + + + - diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 4528acfec..9896690f5 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -56,7 +56,7 @@ eu.stork Commons - 1.1.0 + 1.2.0 eu.stork diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index b356c6f35..41be2c7e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet { //TODO: found better solution, but QAA Level in response could be not supported yet try { + moasession.setQAALevel(authnResponse.getAssertions().get(0). getAuthnStatements().get(0).getAuthnContext(). getAuthnContextClassRef().getAuthnContextClassRef()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 67638cafd..b340d2449 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,6 +25,7 @@ */ package at.gv.egovernment.moa.id.config.stork; +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -33,10 +34,15 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.xml.sax.SAXException; + +import javax.xml.parsers.ParserConfigurationException; /** * Encapsulates several STORK configuration parameters according MOA configuration @@ -73,7 +79,8 @@ public class STORKConfig { } catch (MalformedURLException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); - } catch (ParserConfigurationException e) { + } + /*catch (ParserConfigurationException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } catch (SAXException e) { @@ -85,7 +92,7 @@ public class STORKConfig { } catch (MessageEncodingException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } + }*/ } SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured @@ -100,6 +107,8 @@ public class STORKConfig { } + } + public SignatureCreationParameter getSignatureCreationParameter() { return new SignatureCreationParameter(props, basedirectory); diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 3dfcfd427..08d15d746 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -26,13 +26,14 @@ - - + + - - + + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 7d6378c87..fb1a16d2e 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -22,12 +22,54 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + @@ -56,16 +98,12 @@ - - - - @@ -81,12 +119,6 @@ - - - - - - @@ -126,28 +158,15 @@ - - - - - - - - - - - - - diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 0d3e3f954..9fb2e9fda 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,51 +1,15 @@ - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index acff675ab..04a6248a2 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index d7e297421..29685104a 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 0d3e3f954..9fb2e9fda 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,51 +1,15 @@ - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index 11d5bfcc8..ce921cbeb 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index d86f7c4dc..4d170c8a3 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,8 +1,8 @@ - - - - + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 0652af183..d36dae117 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -1,5 +1,5 @@ - + @@ -55,7 +55,6 @@ - diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index b90669e54..80378b441 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index c4d7825ea..40f81fa9a 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,5 +1,5 @@ - + -- cgit v1.2.3 From 42c8940c7b813744933d261e4c414f17762062cd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 16:57:14 +0100 Subject: ap plugins are persisted now --- .../data/oa/AttributeProviderPlugin.java | 22 ---------------------- .../id/configuration/data/oa/OASTORKConfig.java | 12 ++++++++++-- .../configuration/struts/action/EditOAAction.java | 2 ++ .../src/main/resources/config/moaid_config_2.0.xsd | 13 ++++++++++++- 4 files changed, 24 insertions(+), 25 deletions(-) delete mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java deleted file mode 100644 index 00b7b09ce..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java +++ /dev/null @@ -1,22 +0,0 @@ -package at.gv.egovernment.moa.id.configuration.data.oa; - -public class AttributeProviderPlugin { - private String url = "demourl"; - private String plugin = "demo"; - - public String getUrl() { - return url; - } - - public void setUrl(String url) { - this.url = url; - } - - public String getPlugin() { - return plugin; - } - - public void setPlugin(String plugin) { - this.plugin = plugin; - } -} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 23181076a..72fc6e3a1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; @@ -79,8 +80,15 @@ public class OASTORKConfig { } // fetch vidp config - attributeProviderPlugins = new ArrayList(); - attributeProviderPlugins.add(new AttributeProviderPlugin()); + setVidpEnabled(config.isVidpEnabled()); + + attributeProviderPlugins = config.getAttributeProviders(); + // - if no attribute providers are configured, add a dummy + // TODO this is a dirty hack since we have to have one entry to + // clone from in the web form. Happens when time is short. + // Sorry. + if (attributeProviderPlugins.isEmpty()) + attributeProviderPlugins.add(new AttributeProviderPlugin()); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 775443689..c257c76c8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -984,6 +984,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); stork.setQaa(storkOA.getQaa()); stork.setOAAttributes(storkOA.getAttributes()); + stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); try { if (newentry) { diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 33ad5c990..ea78918b6 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -49,7 +49,7 @@ - + possibility to include common austrian primary keys in human readable way, english translation not available @@ -933,6 +933,8 @@ type="xsd:boolean" /> + + @@ -1010,4 +1012,13 @@ + + + + + + + + + -- cgit v1.2.3 From caee81b311e93720d4c1fe2b3de22cdcbb0fe74d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 26 Feb 2014 16:32:48 +0100 Subject: config --- .../id/protocols/stork2/AuthenticationRequest.java | 55 +- .../moa/id/commons/db/ConfigurationDBRead.java | 706 ++++++++++----------- 2 files changed, 384 insertions(+), 377 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 6ef85d7ae..db3e12f43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; @@ -64,7 +65,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel()); StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - HttpSession httpSession = httpReq.getSession(); + HttpSession httpSession = httpReq.getSession(); performRed httpSession.setAttribute("STORKSessionID", "12345"); httpResp.setStatus(startAuthResponse.getHttpStatusCode()); try { @@ -102,12 +103,37 @@ public class AuthenticationRequest implements IAction { throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + // Prepare basic AT attributes + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + authnResponse.setPersonalAttributeList(populateAttributes()); + + // Prepare extended attributes + Logger.debug("Preparing data container"); + //httpResp.setStatus(200); //VPEPSInboundPostHandler // create fresh container DataContainer container = new DataContainer(); - + + // - fill in the request we extracted above container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); @@ -118,39 +144,20 @@ public class AuthenticationRequest implements IAction { container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Data container prepared"); - if (1==1) // test + if (1==0) // test // see if we need to fetch further attributes return (new AttributeCollector()).processRequest(container, httpReq, httpResp, oaParam); + Logger.debug("Finished sending data container"); - - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - - - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } - } - - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } - - authnResponse.setPersonalAttributeList(populateAttributes()); - try { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java index e4e4ce98a..88220cded 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -22,366 +22,366 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.commons.db; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.persistence.EntityManager; - -import org.apache.commons.lang.StringEscapeUtils; - import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; - import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import org.apache.commons.lang.StringEscapeUtils; + +import javax.persistence.EntityManager; +import javax.persistence.PersistenceException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; @SuppressWarnings("rawtypes") public class ConfigurationDBRead { - private static Map QUERIES = new HashMap(); - static { - QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'"); - QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))"); - QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); - QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); - QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); - QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'"); - QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); - QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); - QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken"); - QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '1'"); - QUERIES.put("getAllOpenUsersRequests", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is not null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '0'"); - QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk"); - QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); - QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); - QUERIES.put("getUsersWithOADBID", "select userdatabase from UserDatabase userdatabase inner join userdatabase.onlineApplication oa where oa.hjid = :id"); - QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); } - - public static OnlineApplication getActiveOnlineApplication(String id) { - MiscUtil.assertNotNull(id, "OnlineApplictionID"); - Logger.trace("Getting OnlineApplication with ID " + id + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); - //query.setParameter("id", id+"%"); - query.setParameter("id", StringEscapeUtils.escapeHtml(id)); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.debug("No entries found."); - return null; - } - - if (result.size() > 1) { - Logger.warn("OAIdentifier match to more then one DB-entry!"); - return null; - } - - return (OnlineApplication) result.get(0); - } - - public static OnlineApplication getOnlineApplication(String id) { - MiscUtil.assertNotNull(id, "OnlineApplictionID"); - Logger.trace("Getting OnlineApplication with ID " + id + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID")); - //query.setParameter("id", id+"%"); - query.setParameter("id", id); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - - if (result.size() > 1) { - Logger.warn("OAIdentifier match to more then one DB-entry!"); - return null; - } - - return (OnlineApplication) result.get(0); - } - - public static OnlineApplication getOnlineApplication(long dbid) { - MiscUtil.assertNotNull(dbid, "OnlineApplictionID"); - Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID")); - //query.setParameter("id", id+"%"); - query.setParameter("id", dbid); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - - return (OnlineApplication) result.get(0); - } - - public static MOAIDConfiguration getMOAIDConfiguration() { - Logger.trace("Load MOAID Configuration from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - - return (MOAIDConfiguration) result.get(0); - } - - public static List getAllOnlineApplications() { - Logger.trace("Get All OnlineApplications from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } - - public static List getAllNewOnlineApplications() { - Logger.trace("Get All OnlineApplications from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } - - public static List getAllUsers() { - Logger.trace("Get All OnlineApplications from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } - - public static List getAllActiveOnlineApplications() { - Logger.trace("Get All active OnlineApplications from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } - - @SuppressWarnings("rawtypes") - public static List searchOnlineApplications(String id) { - MiscUtil.assertNotNull(id, "OnlineApplictionID"); - Logger.trace("Getting OnlineApplication with ID " + id + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID")); - query.setParameter("id", "%"+id+"%"); - - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - - return result; - } - - public static UserDatabase getUserWithID(long id) { - MiscUtil.assertNotNull(id, "UserID"); - Logger.trace("Getting Userinformation with ID " + id + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID")); - query.setParameter("id", id); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (UserDatabase) result.get(0); - } - - public static UserDatabase getUsersWithOADBID(long id) { - MiscUtil.assertNotNull(id, "OADBID"); - Logger.trace("Getting Userinformation with OADBID " + id + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getUsersWithOADBID")); - query.setParameter("id", id); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (UserDatabase) result.get(0); - } - - public static UserDatabase getUserWithUserName(String username) { - MiscUtil.assertNotNull(username, "UserName"); - Logger.trace("Getting Userinformation with ID " + username + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername")); - query.setParameter("username", username); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (UserDatabase) result.get(0); - } - - public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) { - MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk"); - Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK")); - query.setParameter("bpk", bpkwbpk); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (UserDatabase) result.get(0); - } - - public static UserDatabase getNewUserWithTokken(String tokken) { - MiscUtil.assertNotNull(tokken, "bpk/wbpk"); - Logger.trace("Getting Userinformation with Tokken " + tokken + " from database."); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken")); - query.setParameter("tokken", tokken); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (UserDatabase) result.get(0); - } - - public static List getAllNewUsers() { - Logger.trace("Get all new Users from Database"); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } - - public static List getAllOpenUsersRequests() { - Logger.trace("Get all new Users from Database"); - - List result; - EntityManager session = ConfigurationDBUtils.getCurrentSession(); - - javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOpenUsersRequests")); - result = query.getResultList(); - - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return result; - } + private static Map QUERIES = new HashMap(); + + static { + QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'"); + QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))"); + QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); + QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); + QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); + QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'"); + QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); + QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); + QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken"); + QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '1'"); + QUERIES.put("getAllOpenUsersRequests", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is not null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '0'"); + QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk"); + QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); + QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); + QUERIES.put("getUsersWithOADBID", "select userdatabase from UserDatabase userdatabase inner join userdatabase.onlineApplication oa where oa.hjid = :id"); + QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); + } + + public static OnlineApplication getActiveOnlineApplication(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", StringEscapeUtils.escapeHtml(id)); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.debug("No entries found."); + return null; + } + + if (result.size() > 1) { + Logger.warn("OAIdentifier match to more then one DB-entry!"); + return null; + } + + return (OnlineApplication) result.get(0); + } + + public static OnlineApplication getOnlineApplication(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + if (result.size() > 1) { + Logger.warn("OAIdentifier match to more then one DB-entry!"); + return null; + } + + return (OnlineApplication) result.get(0); + } + + public static OnlineApplication getOnlineApplication(long dbid) { + MiscUtil.assertNotNull(dbid, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", dbid); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (OnlineApplication) result.get(0); + } + + public static MOAIDConfiguration getMOAIDConfiguration() { + Logger.trace("Load MOAID Configuration from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (MOAIDConfiguration) result.get(0); + } + + public static List getAllOnlineApplications() { + Logger.trace("Get All OnlineApplications from database."); + + List result = null; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List getAllNewOnlineApplications() { + Logger.trace("Get All OnlineApplications from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List getAllUsers() { + Logger.trace("Get All OnlineApplications from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List getAllActiveOnlineApplications() { + Logger.trace("Get All active OnlineApplications from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + @SuppressWarnings("rawtypes") + public static List searchOnlineApplications(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID")); + query.setParameter("id", "%" + id + "%"); + + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return result; + } + + public static UserDatabase getUserWithID(long id) { + MiscUtil.assertNotNull(id, "UserID"); + Logger.trace("Getting Userinformation with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID")); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static UserDatabase getUsersWithOADBID(long id) { + MiscUtil.assertNotNull(id, "OADBID"); + Logger.trace("Getting Userinformation with OADBID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUsersWithOADBID")); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static UserDatabase getUserWithUserName(String username) { + MiscUtil.assertNotNull(username, "UserName"); + Logger.trace("Getting Userinformation with ID " + username + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername")); + query.setParameter("username", username); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) { + MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk"); + Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK")); + query.setParameter("bpk", bpkwbpk); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static UserDatabase getNewUserWithTokken(String tokken) { + MiscUtil.assertNotNull(tokken, "bpk/wbpk"); + Logger.trace("Getting Userinformation with Tokken " + tokken + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken")); + query.setParameter("tokken", tokken); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static List getAllNewUsers() { + Logger.trace("Get all new Users from Database"); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List getAllOpenUsersRequests() { + Logger.trace("Get all new Users from Database"); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOpenUsersRequests")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } } -- cgit v1.2.3 From cd0887a43b0b4350e736433c2b513901a2151601 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 17:51:06 +0100 Subject: after merge, having problem --- id/ConfigWebTool/ConfigurationInterface.iml | 20 +- id/oa/moa-id-oa.iml | 4 +- id/server/auth/moa-id-auth.iml | 19 +- id/server/auth/pom.xml | 9 +- id/server/idserverlib/moa-id-lib.iml | 25 +- .../moa/id/auth/AuthenticationServer.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 9 +- id/server/moa-id-commons/moa-id-commons.iml | 7 +- id/server/moa-id-commons/pom.xml | 491 +++++++++++---------- id/server/proxy/moa-id-proxy.iml | 17 +- .../oasis-dss-api-1.0.0-SNAPSHOT.jar | Bin 180095 -> 282629 bytes .../clients/api/moa-spss-handbook-apiClient.iml | 4 +- .../moa-spss-handbook-webserviceClient.iml | 4 +- spss/server/serverlib/moa-spss-lib.iml | 4 +- spss/server/serverws/moa-spss-ws.iml | 4 +- 15 files changed, 308 insertions(+), 311 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 20f45337e..43790145b 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -73,8 +73,6 @@ - - @@ -121,29 +119,20 @@ + - - - - - - - - - - - - + + @@ -168,6 +157,8 @@ + + @@ -186,6 +177,7 @@ + diff --git a/id/oa/moa-id-oa.iml b/id/oa/moa-id-oa.iml index 6d9905e25..0b7bf00de 100644 --- a/id/oa/moa-id-oa.iml +++ b/id/oa/moa-id-oa.iml @@ -13,8 +13,8 @@ - - + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index f61dfa171..b8b4208b8 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + @@ -96,19 +96,10 @@ - + - - - - - - - - - - + @@ -134,12 +125,12 @@ - + diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 987ae1951..c17722df0 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -79,8 +79,13 @@ MOA.id.server moa-id-lib - - + + eu.stork + oasis-dss-api + 1.0.0-SNAPSHOT + + + iaik.prod iaik_jce_full diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index cf1b34b4b..d995f23af 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - + + @@ -43,20 +43,7 @@ - - - - - - - - - - - - - - + @@ -88,12 +75,12 @@ - + @@ -111,6 +98,7 @@ + @@ -120,6 +108,7 @@ + @@ -145,6 +134,8 @@ + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ce5aa15c3..6f6d9611a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 84831a7b5..10cdcba6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -62,7 +62,12 @@ public class AttributeCollector implements IAction { this.httpResp = httpResp; - // find the attribute provider plugin that can handle the response + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { @@ -167,7 +172,7 @@ public class AttributeCollector implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", An Introduction to Knowledge Engineeringnull); + throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 08d15d746..8ded8b94a 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -26,8 +26,8 @@ - - + + @@ -71,9 +71,6 @@ - - - diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 9a3cf4f7c..055a67bf4 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -1,235 +1,260 @@ - - 4.0.0 - - MOA.id - moa-id - 1.9.98-SNAPSHOT - - moa-id-commons - moa-id-commons - MOA.id.server - - - - hyberjaxb - http://repository.highsource.org/maven2/releases/ - true - - - JBoss IAIK - http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ - - - - - - - org.hibernate - hibernate-core - 4.2.1.Final - - - org.hibernate - hibernate-c3p0 - 4.2.1.Final - - - org.hibernate - hibernate-entitymanager - 4.2.1.Final - - - - org.apache.commons - commons-lang3 - 3.1 - - - MOA - moa-common - jar - + + 4.0.0 + + MOA.id + moa-id + 1.9.98-SNAPSHOT + + moa-id-commons + moa-id-commons + MOA.id.server - - - - org.hibernate.javax.persistence - hibernate-jpa-2.0-api - 1.0.1.Final - - - - org.jvnet.hyperjaxb3 - hyperjaxb3-ejb-runtime - 0.5.6 - - - org.jvnet.hyperjaxb3 - maven-hyperjaxb3-plugin - 0.5.6 - - - mysql - mysql-connector-java - 5.1.25 - - - - - install - - - - src/main/resources/config - - **/*.java - - - - target/generated-sources/xjc - - **/*.java - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - 1.5 - 1.5 - - - - org.apache.maven.plugins - maven-jar-plugin - - true - true - - false - - - - - - test-jar - - - - - - - org.jvnet.hyperjaxb3 - maven-hyperjaxb3-plugin - 0.5.6 - - - - generate - - - - - true - src/main/resources/config - src/main/resources/config - src/main/resources/config/persistence_template.xml - at.gv.egovernment.moa.id.commons.db.dao.config - - - - true - maven-compiler-plugin - 2.0.2 - - 1.5 - 1.5 - - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.5 - - UTF-8 - UTF-8 - true - false - false - true - at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* - - - pre - a - Preconditions: - - - post - a - Postconditions: - - - - http://java.sun.com/j2se/1.4/docs/api/ - http://java.sun.com/j2se/1.5.0/docs/api/ - http://logging.apache.org/log4j/docs/api/ - - 1.5 - - - - generate-javadoc - package - - jar - - - - - - - - - - org.eclipse.m2e - lifecycle-mapping - 1.0.0 - - - - - - - org.jvnet.hyperjaxb3 - - - maven-hyperjaxb3-plugin - - - [0.5.6,) - - - generate - - - - - - - - - - - - - + + + hyberjaxb + http://repository.highsource.org/maven2/releases/ + + true + + + + JBoss IAIK + http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ + + + + + + + org.hibernate + hibernate-core + 4.2.1.Final + + + org.hibernate + hibernate-c3p0 + 4.2.1.Final + + + org.hibernate + hibernate-entitymanager + 4.2.1.Final + + + + org.apache.commons + commons-lang3 + 3.1 + + + MOA + moa-common + jar + + + + + + org.hibernate.javax.persistence + hibernate-jpa-2.0-api + 1.0.1.Final + + + + org.jvnet.hyperjaxb3 + hyperjaxb3-ejb-runtime + 0.5.6 + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + + + org.jvnet.hyperjaxb3 + maven-hyperjaxb3-plugin + 0.5.6 + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + + + mysql + mysql-connector-java + 5.1.25 + + + + + install + + + + src/main/resources/config + + **/*.java + + + + target/generated-sources/xjc + + **/*.java + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.5 + 1.5 + + + + org.apache.maven.plugins + maven-jar-plugin + + true + true + + false + + + + + + test-jar + + + + + + + org.jvnet.hyperjaxb3 + maven-hyperjaxb3-plugin + 0.5.6 + + + + generate + + + + + true + src/main/resources/config + src/main/resources/config + src/main/resources/config/persistence_template.xml + at.gv.egovernment.moa.id.commons.db.dao.config + + + + true + maven-compiler-plugin + 2.0.2 + + 1.5 + 1.5 + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.5 + + UTF-8 + UTF-8 + true + false + false + true + + at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* + + + + pre + a + Preconditions: + + + post + a + Postconditions: + + + + http://java.sun.com/j2se/1.4/docs/api/ + http://java.sun.com/j2se/1.5.0/docs/api/ + http://logging.apache.org/log4j/docs/api/ + + 1.5 + + + + generate-javadoc + package + + jar + + + + + + + + + + org.eclipse.m2e + lifecycle-mapping + 1.0.0 + + + + + + + org.jvnet.hyperjaxb3 + + + maven-hyperjaxb3-plugin + + + [0.5.6,) + + + generate + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 86fa1b292..936460e23 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + @@ -96,16 +96,7 @@ - - - - - - - - - - + @@ -131,12 +122,12 @@ - + diff --git a/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar b/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar index 5ad0cb42e..8414d7851 100644 Binary files a/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar and b/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar differ diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index c9c03b243..26b212283 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index c9c03b243..26b212283 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 7864354f4..11dc743a9 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -45,8 +45,8 @@ - - + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 60f6d1803..45ebf8969 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -15,8 +15,8 @@ - - + + -- cgit v1.2.3 From 7f1c5affaa9358bef6995371dc08c8f0c981a849 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:06:41 +0100 Subject: resolving problems related to commons and slf4j libraries --- common/moa-common.iml | 5 + common/pom.xml | 234 +++++++++++++-------- id/ConfigWebTool/ConfigurationInterface.iml | 10 +- id/pom.xml | 32 +++ id/server/auth/moa-id-auth.iml | 10 +- id/server/idserverlib/pom.xml | 28 ++- id/server/moa-id-commons/moa-id-commons.iml | 5 + id/server/moa-id.iml | 4 +- id/server/proxy/moa-id-proxy.iml | 10 +- id/templates/moa-id-templates.iml | 4 +- .../clients/api/moa-spss-handbook-apiClient.iml | 5 + .../moa-spss-handbook-webserviceClient.iml | 5 + spss/server/serverlib/moa-spss-lib.iml | 5 + spss/server/serverws/moa-spss-ws.iml | 5 + 14 files changed, 252 insertions(+), 110 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/common/moa-common.iml b/common/moa-common.iml index 9d4261fc6..46304fcc3 100644 --- a/common/moa-common.iml +++ b/common/moa-common.iml @@ -24,6 +24,11 @@ + + + + + diff --git a/common/pom.xml b/common/pom.xml index 468ecaf2d..46f26501f 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -1,94 +1,148 @@ - - - MOA - MOA - 2.0.0 - - 4.0.0 - moa-common - - jar - MOA common library + + + MOA + MOA + 2.0.0 + + 4.0.0 + moa-common + + jar + MOA common library - - ${basedir}/../repository - + + ${basedir}/../repository + + + + + commons-logging + commons-logging + + + iaik.prod + iaik_jce_full + + + iaik.prod + iaik_moa + + + junit + junit + test + + + jaxen + jaxen + + + saxpath + saxpath + + + xalan-bin-dist + xalan + compile + true + + + xerces + xercesImpl + true + + + xalan-bin-dist + xml-apis + compile + true + + + xalan-bin-dist + serializer + runtime + true + + + joda-time + joda-time + 1.6.2 + + + org.slf4j + slf4j-api + 1.7.5 + + + org.slf4j + slf4j-simple + 1.7.5 + + + org.slf4j + jcl-over-slf4j + 1.7.5 + + + org.slf4j + log4j-over-slf4j + 1.7.5 + + + org.slf4j + jul-to-slf4j + 1.7.5 + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + false + + + + + + test-jar + + + + + + maven-enforcer-plugin + 1.1.1 + + + enforce-banned-dependencies + + enforce + + + + + true + + + org.slf4j:1.5* + org.slf4j:1.6* + + + + + true + + + + + + - - - commons-logging - commons-logging - - - iaik.prod - iaik_jce_full - - - iaik.prod - iaik_moa - - - junit - junit - test - - - jaxen - jaxen - - - saxpath - saxpath - - - xalan-bin-dist - xalan - compile - true - - - xerces - xercesImpl - true - - - xalan-bin-dist - xml-apis - compile - true - - - xalan-bin-dist - serializer - runtime - true - - - joda-time - joda-time - 1.6.2 - - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - false - - - - - - test-jar - - - - - - diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 43790145b..742f8df89 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -58,6 +58,11 @@ + + + + + @@ -119,11 +124,6 @@ - - - - - diff --git a/id/pom.xml b/id/pom.xml index db4ee137e..bd3344638 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -24,4 +24,36 @@ UTF-8 + + + + maven-enforcer-plugin + 1.1.1 + + + enforce-banned-dependencies + + enforce + + + + + true + + + org.slf4j:1.5* + org.slf4j:1.6* + + + + + true + + + + + + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index b8b4208b8..043374bc0 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -53,6 +53,11 @@ + + + + + @@ -91,11 +96,6 @@ - - - - - diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index cca543a26..82a42cb8c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -151,7 +151,33 @@ provided - + + + + org.slf4j + slf4j-api + 1.7.5 + + + org.slf4j + slf4j-simple + 1.7.5 + + + org.slf4j + jcl-over-slf4j + 1.7.5 + + + org.slf4j + log4j-over-slf4j + 1.7.5 + + + org.slf4j + jul-to-slf4j + 1.7.5 + junit diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 8ded8b94a..ef994abd3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -56,6 +56,11 @@ + + + + + diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml index 567359474..c418d6693 100644 --- a/id/server/moa-id.iml +++ b/id/server/moa-id.iml @@ -1,8 +1,8 @@ - - + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 936460e23..e61d841ce 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -50,6 +50,11 @@ + + + + + @@ -88,11 +93,6 @@ - - - - - diff --git a/id/templates/moa-id-templates.iml b/id/templates/moa-id-templates.iml index 0ecf962d0..3b8b05541 100644 --- a/id/templates/moa-id-templates.iml +++ b/id/templates/moa-id-templates.iml @@ -13,8 +13,8 @@ - - + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 26b212283..6ed837a51 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -38,6 +38,11 @@ + + + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 26b212283..6ed837a51 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -38,6 +38,11 @@ + + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 11dc743a9..4c0128bf3 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -84,6 +84,11 @@ + + + + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 45ebf8969..ae8f03a70 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -51,6 +51,11 @@ + + + + + -- cgit v1.2.3 From eb32824288778c0fd427dbcbf826c8d9c16596b2 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:26:15 +0100 Subject: after merge ap --- id/server/moa-id-commons/moa-id-commons.iml | 1 + spss/handbook/clients/api/moa-spss-handbook-apiClient.iml | 1 + spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml | 1 + spss/server/serverlib/moa-spss-lib.iml | 2 ++ spss/server/serverws/moa-spss-ws.iml | 1 + 5 files changed, 6 insertions(+) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index ef994abd3..3bd426fc3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -37,6 +37,7 @@ + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 4c0128bf3..93d7e676f 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,6 +55,8 @@ + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index ae8f03a70..7943aa854 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -22,6 +22,7 @@ + -- cgit v1.2.3 From 458a579978fa4fd0718c754bb8b6ca41f82d8145 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:33:36 +0100 Subject: after chaning --- .../id/protocols/stork2/AttributeCollector.java | 58 +--------------------- id/server/moa-id-commons/moa-id-commons.iml | 1 - .../clients/api/moa-spss-handbook-apiClient.iml | 1 - .../moa-spss-handbook-webserviceClient.iml | 1 - spss/server/serverlib/moa-spss-lib.iml | 2 - spss/server/serverws/moa-spss-ws.iml | 1 - 6 files changed, 2 insertions(+), 62 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 72dddee88..0317322ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -15,25 +15,6 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; -<<<<<<< HEAD - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -======= import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -47,7 +28,6 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; ->>>>>>> origin/bs_3_fr /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -56,7 +36,6 @@ import javax.servlet.http.HttpServletResponse; * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. * * TODO how do we treat mandatory and optional attributes? - * */ public class AttributeCollector implements IAction { @@ -70,8 +49,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { -<<<<<<< HEAD -======= // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); DataContainer container; @@ -82,7 +59,6 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } ->>>>>>> origin/bs_3_fr // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) @@ -107,33 +83,20 @@ public class AttributeCollector implements IAction { Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); } -<<<<<<< HEAD - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - -======= ->>>>>>> origin/bs_3_fr // - insert the embedded attribute(s) into the container addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes return processRequest(container, httpReq, httpResp, moasession, oaParam); } - + /** * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, * this very method creates and sends the protocol result to the asking S-PEPS. * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string - * @throws MOAIDException + * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch @@ -199,11 +162,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL -<<<<<<< HEAD - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); -======= e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); ->>>>>>> origin/bs_3_fr } catch (Exception e1) { // TODO should we return the response as is to the PEPS? @@ -222,13 +181,8 @@ public class AttributeCollector implements IAction { * @throws MOAIDException the mOAID exception */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { -<<<<<<< HEAD - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); -======= MOASTORKRequest request = container.getRequest(); MOASTORKResponse response = container.getResponse(); ->>>>>>> origin/bs_3_fr try { //Get SAMLEngine instance @@ -247,14 +201,6 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); -<<<<<<< HEAD - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); - Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); - - container.setResponse(authnResponse); -======= ->>>>>>> origin/bs_3_fr } /** diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 3bd426fc3..ef994abd3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -37,7 +37,6 @@ - diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 4e0a0fddf..6ed837a51 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,7 +9,6 @@ - diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 4e0a0fddf..6ed837a51 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,7 +9,6 @@ - diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 93d7e676f..4c0128bf3 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,8 +55,6 @@ - - diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 7943aa854..ae8f03a70 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -22,7 +22,6 @@ - -- cgit v1.2.3 From 1ba3c2042e0c4da08af39db6172ff1206dfece36 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 10:22:46 +0100 Subject: ap plugins can be configured to listen to certain attributes --- .../validation/oa/OASTORKConfigValidation.java | 4 ++++ .../src/main/resources/applicationResources.properties | 1 + id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 5 +++-- .../moa/id/protocols/stork2/AttributeProviderFactory.java | 8 ++++---- .../id/protocols/stork2/EHvdAttributeProviderPlugin.java | 11 ++++++++--- .../id/protocols/stork2/StorkAttributeRequestProvider.java | 13 +++++++++++-- .../src/main/resources/config/moaid_config_2.0.xsd | 5 +++-- 7 files changed, 34 insertions(+), 13 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 25e0d751c..067e85aa6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -58,6 +58,10 @@ public class OASTORKConfigValidation { log.info("AttributeProviderPlugin Name is empty."); errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); } + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")); + } } return errors; diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index a033205ed..34bf4a8e5 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -419,6 +419,7 @@ validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url validation.stork.ap.name.valid=Ung\u00FCltiger AttributProvider Name +validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00FCr ein Attribut Provider Plugin. Feld darf nicht leer sein und ist als csv anzugeben. validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 76c347445..5ee1188ae 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -516,10 +516,11 @@ id="OAuseVidp" />

<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %>
- + - + +
AP PluginURL
AP PluginURLAttribute (CSV)
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..de079c960 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -31,11 +31,11 @@ public class AttributeProviderFactory { * the simpleName for the providers class * @return the attribute provider */ - public static AttributeProvider create(String shortname, String url) { + public static AttributeProvider create(String shortname, String url, String attributes) { if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); + return new StorkAttributeRequestProvider(url, attributes); } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); + return new EHvdAttributeProviderPlugin(url, attributes); } else { return null; } @@ -52,7 +52,7 @@ public class AttributeProviderFactory { List result = new ArrayList(); for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index f97d8c804..a36855d33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -44,26 +44,31 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /** The destination. */ private Object destination; + + /** The attributes. */ + private String attributes; /** * Instantiates a new e hvd attribute provider plugin. * * @param url the service url + * @param attributes */ - public EHvdAttributeProviderPlugin(String url) { + public EHvdAttributeProviderPlugin(String url, String supportedAttributes) { destination = url; + attributes = supportedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { // break when we cannot handle the requested attribute - if(!attributes.getName().equals("isHealthCareProfessional")) + if(!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 797695a00..d8becaaf7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -34,14 +34,19 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The destination. */ private String destination; - + + /** The attributes. */ + private String attributes; + /** * Instantiates a new stork attribute request provider. * * @param apUrl the AP location + * @param supportedAttributes the supported attributes as csv */ - public StorkAttributeRequestProvider(String apUrl) { + public StorkAttributeRequestProvider(String apUrl, String supportedAttributes) { destination = apUrl; + attributes = supportedAttributes; } /* (non-Javadoc) @@ -49,6 +54,10 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + + if (!attributes.contains(attribute.getName())) + throw new UnsupportedAttributeException(); + requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); throw new ExternalAttributeRequestRequiredException(this); diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index d20ec1c68..845e4fe1f 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -957,8 +957,9 @@ - - + + + -- cgit v1.2.3 From 58c8a91c173ce699b8014e4f81fa195bfa37d246 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 19:28:25 +0100 Subject: land selection change --- .../moa/id/configuration/Constants.java | 17 +- .../id/configuration/data/oa/OAGeneralConfig.java | 37 +- .../configuration/struts/action/EditOAAction.java | 2619 ++++++++++---------- .../main/resources/applicationResources.properties | 3 + id/ConfigWebTool/src/main/webapp/js/common.js | 25 +- .../src/main/webapp/jsp/editOAGeneral.jsp | 43 +- .../src/main/resources/config/moaid_config_2.0.xsd | 6 +- 7 files changed, 1410 insertions(+), 1340 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index b963890af..79a966b81 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -69,7 +69,8 @@ public class Constants { public static final String BKU_HANDY = "bkuhandy"; public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; - public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; + public static final String MOA_CONFIG_STORKSERVICE = "storkService"; + public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; public static final String MOA_CONFIG_PROTOCOL_STORK2 = "id_stork2"; @@ -82,20 +83,24 @@ public class Constants { public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; - public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; + public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN; public static final String IDENIFICATIONTYPE_BASEID_ZVR = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_ZVR; public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; - - public static final Map BUSINESSSERVICENAMES; + public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + + + public static final Map BUSINESSSERVICENAMES; static { Hashtable tmp = new Hashtable(); tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); - - BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); + tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + + BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index ba58701fc..495444db1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -58,17 +58,19 @@ public class OAGeneralConfig { private String friendlyName = null; private boolean businessService = false; - - private String target = null; + private boolean storkService = false; + + private String target = null; private String target_subsector = null; private String target_admin = null; private static List targetList = null; private String targetFriendlyName = null; private boolean isAdminTarget = false; - + private String identificationNumber = null; private String identificationType = null; private static List identificationTypeList = null; + private String storkSPTargetCountry = null; private String aditionalAuthBlockText = null; @@ -159,8 +161,17 @@ public class OAGeneralConfig { businessService = true; else businessService = false; - - AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_STORKSERVICE)) + storkService = true; + else + storkService = false; + + if (dbOAConfig.getStorkSPTargetCountry() != null) + storkSPTargetCountry = dbOAConfig.getStorkSPTargetCountry(); + + + AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); if (oaauth != null) { BKUURLS bkuurls = oaauth.getBKUURLS(); @@ -301,6 +312,14 @@ public class OAGeneralConfig { return identificationNumber; } + public String getStorkSPTargetCountry() { + return storkSPTargetCountry; + } + + public void setStorkSPTargetCountry(String storkSPTargetCountry) { + this.storkSPTargetCountry = storkSPTargetCountry; + } + public void setIdentificationNumber(String identificationNumber) { this.identificationNumber = identificationNumber; } @@ -341,6 +360,14 @@ public class OAGeneralConfig { return businessService; } + public boolean isStorkService() { + return storkService; + } + + public void setStorkService(boolean storkService) { + this.storkService = storkService; + } + public void setBusinessService(boolean businessService) { this.businessService = businessService; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 99bdfdc9c..4a0bf744a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -22,1337 +22,1330 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import iaik.utils.URLDecoder; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.*; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; -import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.*; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.*; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; - import com.opensymphony.xwork2.ActionSupport; +import iaik.utils.URLDecoder; +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.*; +import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.util.*; public class EditOAAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { - - private final Logger log = Logger.getLogger(EditOAAction.class); - - private static final long serialVersionUID = 1L; - - private HttpServletRequest request; - private HttpServletResponse response; - - private AuthenticatedUser authUser; - - private String oaidobj; - private boolean newOA; - private String formID; - - private boolean onlyBusinessService = false; - private boolean subTargetSet = false; - private boolean deaktivededBusinessService = false; - private boolean isMetaDataRefreshRequired = false; - - private String nextPage; - - private OAGeneralConfig generalOA = new OAGeneralConfig(); - private OAPVP2Config pvp2OA = new OAPVP2Config(); - private OASAML1Config saml1OA = new OASAML1Config(); - private OASSOConfig ssoOA = new OASSOConfig(); - private OAOAuth20Config oauth20OA = new OAOAuth20Config(); - private OASTORKConfig storkOA = new OASTORKConfig(); - private FormularCustomization formOA = new FormularCustomization(); - - private InputStream stream; - - private Map sendAssertionForm = new HashMap(); - private Map bkuSelectionForm = new HashMap(); - - // STRUTS actions - public String inital() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - - authUser = (AuthenticatedUser) authUserObj; - - long oaid = -1; - - if (!ValidationHelper.validateOAID(oaidobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - oaid = Long.valueOf(oaidobj); - - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; - - if (authUser.isAdmin()) - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - - else { - userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - // TODO: change to direct Database operation - List oas = userdb.getOnlineApplication(); - for (OnlineApplication oa : oas) { - if (oa.getHjid() == oaid) { - onlineapplication = oa; - break; - } - } - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - generalOA.parse(onlineapplication); - ssoOA.parse(onlineapplication); - saml1OA.parse(onlineapplication); - oauth20OA.parse(onlineapplication); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - storkOA.parse(onlineapplication); - - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - formOA.parse(onlineapplication, map); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - List errors = pvp2OA.parse(onlineapplication); - - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - session.setAttribute(Constants.SESSION_OAID, oaid); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - newOA = false; - - return Constants.STRUTS_OA_EDIT; - } - - public String newOA() { - log.debug("insert new Online-Application"); - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - session.setAttribute(Constants.SESSION_OAID, null); - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - - authUser = (AuthenticatedUser) authUserObj; - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) { - DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); - if (defaultbkus != null) { - generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); - generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); - generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - - newOA = true; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); - - this.oauth20OA.generateClientSecret(); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - return Constants.STRUTS_OA_EDIT; - } - - public String saveOA() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - OnlineApplication onlineapplication = null; - List errors = new ArrayList(); - - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - - } - catch (Throwable t) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - // valid DBID and check entry - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); - } else { - - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - newOA = true; - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); - } - - } else { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); - } - } - } - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - // check form - OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); - OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); - OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); - OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); - OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); - FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); - OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); - errors.addAll(validatior_pvp2.validate(pvp2OA)); - errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); - errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); - errors.addAll(validator_stork.validate(storkOA)); - errors.addAll(validator_form.validate(formOA)); - errors.addAll(validatior_oauth20.validate(oauth20OA)); - - //validate BKU-selection template - List templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() - , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - //validate send-assertion template - templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() - , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); - - else - sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - - // Do not allow SSO in combination with special BKUSelection features - if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { - log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); - } - - if (errors.size() > 0) { - log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - - boolean newentry = false; - - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - newentry = true; - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - if (onlineapplication.getHjid() != null) userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } - catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, newentry); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - //set metadata reload flag if reload is required - if (pvp2OA.getMetaDataURL() != null) { - - try { - if (isMetaDataRefreshRequired - || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) - || pvp2OA.getFileUpload() != null - || pvp2OA.isReLoad()) { - - log.debug("Set PVP2 Metadata refresh flag."); - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } - catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - if (onlineapplication.isIsAdminRequired()) { - int numoas = 0; - int numusers = 0; - - List openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); - if (openOAs != null) numoas = openOAs.size(); - - List openUsers = ConfigurationDBRead.getAllNewUsers(); - if (openUsers != null) numusers = openUsers.size(); - try { - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); - - if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); - - } - catch (ConfigurationException e) { - log.warn("Sending Mail to Admin failed.", e); - } - - } else - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); - - //remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_SUCCESS; - } - - public String cancleAndBackOA() { - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; - } - - public String deleteOA() { - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); - return Constants.STRUTS_SUCCESS; - } - - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - } - - OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - request.getSession().setAttribute(Constants.SESSION_OAID, null); - - try { - if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { - - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } - catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - if (ConfigurationDBUtils.delete(onlineapplication)) { - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - List useroas = user.getOnlineApplication(); - - for (OnlineApplicationType oa : useroas) { - if (oa.getHjid().equals(onlineapplication.getHjid())) { - useroas.remove(oa); - } - } - - try { - ConfigurationDBUtils.saveOrUpdate(user); - - } - catch (MOADatabaseException e) { - log.warn("User information can not be updated in database", e); - addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); - return Constants.STRUTS_ERROR; - } - } - - ConfigurationDBUtils.closeSession(); - - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); - - return Constants.STRUTS_SUCCESS; - - } else { - ConfigurationDBUtils.closeSession(); - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; - } - - } - - public String bkuFramePreview() { - - String preview = null; - - HttpSession session = request.getSession(); - if (session == null) { - log.info("No http Session found."); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } else { - InputStream input = null; - - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(templateURL); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - throw new ConfigurationException("No MOA-ID instance configurated"); - } - - preview = LoginFormBuilder.getTemplate(input); - preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); - - Map map = (Map) mapobj; - - request.setCharacterEncoding("UTF-8"); - - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } - - synchronized (map) { - - if (MiscUtil.isNotEmpty(module)) { - if (map.containsKey("#" + module + "#")) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) - || value.startsWith("#")) - map.put("#" + module + "#", value); - else - map.put("#" + module + "#", "#" + value); - - } else { - map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); - } - } - } - preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true); - } - - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } - - } - catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); - - } - } - - stream = new ByteArrayInputStream(preview.getBytes()); - - return Constants.STRUTS_SUCCESS; - } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); - - dboa.setFriendlyName(generalOA.getFriendlyName()); - dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); - - if (authUser.isAdmin()) - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); - else { - if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); - } - - dboa.setPublicURLPrefix(generalOA.getIdentifier()); - - if (generalOA.isBusinessService() || onlyBusinessService) { - - dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - - authoa.setIdentificationNumber(idnumber); - - } else { - dboa.setType(null); - - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { - dboa.setTarget(generalOA.getTarget_admin()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); - - } else { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - - } else { - - if (MiscUtil.isNotEmpty(generalOA.getTarget())) { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - } - } - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - if (authUser.isAdmin()) { - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); - } - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if(generalOA.isDeleteBKUTemplate()) - templates.setBKUSelectionTemplate(null); - - if (generalOA.isDeleteSendAssertionTemplate()) - templates.setSendAssertionTemplate(null); - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } - } - - - //store BKU-selection customization - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); - } - - Mandates mandates = new Mandates(); - if (generalOA.isUseMandates()) { - mandates.setProfiles(generalOA.getMandateProfiles()); - - } else { - mandates.setProfiles(new String()); - } - - authoa.setMandates(mandates); - bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); - bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); - - if (authUser.isAdmin()) { - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - - List template = templates.getTemplate(); - if (generalOA.isLegacy()) { - - if (template == null) - template = new ArrayList(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - }else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); - }else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(formOA.getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(formOA.getFontType()); - - bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); - bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); - - } - - // set default transformation if it is empty - List transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required - - } - - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } - - pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); - try { - - if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); - - } - catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); - } - catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(saml1OA.isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); - saml1.setProvideCertificate(saml1OA.isProvideCertificate()); - saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); - saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); - saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); - saml1.setUseCondition(saml1OA.isUseCondition()); - saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(ssoOA.isUseSSO()); - - if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); - - sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); - - if (oauth20OA != null) { - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); - } - - oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); - log.debug("client id: " + oauth20OA.getClientId()); - log.debug("client secret: " + oauth20OA.getClientSecret()); - log.debug("redirect uri:" + oauth20OA.getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - } - - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); - } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); - stork.setQaa(storkOA.getQaa()); - stork.setOAAttributes(storkOA.getAttributes()); - stork.setVidpEnabled(storkOA.isVidpEnabled()); - stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); - - try { - if (newentry) { - ConfigurationDBUtils.save(dboa); - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - List useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList(); - - useroas.add(dboa); - ConfigurationDBUtils.saveOrUpdate(user); - } - } - - else - ConfigurationDBUtils.saveOrUpdate(dboa); - - } - catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store"); - } - - return null; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; - } - - private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - String bpk = userdb.getBpk(); - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) { - - onlyBusinessService = true; - generalOA.setBusinessService(true); - - } - - deaktivededBusinessService = true; - String[] split = bpk.split("\\+"); - generalOA.setIdentificationType(split[1].substring(1)); - - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) - generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); - else - generalOA.setIdentificationNumber(split[2]); - - } - - } - - public String setGeneralOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSAML1OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setPVP2OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSSOOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSTORKOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - // Getter and Setter - public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; - - } - - public void setServletRequest(HttpServletRequest arg0) { - this.request = arg0; - - } - - public HttpServletRequest getRequest() { - return request; - } - - public void setRequest(HttpServletRequest request) { - this.request = request; - } - - public HttpServletResponse getResponse() { - return response; - } - - public void setResponse(HttpServletResponse response) { - this.response = response; - } - - public OAGeneralConfig getGeneralOA() { - return generalOA; - } - - public void setGeneralOA(OAGeneralConfig generalOA) { - this.generalOA = generalOA; - } - - public OAPVP2Config getPvp2OA() { - return pvp2OA; - } - - public void setPvp2OA(OAPVP2Config pvp2oa) { - pvp2OA = pvp2oa; - } - - public OASAML1Config getSaml1OA() { - return saml1OA; - } - - public void setSaml1OA(OASAML1Config saml1oa) { - saml1OA = saml1oa; - } - - public OASSOConfig getSsoOA() { - return ssoOA; - } - - public void setSsoOA(OASSOConfig ssoOA) { - this.ssoOA = ssoOA; - } - - public OASTORKConfig getStorkOA() { - return storkOA; - } - - public void setStorkOA(OASTORKConfig storkOA) { - this.storkOA = storkOA; - } - - /** - * @param oaidobj - * the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the authUser - */ - public AuthenticatedUser getAuthUser() { - return authUser; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - - /** - * @param newOA - * the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID - * the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the onlyBusinessService - */ - public boolean isOnlyBusinessService() { - return onlyBusinessService; - } - - /** - * @param onlyBusinessService - * the onlyBusinessService to set - */ - public void setOnlyBusinessService(boolean onlyBusinessService) { - this.onlyBusinessService = onlyBusinessService; - } - - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } - - /** - * @param subTargetSet - * the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } - - /** - * @param deaktivededBusinessService - * the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return formOA; - } - - /** - * @param formOA - * the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - this.formOA = formOA; - } - - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } - - public OAOAuth20Config getOauth20OA() { - return oauth20OA; - } - - public void setOauth20OA(OAOAuth20Config oauth20OA) { - this.oauth20OA = oauth20OA; - } - + + private final Logger log = Logger.getLogger(EditOAAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private String oaidobj; + private boolean newOA; + private String formID; + + private boolean onlyBusinessService = false; + private boolean onlyStorkService = false; + private boolean subTargetSet = false; + private boolean deaktivededBusinessService = false; + private boolean deactivatedStorkService = false; + private boolean isMetaDataRefreshRequired = false; + + private String nextPage; + + private OAGeneralConfig generalOA = new OAGeneralConfig(); + private OAPVP2Config pvp2OA = new OAPVP2Config(); + private OASAML1Config saml1OA = new OASAML1Config(); + private OASSOConfig ssoOA = new OASSOConfig(); + private OAOAuth20Config oauth20OA = new OAOAuth20Config(); + private OASTORKConfig storkOA = new OASTORKConfig(); + private FormularCustomization formOA = new FormularCustomization(); + + private InputStream stream; + + private Map sendAssertionForm = new HashMap(); + private Map bkuSelectionForm = new HashMap(); + + // STRUTS actions + public String inital() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + long oaid = -1; + + if (!ValidationHelper.validateOAID(oaidobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + + else { + userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + // TODO: change to direct Database operation + List oas = userdb.getOnlineApplication(); + for (OnlineApplication oa : oas) { + if (oa.getHjid() == oaid) { + onlineapplication = oa; + break; + } + } + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + generalOA.parse(onlineapplication); + ssoOA.parse(onlineapplication); + saml1OA.parse(onlineapplication); + oauth20OA.parse(onlineapplication); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + storkOA.parse(onlineapplication); + + Map map = new HashMap(); + map.putAll(FormBuildUtils.getDefaultMap()); + formOA.parse(onlineapplication, map); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + List errors = pvp2OA.parse(onlineapplication); + + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + ConfigurationDBUtils.closeSession(); + session.setAttribute(Constants.SESSION_OAID, oaid); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + newOA = false; + + return Constants.STRUTS_OA_EDIT; + } + + public String newOA() { + log.debug("insert new Online-Application"); + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_OAID, null); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) { + DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); + if (defaultbkus != null) { + generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); + generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); + generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); + } + } + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + ConfigurationDBUtils.closeSession(); + + newOA = true; + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + + this.oauth20OA.generateClientSecret(); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + return Constants.STRUTS_OA_EDIT; + } + + public String saveOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + OnlineApplication onlineapplication = null; + List errors = new ArrayList(); + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + + } catch (Throwable t) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + // valid DBID and check entry + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + newOA = true; + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + } + } + } + } + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + // check form + OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); + OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); + OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); + OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); + OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); + FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); + OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); + errors.addAll(validatior_pvp2.validate(pvp2OA)); + errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); + errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); + errors.addAll(validator_stork.validate(storkOA)); + errors.addAll(validator_form.validate(formOA)); + errors.addAll(validatior_oauth20.validate(oauth20OA)); + + //validate BKU-selection template + List templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() + , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + + else + bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate send-assertion template + templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() + , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + + else + sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + + // Do not allow SSO in combination with special BKUSelection features + if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); + } + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + + boolean newentry = false; + + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + newentry = true; + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else + isMetaDataRefreshRequired = true; + + } else { + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ((onlineapplication.isIsAdminRequired() == null) + || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + if (onlineapplication.getHjid() != null) + userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); + } + } + } + + //save OA configuration + String error = saveOAConfigToDatabase(onlineapplication, newentry); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + //set metadata reload flag if reload is required + if (pvp2OA.getMetaDataURL() != null) { + + try { + if (isMetaDataRefreshRequired + || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) + || pvp2OA.getFileUpload() != null + || pvp2OA.isReLoad()) { + + log.debug("Set PVP2 Metadata refresh flag."); + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + } + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + List openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) numoas = openOAs.size(); + + List openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) numusers = openUsers.size(); + try { + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); + + } catch (ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + + //remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + + public String cancleAndBackOA() { + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + if (ConfigurationDBUtils.delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List useroas = user.getOnlineApplication(); + + for (OnlineApplicationType oa : useroas) { + if (oa.getHjid().equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + ConfigurationDBUtils.saveOrUpdate(user); + + } catch (MOADatabaseException e) { + log.warn("User information can not be updated in database", e); + addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + } + + } + + public String bkuFramePreview() { + + String preview = null; + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } else { + InputStream input = null; + + try { + Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map) { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; + + File file = new File(templateURL); + input = new FileInputStream(file); + + String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + throw new ConfigurationException("No MOA-ID instance configurated"); + } + + preview = LoginFormBuilder.getTemplate(input); + preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); + + Map map = (Map) mapobj; + + request.setCharacterEncoding("UTF-8"); + + String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); + } + + synchronized (map) { + + if (MiscUtil.isNotEmpty(module)) { + if (map.containsKey("#" + module + "#")) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) + || value.startsWith("#")) + map.put("#" + module + "#", value); + else + map.put("#" + module + "#", "#" + value); + + } else { + map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); + } + } + } + preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true); + } + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } + + } catch (Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } + } + + stream = new ByteArrayInputStream(preview.getBytes()); + + return Constants.STRUTS_SUCCESS; + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); + + dboa.setFriendlyName(generalOA.getFriendlyName()); + dboa.setCalculateHPI(generalOA.isCalculateHPI()); + dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); + + if (authUser.isAdmin()) + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + else { + if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + + dboa.setPublicURLPrefix(generalOA.getIdentifier()); + + if (generalOA.isStorkService() || onlyStorkService) { + dboa.setType(Constants.MOA_CONFIG_STORKSERVICE); + dboa.setStorkSPTargetCountry(generalOA.getStorkSPTargetCountry()); + + + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_STORK)) + num = num.substring(Constants.IDENIFICATIONTYPE_STORK.length()); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getIdentificationType() + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); + + authoa.setIdentificationNumber(idnumber); + + } else if (generalOA.isBusinessService() || onlyBusinessService) { + + dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + + // num = StringUtils.leftPad(num, 7, '0'); + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); + + authoa.setIdentificationNumber(idnumber); + + } else { + dboa.setType(null); + + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { + dboa.setTarget(generalOA.getTarget_admin()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } else { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + + } else { + + if (MiscUtil.isNotEmpty(generalOA.getTarget())) { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + } + } + + //store BKU-URLs + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + if (authUser.isAdmin()) { + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + } + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + + //store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (generalOA.isDeleteBKUTemplate()) + templates.setBKUSelectionTemplate(null); + + if (generalOA.isDeleteSendAssertionTemplate()) + templates.setSendAssertionTemplate(null); + + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } + } + + + //store BKU-selection customization + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + Mandates mandates = new Mandates(); + if (generalOA.isUseMandates()) { + mandates.setProfiles(generalOA.getMandateProfiles()); + + } else { + mandates.setProfiles(new String()); + } + + authoa.setMandates(mandates); + bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); + bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); + + if (authUser.isAdmin()) { + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + + List template = templates.getTemplate(); + if (generalOA.isLegacy()) { + + if (template == null) + template = new ArrayList(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL1()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL2()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL3()); + template.add(el); + } else + template.add(new TemplateType()); + + } else { + if (template != null && template.size() > 0) template.clear(); + } + + bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); + + bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(formOA.getHeader_text()); + + bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); + + if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) + bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); + + bkuselectioncustom.setFontType(formOA.getFontType()); + + bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); + bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); + + } + + // set default transformation if it is empty + List transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); + try { + + if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(saml1OA.isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); + saml1.setProvideCertificate(saml1OA.isProvideCertificate()); + saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); + saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); + saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); + saml1.setUseCondition(saml1OA.isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(ssoOA.isUseSSO()); + + if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); + + sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); + + if (oauth20OA != null) { + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); + log.debug("client id: " + oauth20OA.getClientId()); + log.debug("client secret: " + oauth20OA.getClientSecret()); + log.debug("redirect uri:" + oauth20OA.getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + } + + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); + stork.setQaa(storkOA.getQaa()); + stork.setOAAttributes(storkOA.getAttributes()); + stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); + + try { + if (newentry) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + List useroas = user.getOnlineApplication(); + if (useroas == null) useroas = new ArrayList(); + + useroas.add(dboa); + ConfigurationDBUtils.saveOrUpdate(user); + } + } else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store"); + } + + return null; + } + + private String parseColor(String color) { + String value = ""; + + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) + value = "#" + color; + else + value = color; + } + return value; + } + + private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + String bpk = userdb.getBpk(); + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) { + onlyBusinessService = true; + generalOA.setBusinessService(true); + } else if (bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { + onlyStorkService = true; + generalOA.setStorkService(true); + } + + deaktivededBusinessService = true; + deactivatedStorkService = true; + String[] split = bpk.split("\\+"); + generalOA.setIdentificationType(split[1].substring(1)); + + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) + generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); + else + generalOA.setIdentificationNumber(split[2]); + + } + + } + + public String setGeneralOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSAML1OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setPVP2OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSSOOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSTORKOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + // Getter and Setter + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + + } + + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + + } + + public HttpServletRequest getRequest() { + return request; + } + + public void setRequest(HttpServletRequest request) { + this.request = request; + } + + public HttpServletResponse getResponse() { + return response; + } + + public void setResponse(HttpServletResponse response) { + this.response = response; + } + + public OAGeneralConfig getGeneralOA() { + return generalOA; + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + this.generalOA = generalOA; + } + + public OAPVP2Config getPvp2OA() { + return pvp2OA; + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + pvp2OA = pvp2oa; + } + + public OASAML1Config getSaml1OA() { + return saml1OA; + } + + public void setSaml1OA(OASAML1Config saml1oa) { + saml1OA = saml1oa; + } + + public OASSOConfig getSsoOA() { + return ssoOA; + } + + public void setSsoOA(OASSOConfig ssoOA) { + this.ssoOA = ssoOA; + } + + public OASTORKConfig getStorkOA() { + return storkOA; + } + + public void setStorkOA(OASTORKConfig storkOA) { + this.storkOA = storkOA; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the onlyBusinessService + */ + public boolean isOnlyBusinessService() { + return onlyBusinessService; + } + + /** + * @param onlyStorkService the onlyStorkService to set + */ + public void setOnlyStorkService(boolean onlyStorkService) { + this.onlyStorkService = onlyStorkService; + } + + /** + * @return the onlyStorkService + */ + public boolean isOnlyStorkService() { + return onlyStorkService; + } + + /** + * @param onlyBusinessService the onlyBusinessService to set + */ + public void setOnlyBusinessService(boolean onlyBusinessService) { + this.onlyBusinessService = onlyBusinessService; + } + + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @return the deactivatedStorkService + */ + public boolean isDeactivatedStorkService() { + return deactivatedStorkService; + } + + /** + * @param deactivatedStorkService the deactivatedStorkService to set + */ + + public void setDeactivatedStorkService(boolean deactivatedStorkService) { + + this.deactivatedStorkService = deactivatedStorkService; + } + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return formOA; + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + this.formOA = formOA; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + public OAOAuth20Config getOauth20OA() { + return oauth20OA; + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + this.oauth20OA = oauth20OA; + } + } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index a033205ed..5859ce477 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -185,7 +185,10 @@ webpages.oaconfig.general.mandate.profiles=Profile webpages.oaconfig.general.mandate.usemandate=Vollmachten (ja/nein) webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation +webpages.oaconfig.general.isstorkservice=Stork Applikation webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.stork.header=STORK Bereich +webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar) diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 5fbbdafd1..7e42eaf30 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -22,17 +22,33 @@ *******************************************************************************/ function oaBusinessService() { if ($('#OAisbusinessservice').attr('checked') == 'checked') { - - $('#oa_config_businessservice').css('display', "block"); + $('#OAisstorkservice').attr('checked',false); + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "block"); $('#oa_config_publicservice').css('display', "none"); } else { - - $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "none"); $('#oa_config_publicservice').css('display', "block"); } } +function oaStorkService() { + if ($('#OAisstorkservice').attr('checked') == 'checked') { + $('#OAisbusinessservice').attr('checked',false); + $('#oa_config_storkservice').css('display', "block"); + $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_publicservice').css('display', "none"); + + } else { + $('#oa_config_storkservice').css('display', "none"); + $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_publicservice').css('display', "block"); + + } +} + function oaSSOService() { if ($('#OAuseSSO').attr('checked') == 'checked') { @@ -199,6 +215,7 @@ function userOnLoad() { } function oaOnLoad() { oaBusinessService(); + oaStorkService(); oaSSOService(); oaLegacyService(); AdminTarget(); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 1f42bf092..cf8626ae3 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -59,16 +59,28 @@ key="webpages.oaconfig.general.friendlyname" cssClass="textfield_long"> - - - + + + + + + + +
@@ -89,6 +101,17 @@ disabled="%{isDeaktivededBusinessService()}">
+ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.stork.header", request) %>

+ + +
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index d20ec1c68..b2c9eb58c 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -11,14 +11,16 @@ - + + - + + -- cgit v1.2.3 From 19e164874ea92d51f9df12f56047d77db9683091 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 20:57:05 +0100 Subject: storkid derivation pro country --- id/ConfigWebTool/ConfigurationInterface.iml | 2 +- .../id/configuration/data/oa/OAGeneralConfig.java | 8 +- .../configuration/struts/action/EditOAAction.java | 7 +- id/server/auth/moa-id-auth.iml | 2 +- id/server/idserverlib/moa-id-lib.iml | 2 +- .../moa/id/auth/AuthenticationServer.java | 3928 ++++++++++---------- .../id/auth/builder/InfoboxReadRequestBuilder.java | 197 +- .../gv/egovernment/moa/id/config/OAParameter.java | 20 +- id/server/moa-id-commons/moa-id-commons.iml | 2 +- id/server/moa-id.iml | 1 + id/server/proxy/moa-id-proxy.iml | 2 +- pom.xml | 6 + .../clients/api/moa-spss-handbook-apiClient.iml | 2 +- .../handbook/clients/moa-spss-handbook-clients.iml | 5 +- .../moa-spss-handbook-referencedData.iml | 5 +- .../moa-spss-handbook-webserviceClient.iml | 2 +- spss/handbook/moa-spss-handbook.iml | 5 +- spss/server/moa-spss.iml | 5 +- spss/server/serverlib/moa-spss-lib.iml | 3 +- spss/server/serverws/moa-spss-ws.iml | 1 + spss/server/tools/moa-spss-tools.iml | 5 +- 21 files changed, 2104 insertions(+), 2106 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 742f8df89..f6325d7c7 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -63,6 +63,7 @@ + @@ -77,7 +78,6 @@ - diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 495444db1..c9f5fdde9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -120,7 +120,8 @@ public class OAGeneralConfig { identificationTypeList = Arrays.asList( Constants.IDENIFICATIONTYPE_FN, Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB); + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK); } @@ -216,7 +217,10 @@ public class OAGeneralConfig { if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { identificationType = split[1]; identificationNumber = split[2]; - } + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; // setting at as iden category ? + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 4a0bf744a..370923ca1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -746,13 +746,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, dboa.setStorkSPTargetCountry(generalOA.getStorkSPTargetCountry()); - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_STORK)) - num = num.substring(Constants.IDENIFICATIONTYPE_STORK.length()); - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getIdentificationType() + num); + idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getStorkSPTargetCountry()); idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); authoa.setIdentificationNumber(idnumber); diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 043374bc0..bf76e8805 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -58,6 +58,7 @@ + @@ -96,7 +97,6 @@ - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index d995f23af..91b3617ad 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -40,7 +40,7 @@ - + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6f6d9611a..01a2e5485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,74 +1,9 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.util.logging.Log; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.util.ArrayList; -//import java.security.cert.CertificateFactory; -import java.util.Calendar; -import java.util.Date; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Vector; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.*; +import at.gv.egovernment.moa.id.auth.data.*; +import at.gv.egovernment.moa.id.auth.exception.*; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -81,13 +16,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -109,13 +40,7 @@ import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.*; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; @@ -123,12 +48,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.*; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; import eu.stork.oasisdss.profile.SignRequest; @@ -138,6 +59,42 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import iaik.asn1.ObjectID; +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.*; +import org.xml.sax.SAXException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.cert.CertificateException; +import java.util.*; + +//import java.security.cert.CertificateFactory; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -149,148 +106,147 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; */ public class AuthenticationServer implements MOAIDAuthConstants { - /** single instance */ - private static AuthenticationServer instance; - - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes - private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data - * store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of AuthenticationServer. - * - * @return the single instance of AuthenticationServer - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - - - /** - * Processes the beginning of an authentication session. - *
    - *
  • Starts an authentication session
    • - *
  • Creates an <InfoboxReadRequest>
    • - *
  • Creates an HTML form for querying the identity link from the security - * layer implementation.
    - * Form parameters include - *
      - *
    • the <InfoboxReadRequest>
      • - *
    • the data URL where the security layer implementation sends it - * response to
      • - *
    - *
- * - * @param authURL - * URL of the servlet to be used as data URL - * @param target - * "Geschäftsbereich" of the online application requested - * @param targetFriendlyName - * Friendly name of the target if the target is configured via - * configuration - * @param oaURL - * online application URL requested - * @param bkuURL - * URL of the "Bürgerkartenumgebung" to be used; may be - * null; in this case, the default location will be - * used - * @param useMandate - * Indicates if mandate is used or not - * @param templateURL - * URL providing an HTML template for the HTML form generated - * @param templateMandteURL - * URL providing an HTML template for the HTML form generated - * (for signing in mandates mode) - * @param req - * determines the protocol used - * @param sourceID - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, - AuthenticationException, ConfigurationException, BuildException { - - if (session == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //load OnlineApplication configuration - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - - //load Template - String template = null; - if (session.getTemplateURL() != null) { - try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - session.getTemplateURL(), ex.toString() }, ex); - } - } - - String infoboxReadRequest = ""; - - String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { - //load identityLink with SSO Target - boolean isbuisness = false; - - if (domainIdentifier.startsWith(PREFIX_WPBK)) { - - isbuisness = true; - - } else { - isbuisness = false; - - } - - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - isbuisness, domainIdentifier); - - } else { - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getBusinessService(), oaParam - .getIdentityLinkDomainIdentifier()); - } - - - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); - - //removed in MOAID 2.0 - String pushInfobox = ""; + /** + * single instance + */ + private static AuthenticationServer instance; + + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + + + /** + * Processes the beginning of an authentication session. + *
    + *
  • Starts an authentication session
    • + *
  • Creates an <InfoboxReadRequest>
    • + *
  • Creates an HTML form for querying the identity link from the security + * layer implementation.
    + * Form parameters include + *
      + *
    • the <InfoboxReadRequest>
      • + *
    • the data URL where the security layer implementation sends it + * response to
      • + *
    + *
+ * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via + * configuration + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; may be + * null; in this case, the default location will be + * used + * @param useMandate Indicates if mandate is used or not + * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated + * (for signing in mandates mode) + * @param req determines the protocol used + * @param sourceID + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + AuthenticationException, ConfigurationException, BuildException { + + if (session == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[]{ + session.getTemplateURL(), ex.toString()}, ex); + } + } + + String infoboxReadRequest = ""; + + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = true; + + } else { + isbuisness = false; + + } + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + isbuisness, domainIdentifier); + + } else { + + if (oaParam.getStorkService()) + // build stork request + infoboxReadRequest = new InfoboxReadRequestBuilder().buildStorkReadRequest( + oaParam.getIdentityLinkDomainIdentifier()); + else + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.getBusinessService(), oaParam + .getIdentityLinkDomainIdentifier()); + } + + + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session + .getSessionID()); + + //removed in MOAID 2.0 + String pushInfobox = ""; // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); @@ -299,1787 +255,1743 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setPushInfobox(pushInfobox); // } - //build CertInfo request - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(); - String certInfoDataURL = new DataURLBuilder() - .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - session.getSessionID()); - - //get Applet Parameters - String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); - String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); - appletheigth = StringEscapeUtils.escapeHtml(appletheigth); - appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - * @throws BKUException - */ - public String verifyIdentityLink(AuthenticationSession session, - Map infoboxReadResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); - - String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // check if an identity link was found - // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform - // (SL1.2)) - // CharSequence se = "ErrorCode>2911".substring(0); - // boolean b = xmlInfoboxReadResponse.contains(se); - String se = "ErrorCode>2911"; - int b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // no identity link found - Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); - return null; - } - // spezifikationsgemaess (SL1.2) Errorcode - se = "ErrorCode>4002"; - // b = xmlInfoboxReadResponse.contains(se); - b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // Unbekannter Infoboxbezeichner - Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); - return null; - } - - // parses the - IdentityLink identityLink = new InfoboxReadResponseParser( - xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true - : false; - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - ignoreManifestValidationResult); - - session.setIdentityLink(identityLink); - // now validate the extended infoboxes - - //Removed in MOA-ID 2.0 - //verifyInfoboxes(session, infoboxReadResponseParameters, false); - - return "found!"; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, MOAIDException{ - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - // check if person is a Organwalter - // if true - don't show bPK in AUTH Block - try { - for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { - if (certificate.getExtension(OWid) != null) { - session.setOW(true); - } - - } - - } catch (X509ExtensionInitException e) { - Logger.warn("Certificate extension is not readable."); - session.setOW(false); - } - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - return returnvalue; - } - - /** - * Processes an Mandate sent by the MIS.
- *
    - *
  • Validates given Mandate
    • - *
  • Verifies Mandate by calling the MOA SP component
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - GET_MIS_SESSIONID, PARAM_SESSIONID }); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - try { - // sets the extended SAML attributes for OID (Organwalter) - setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam - .getBusinessService()); - - validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - - } - - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); - - // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos); - return createXMLSignatureRequest; - } - - /** - * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
- *
    - *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param cert - * The certificate from the user - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, - X509Certificate cert) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - Principal subject = cert.getSubjectDN(); - - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); - return createXMLSignatureRequest; - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param createXMLSignatureResponseParameters - * The parameters from the response returned from the BKU - * including the <CreateXMLSignatureResponse> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_SESSIONID }); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // parses the - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param readInfoboxResponseParameters - * The parameters from the response returned from the BKU - * including the <ReadInfoboxResponse> - * @throws BKUException - */ - public X509Certificate getCertificate(String sessionID, - Map readInfoboxResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlReadInfoboxResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE }); - - // parses the - InfoboxReadResponseParser p = new InfoboxReadResponseParser( - xmlReadInfoboxResponse); - X509Certificate cert = p.parseCertificate(); - - return cert; - - } - - /** - * Builds an authentication block <saml:Assertion> from - * given session data. - * - * @param session - * authentication session - * - * @return <saml:Assertion> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - - String identificationValue = null; - String identificationType = null; - - //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { - identificationType = ""; - identificationValue = ""; - - } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - if (oaParam.getBusinessService()) { - - String bpkBase64 = new BPKBuilder().buildWBPK(identityLink - .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); - identificationValue = bpkBase64; - - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) - identificationType = oaParam.getIdentityLinkDomainIdentifier(); - else - identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - - } else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); - } - - - } else { - identificationValue = identityLink.getIdentificationValue(); - identificationType = identityLink.getIdentificationType(); - - } - - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - - if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); - - } catch (ConfigurationException e) { - } - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - } - } - - - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void validateExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, - boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - mandate, business, false); - - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - verifySAMLAttribute(samlAttribute, i, "MISService", - "MISService"); - - } - } - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void setExtendedSAMLAttributeForMandatesOID( - AuthenticationSession session, MISMandate mandate, boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( - mandate, business); - - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); - - } - - /** - * Adds given SAML Attributes to the current session. They will be appended - * to the final SAML Assertion or the AUTH block. If the attributes are - * already in the list, they will be replaced. - * - * @param session - * The current session - * @param extendedSAMLAttributes - * The SAML attributes to add - * @param identifier - * The infobox identifier for debug purposes - * @param friendlyNam - * The friendly name of the infobox for debug purposes - */ - private static void AddAdditionalSAMLAttributes( - AuthenticationSession session, - ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, - String friendlyName) throws ValidateException { - if (extendedSAMLAttributes == null) - return; - List oaAttributes = session.getExtendedSAMLAttributesOA(); - if (oaAttributes == null) - oaAttributes = new Vector(); - List authAttributes = session.getExtendedSAMLAttributesAUTH(); - if (authAttributes == null) - authAttributes = new Vector(); - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - Object value = verifySAMLAttribute(samlAttribute, i, identifier, - friendlyName); - - if ((value instanceof String) || (value instanceof Element)) { - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - default: - Logger - .info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() - + ") in SAML attribute number " - + (i + 1) - + " for infobox " + identifier); - throw new ValidateException("validator.47", new Object[] { - friendlyName, String.valueOf((i + 1)) }); - } - } else { - Logger - .info("The type of SAML-Attribute number " - + (i + 1) - + " returned from " - + identifier - + "-infobox validator is not valid. Must be either \"java.Lang.String\"" - + " or \"org.w3c.dom.Element\""); - throw new ValidateException("validator.46", new Object[] { - identifier, String.valueOf((i + 1)) }); - } - } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - - protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( - MISMandate mandate, boolean business, boolean provideStammzahl) - throws SAXException, IOException, ParserConfigurationException, - TransformerException { - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // Name - Element domMandate = mandateToElement(mandate); - Element nameSpaceNode = domMandate.getOwnerDocument().createElement( - "NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, - Constants.PD_NS_URI); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, - SZRGWConstants.MANDATE_NS); - - Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, - "//md:Mandate/md:Mandator", nameSpaceNode); - - // Mandate - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_RAW, domMandate, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)) { - String idType = ParepUtils - .extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) - && idType.startsWith(Constants.URN_PREFIX_BASEID)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_CB_BASE_ID, - ParepUtils.getRegisterString(idType) + ": " + wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (business) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_WBPK, wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( - MISMandate mandate, boolean business) throws SAXException, - IOException, ParserConfigurationException, TransformerException { - - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // RepresentationType - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_REPRESENTATIONTYPE, - EXT_SAML_MANDATE_REPRESENTATIONTEXT, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - String oid = mandate.getProfRep(); - - if (oid != null) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OID, oid, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - String oidDescription = mandate.getTextualDescriptionOfOID(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - oidDescription, SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * - * @param mandate - * @return - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private static Element mandateToElement(MISMandate mandate) - throws SAXException, IOException, ParserConfigurationException { - ByteArrayInputStream bais = new ByteArrayInputStream(mandate - .getMandate()); - Document doc = DOMUtils.parseDocumentSimple(bais); - return doc.getDocumentElement(); - } - - protected static void replaceExtendedSAMLAttribute(List attributes, - ExtendedSAMLAttribute samlAttribute) { - if (null == attributes) { - attributes = new Vector(); - } else { - String id = samlAttribute.getName(); - int length = attributes.size(); - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes - .get(i); - if (id.equals(att.getName())) { - // replace attribute - attributes.set(i, samlAttribute); - return; - } - } - attributes.add(samlAttribute); - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - * @throws BKUException - */ - public String verifyAuthenticationBlock(AuthenticationSession session, - String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - // parses - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureReadResponse).parseResponse(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp - .getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } - // validates - if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); - else - new CreateXMLSignatureResponseValidator().validate(csresp, session); - - // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, - vtids, tpid); - // debug output - - // invokes the call - Element domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); - // debug output - - // parses the - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( - domVsresp).parseData(); - - if (Logger.isTraceEnabled()) { - if (domVsresp != null) { - try { - String xmlVerifyXMLSignatureResponse = DOMUtils - .serializeNode(domVsresp, true); - Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); - Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); - } catch (Throwable t) { - t.printStackTrace(); - Logger.info(new LogMsg(t.getStackTrace())); - } - } - } - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - false); - - // Compare AuthBlock Data with information stored in session, especially - // date and time - CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, session.getIdentityLink()); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(false); - - if (session.getUseMandate()) { - // mandate mode - return null; - - } else { - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - - String oldsessionID = session.getSessionID(); - - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - return newMOASessionID; - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - - protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { - Element identificationBpK = mandatePerson.getOwnerDocument() - .createElementNS(Constants.PD_NS_URI, "Identification"); - Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Value"); - - String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); - valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - bpkBase64)); - Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Type"); - typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - "urn:publicid:gv.at:cdid+bpk")); - identificationBpK.appendChild(valueBpK); - identificationBpK.appendChild(typeBpK); - - return identificationBpK; - - } - - protected String getBaseId(Element mandatePerson) - throws TransformerException, IOException { - NodeList list = mandatePerson.getElementsByTagNameNS( - Constants.PD_NS_URI, "Identification"); - for (int i = 0; i < list.getLength(); i++) { - Element identification = (Element) list.item(i); - Element type = (Element) identification.getElementsByTagNameNS( - Constants.PD_NS_URI, "Type").item(0); - if (type.getTextContent().compareToIgnoreCase( - "urn:publicid:gv.at:baseid") == 0) { - Element value = (Element) identification - .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") - .item(0); - return value.getTextContent(); - } - } - return null; - - } - - /** - * Gets the foreign authentication data.
- *
    - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - public String getForeignAuthenticationData(AuthenticationSession session) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getSignerCertificate(); - vsresp.setX509certificate(cert); - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(true); - - //TODO: regenerate MOASession ID! - return "new Session"; - } - - /** - * Builds the AuthenticationData object together with the corresponding - * <saml:Assertion> - * - * @param session - * authentication session - * @param verifyXMLSigResp - * VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException - * while accessing configuration data - * @throws BuildException - * while building the <saml:Assertion> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - if (session.getUseMandate() && session.isOW()) { - MISMandate mandate = session.getMISMandate(); - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - - /** - * Retrieves a session from the session store. - * - * @param id - * session ID - * @return AuthenticationSession stored with given session ID, - * null if session ID unknown - */ - public static AuthenticationSession getSession(String id) - throws AuthenticationException { - - AuthenticationSession session; - try { - session = AuthenticationSessionStoreage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("parser.04", new Object[] { id }); - } - } - - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - - //clean AuthenticationSessionStore - - AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - - //clean AssertionStore - AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore - DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); - exstore.clean(now, authDataTimeOut); - - } - - /** - * Sets the sessionTimeOut. - * - * @param seconds - * Time out of the session in seconds - */ - public void setSecondsSessionTimeOutCreated(long seconds) { - sessionTimeOutCreated = seconds * 1000; - } - - public void setSecondsSessionTimeOutUpdated(long seconds) { - sessionTimeOutUpdated = seconds * 1000; - } - - /** - * Sets the authDataTimeOut. - * - * @param seconds - * Time out for signing AuthData in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = seconds * 1000; - } - - /** - * Checks a parameter. - * - * @param param - * parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Checks the correctness of SAML attributes and returns its value. - * - * @param param - * samlAttribute - * @param i - * the number of the verified attribute for messages - * @param identifier - * the infobox identifier for messages - * @param friendlyname - * the friendly name of the infobox for messages - * @return the SAML attribute value (Element or String) - */ - protected static Object verifySAMLAttribute( - ExtendedSAMLAttribute samlAttribute, int i, String identifier, - String friendlyName) throws ValidateException { - String name = samlAttribute.getName(); - - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "null" }); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is empty."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "leer" }); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", - new Object[] { friendlyName, "Namespace", - String.valueOf((i + 1)), "null" }); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Wert", String.valueOf((i + 1)), "null" }); - } - - return value; - } - - /** - * Does the request to the SZR-GW - * @param oaFriendlyName - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException - */ - - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - - SZRGWClient client = new SZRGWClient(connectionParameters); - - - CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(citizenSignature.getBytes()); - - PEPSData data = new PEPSData(); - data.setDateOfBirth(PEPSDateOfBirth); - data.setFamilyname(PEPSFamilyname); - data.setFirstname(PEPSFirstname); - data.setIdentifier(PEPSIdentifier); - - data.setRepresentative(representative); - data.setRepresented(represented); - data.setMandateContent(mandateContent); - - data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); - data.setLegalPersonTranslatableType(organizationType); - - if(null != mandateContent) { - MISType mis = new MISType(); - - Target targetObject = new Target(); - targetObject.setType(targetType); - targetObject.setValue(targetValue); - mis.setTarget(targetObject); - - mis.setOAFriendlyName(oaFriendlyName); - - Filters filterObject = new Filters(); - MandateIdentifiers mandateIds = new MandateIdentifiers(); - for(String current : filters.split(",")) - mandateIds.getMandateIdentifier().add(current.trim()); - filterObject.setMandateIdentifiers(mandateIds); - mis.setFilters(filterObject); - - request.setMIS(mis); - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); - return response; - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } - - return null; - - } - - /** - * Does the request to the SZR-GW. - * - * @param signature the signature - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); - } - - /** - * Does the request to the SZR-GW. - * - * @param PEPSIdentifier the pEPS identifier - * @param PEPSFirstname the pEPS firstname - * @param PEPSFamilyname the pEPS familyname - * @param PEPSDateOfBirth the pEPS date of birth - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); - } - - /** - * Gets the identity link. - * - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @param organizationAddress the organization address - * @param organizationType the organization type - * @return the identity link - * @throws SZRGWClientException - */ - public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, - String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, - citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * SZR-GW Client interface. - * - * @param eIdentifier the e identifier - * @param givenName the given name - * @param lastName the last name - * @param dateOfBirth the date of birth - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - */ - public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, String gender, - String citizenSignature, String representative, String represented, - String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, - citizenSignature, representative, represented, mandate, null, - null, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * Starts a MOA-ID authentication process using STORK - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public static void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - String providerName= oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - List attributesFromConfig = oaParam.getRequestedAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for(OAStorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if(current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = currentGlobalAttribute.isMandatory(); - break; - } - - newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", - moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (OAStorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL); - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setStorkAuthnRequest(authnRequest); - HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - httpSession.invalidate(); - throw new MOAIDException("stork.02", new Object[] { destination }); - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - } - - private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes()); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } - - /** - * Extracts an X509 Certificate out of an XML signagture element - * @param signedXML XML signature element - * @return X509Certificate - * @throws CertificateException - */ - public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - - NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - - String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { - String msg = "XML does not contain a X509Certificate element."; - Logger.error(msg); - throw new CertificateException(msg); - } - - InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - X509Certificate cert; - try { - cert = new X509Certificate(is); - return cert; - - } catch (Throwable e) { - throw new CertificateException(e); - } - } + //build CertInfo request + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() + .build(); + String certInfoDataURL = new DataURLBuilder() + .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, + session.getSessionID()); + + //get Applet Parameters + String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); + String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); + appletheigth = StringEscapeUtils.escapeHtml(appletheigth); + appletwidth = StringEscapeUtils.escapeHtml(appletwidth); + + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, + certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + * @throws BKUException + */ + public String verifyIdentityLink(AuthenticationSession session, + Map infoboxReadResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform + // (SL1.2)) + // CharSequence se = "ErrorCode>2911".substring(0); + // boolean b = xmlInfoboxReadResponse.contains(se); + String se = "ErrorCode>2911"; + int b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // no identity link found + Logger + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); + return null; + } + // spezifikationsgemaess (SL1.2) Errorcode + se = "ErrorCode>4002"; + // b = xmlInfoboxReadResponse.contains(se); + b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // Unbekannter Infoboxbezeichner + Logger + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); + return null; + } + + // parses the + IdentityLink identityLink = new InfoboxReadResponseParser( + xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(identityLink, authConf + .getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has + // to be ignored + boolean ignoreManifestValidationResult = (oaParam.getBusinessService() || oaParam.getStorkService()) ? true + : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + + //Removed in MOA-ID 2.0 + //verifyInfoboxes(session, infoboxReadResponseParameters, false); + + return "found!"; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String verifyCertificate(AuthenticationSession session, + X509Certificate certificate) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, MOAIDException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + // check if person is a Organwalter + // if true - don't show bPK in AUTH Block + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; + } + + /** + * Processes an Mandate sent by the MIS.
+ *
    + *
  • Validates given Mandate
    • + *
  • Verifies Mandate by calling the MOA SP component
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public void verifyMandate(AuthenticationSession session, MISMandate mandate) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + GET_MIS_SESSIONID, PARAM_SESSIONID}); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + try { + // sets the extended SAML attributes for OID (Organwalter) + setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam + .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } + + } + + /** + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ + public String getCreateXMLSignatureRequestAuthBlockOrRedirect( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam) throws ConfigurationException, + BuildException, ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session, oaParam); + + // builds the + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .build(authBlock, oaParam.getKeyBoxIdentifier(), + transformsInfos); + return createXMLSignatureRequest; + } + + /** + * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
+ *
    + *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param cert The certificate from the user + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String createXMLSignatureRequestForeignID(AuthenticationSession session, + X509Certificate cert) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, + cert); + } + + public String getCreateXMLSignatureRequestForeigID( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam, X509Certificate cert) + throws ConfigurationException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + Principal subject = cert.getSubjectDN(); + + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .buildForeignID(subject.toString(), oaParam, session); + return createXMLSignatureRequest; + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU + * including the <CreateXMLSignatureResponse> + * @throws BKUException + */ + public X509Certificate verifyXMLSignature(String sessionID, + Map createXMLSignatureResponseParameters) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p + .parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .buildDsig(createXMLSignatureResponse, authConf + .getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from the BKU + * including the <ReadInfoboxResponse> + * @throws BKUException + */ + public X509Certificate getCertificate(String sessionID, + Map readInfoboxResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser( + xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + + /** + * Builds an authentication block <saml:Assertion> from + * given session data. + * + * @param session authentication session + * @return <saml:Assertion> as a String + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + + String identificationValue = null; + String identificationType = null; + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested + if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + identificationType = ""; + identificationValue = ""; + + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (oaParam.getBusinessService()) { + + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink + .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); + identificationValue = bpkBase64; + + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = oaParam.getIdentityLinkDomainIdentifier(); + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); + + // Bug #485 + // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + // String oaURL = session.getPublicOAURLPrefix(); + + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + + + if (session.isSsoRequested()) { + String oaURL = new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + } + + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void validateExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, + boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandatesOID( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( + mandate, business); + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, + "MISService", "MISService"); + + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes( + AuthenticationSession session, + ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, + String friendlyName) throws ValidateException { + if (extendedSAMLAttributes == null) + return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes == null) + oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes == null) + authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[]{ + friendlyName, String.valueOf((i + 1))}); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[]{ + identifier, String.valueOf((i + 1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + MISMandate mandate, boolean business, boolean provideStammzahl) + throws SAXException, IOException, ParserConfigurationException, + TransformerException { + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // Name + Element domMandate = mandateToElement(mandate); + Element nameSpaceNode = domMandate.getOwnerDocument().createElement( + "NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, + Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, + SZRGWConstants.MANDATE_NS); + + Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, + "//md:Mandate/md:Mandator", nameSpaceNode); + + // Mandate + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_RAW, domMandate, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)) { + String idType = ParepUtils + .extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) + && idType.startsWith(Constants.URN_PREFIX_BASEID)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_CB_BASE_ID, + ParepUtils.getRegisterString(idType) + ": " + wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (business) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_WBPK, wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( + MISMandate mandate, boolean business) throws SAXException, + IOException, ParserConfigurationException, TransformerException { + + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // RepresentationType + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String oid = mandate.getProfRep(); + + if (oid != null) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + String oidDescription = mandate.getTextualDescriptionOfOID(); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * @param mandate + * @return + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private static Element mandateToElement(MISMandate mandate) + throws SAXException, IOException, ParserConfigurationException { + ByteArrayInputStream bais = new ByteArrayInputStream(mandate + .getMandate()); + Document doc = DOMUtils.parseDocumentSimple(bais); + return doc.getDocumentElement(); + } + + protected static void replaceExtendedSAMLAttribute(List attributes, + ExtendedSAMLAttribute samlAttribute) { + if (null == attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes + .get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + * @throws BKUException + */ + public String verifyAuthenticationBlock(AuthenticationSession session, + String xmlCreateXMLSignatureReadResponse) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + // parses + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureReadResponse).parseResponse(); + + try { + String serializedAssertion = DOMUtils.serializeNode(csresp + .getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + + // builds a for a MOA-SPSS call + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, + vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker() + .verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( + domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp != null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils + .serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + // Compare AuthBlock Data with information stored in session, especially + // date and time + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, session.getIdentityLink()); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp + .getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + + if (session.getUseMandate()) { + // mandate mode + return null; + + } else { + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + + protected Element createIdentificationBPK(Element mandatePerson, + String baseid, String target) throws BuildException { + Element identificationBpK = mandatePerson.getOwnerDocument() + .createElementNS(Constants.PD_NS_URI, "Identification"); + Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Value"); + + String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); + valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + bpkBase64)); + Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Type"); + typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + "urn:publicid:gv.at:cdid+bpk")); + identificationBpK.appendChild(valueBpK); + identificationBpK.appendChild(typeBpK); + + return identificationBpK; + + } + + protected String getBaseId(Element mandatePerson) + throws TransformerException, IOException { + NodeList list = mandatePerson.getElementsByTagNameNS( + Constants.PD_NS_URI, "Identification"); + for (int i = 0; i < list.getLength(); i++) { + Element identification = (Element) list.item(i); + Element type = (Element) identification.getElementsByTagNameNS( + Constants.PD_NS_URI, "Type").item(0); + if (type.getTextContent().compareToIgnoreCase( + "urn:publicid:gv.at:baseid") == 0) { + Element value = (Element) identification + .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") + .item(0); + return value.getTextContent(); + } + } + return null; + + } + + /** + * Gets the foreign authentication data.
+ *
    + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + public String getForeignAuthenticationData(AuthenticationSession session) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session + .getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getSignerCertificate(); + vsresp.setX509certificate(cert); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //TODO: regenerate MOASession ID! + return "new Session"; + } + + /** + * Builds the AuthenticationData object together with the corresponding + * <saml:Assertion> + * + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance())); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + try { + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + authData.setIdentityLink(identityLink); + + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + return authData; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + } + + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) + throws AuthenticationException { + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + if (session == null) + throw new AuthenticationException("auth.02", new Object[]{id}); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[]{id}); + } + } + + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + + //clean AuthenticationSessionStore + + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); + + //clean ExeptionStore + DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); + exstore.clean(now, authDataTimeOut); + + } + + /** + * Sets the sessionTimeOut. + * + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; + } + + /** + * Sets the authDataTimeOut. + * + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = seconds * 1000; + } + + /** + * Checks a parameter. + * + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + /** + * Checks the correctness of SAML attributes and returns its value. + * + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + protected static Object verifySAMLAttribute( + ExtendedSAMLAttribute samlAttribute, int i, String identifier, + String friendlyName) throws ValidateException { + String name = samlAttribute.getName(); + + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is empty."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", + new Object[]{friendlyName, "Namespace", + String.valueOf((i + 1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Wert", String.valueOf((i + 1)), "null"}); + } + + return value; + } + + /** + * Does the request to the SZR-GW + * + * @param oaFriendlyName + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + SZRGWClient client = new SZRGWClient(connectionParameters); + + + CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); + request.setSignature(citizenSignature.getBytes()); + + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); + + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); + + if (null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setType(targetType); + targetObject.setValue(targetValue); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for (String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); + return response; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null)); + } + + return null; + + } + + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); + } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, String gender, + String citizenSignature, String representative, String represented, + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * Starts a MOA-ID authentication process using STORK + * + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); + + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName = oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + // prepare collection of required attributes + // - attributes for online application + List attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for (OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + + boolean globallyMandatory = false; + for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if (current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); + attributeList.add(newAttribute); + } + + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List value = new ArrayList(); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); + } + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode(moasession.getCcc()); + + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + try { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moasession.setStorkAuthnRequest(authnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[]{destination}); + } + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + } + + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + DocumentType doc = new DocumentType(); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); + + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (IOException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index 828fc78ab..ba347c9e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -51,82 +51,143 @@ import at.gv.egovernment.moa.util.Constants; /** * Builder for the <InfoboxReadRequest> structure * used for requesting the identity link from the security layer implementation. - * + * * @author Paul Ivancsics * @version $Id$ */ public class InfoboxReadRequestBuilder implements Constants { - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - - - /** - * Builds an <InfoboxReadRequest>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe null if the OA - * is a public service; must not be null - * if the OA is a business service - * - * @return <InfoboxReadRequest> as String - */ - public String build(boolean businessService, String identityLinkDomainIdentifier) { - - String slPrefix; - String slNsDeclaration; - + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + */ + public String build(boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + // if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; // } else { // slPrefix = SL10_PREFIX; // slNsDeclaration = SL10_NS_URI; // } - - StringBuffer sb = new StringBuffer(""); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>IdentityLink"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); - if (businessService) { - sb.append("<"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":IdentityLinkDomainIdentifier>"); - sb.append(identityLinkDomainIdentifier); - sb.append(""); - sb.append(""); + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + * + */ + public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + + // append box parameters - necessary for stork? + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + // end appending box parameters + + sb.append(""); + + return sb.toString(); + } - sb.append(""); - - return sb.toString(); - - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 7e21c6667..2d0a0e367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,7 +55,12 @@ public class OAParameter { this.businessService = true; else this.businessService = false; - + + if (this.oaType.equals("storkService")) + this.storkService = true; + else + this.storkService = false; + this.publicURLPrefix = oa.getPublicURLPrefix(); this.friendlyName = oa.getFriendlyName(); @@ -81,8 +86,15 @@ public class OAParameter { * if value of {@link #oaType} is "businessService" */ private boolean businessService; - - /** + + /** + * specifies whether the online application is a stork application or not (true + * if value of {@link #oaType} is "storkService" + */ + private boolean storkService; + + + /** * public URL prefix of the online application */ private String publicURLPrefix; @@ -139,5 +151,7 @@ public class OAParameter { public OAOAUTH20 getoAuth20Config() { return oAuth20Config; } + + public boolean getStorkService() { return storkService; } } diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index ef994abd3..aeb4ad88c 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -61,6 +61,7 @@ + @@ -75,7 +76,6 @@ - diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml index c418d6693..6e02e5944 100644 --- a/id/server/moa-id.iml +++ b/id/server/moa-id.iml @@ -8,6 +8,7 @@ + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index e61d841ce..279d544b1 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -55,6 +55,7 @@ + @@ -93,7 +94,6 @@ - diff --git a/pom.xml b/pom.xml index d87ab8a4e..c4126fbfb 100644 --- a/pom.xml +++ b/pom.xml @@ -469,6 +469,12 @@ dll runtime + + commons-io + commons-io + 1.3.2 + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index 3dda938d9..6e02e5944 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index 678776d19..07392b36c 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -13,13 +13,14 @@ - - + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index deed935ed..0b49fc962 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -10,13 +10,14 @@ - - + + + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index 567359474..6e02e5944 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 93d7e676f..d1832bd65 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,8 +55,6 @@ - - @@ -91,6 +89,7 @@ + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index ae8f03a70..0714500d5 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -56,6 +56,7 @@ + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index a880f50ab..25d80b1dd 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,8 +1,8 @@ - - + + @@ -17,6 +17,7 @@ + -- cgit v1.2.3 From 4ade7db6124eec07aebf087721d3d478f92bdaad Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:59:19 +0100 Subject: added consent-checkbox to config ui --- .../moa/id/configuration/data/oa/OASTORKConfig.java | 10 ++++++++++ .../moa/id/configuration/struts/action/EditOAAction.java | 1 + .../src/main/resources/applicationResources.properties | 1 + id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 6 ++++++ .../gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 5 ++++- .../moa/id/protocols/stork2/AttributeCollector.java | 7 ++++++- .../src/main/resources/config/moaid_config_2.0.xsd | 13 +++++++++---- 7 files changed, 37 insertions(+), 6 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 929a3673c..d9f2a4d85 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -84,6 +84,7 @@ public class OASTORKConfig { // fetch vidp config setVidpEnabled(config.isVidpEnabled()); + setRequireConsent(config.isRequireConsent()); attributeProviderPlugins = config.getAttributeProviders(); // - if no attribute providers are configured, add a dummy @@ -150,6 +151,7 @@ public class OASTORKConfig { */ private boolean vidpEnabled = false; private List attributeProviderPlugins = new ArrayList(); + private boolean requireConsent; public List getAvailableAttributeProviderPlugins() { return AttributeProviderFactory.getAvailablePlugins(); @@ -170,4 +172,12 @@ public class OASTORKConfig { public void setVidpEnabled(boolean update) { vidpEnabled = update; } + + public boolean isRequireConsent() { + return requireConsent; + } + + public void setRequireConsent(boolean update) { + requireConsent = update; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 370923ca1..f8a12e58b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -1036,6 +1036,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, stork.setQaa(storkOA.getQaa()); stork.setOAAttributes(storkOA.getAttributes()); stork.setVidpEnabled(storkOA.isVidpEnabled()); + stork.setRequireConsent(storkOA.isRequireConsent()); stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); try { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index ef52892b3..18d19c06b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -278,6 +278,7 @@ webpages.oaconfig.oauth20.clientSecret=Client Passwort webpages.oaconfig.oauth20.redirectUri=Redirect Uri webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.requireconsent=Zustimmung f\u00FCr das Ausliefern der Attribute vom Benutzer einholen? webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen webpages.oaconfig.vidp.ap.remove=Entfernen webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 78ad500ef..6749b5131 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -537,6 +537,12 @@ key="webpages.oaconfig.vidp.enabled" cssClass="checkbox" id="OAuseVidp" />

+

<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d1de20c4d..31ba64be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -67,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; -import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -350,6 +349,10 @@ public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } +public boolean isRequireConsentForStorkAttributes() { + return oa_auth.getOASTORK().isRequireConsent(); +} + public List getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 5d972ba00..7dbbb5734 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -148,7 +148,12 @@ public class AttributeCollector implements IAction { // else, update any existing attributes addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } - new ConsentEvaluatorSepp().requestConsent(container, response, oaParam); + + // ask for consent if necessary + if(oaParam.isRequireConsentForStorkAttributes()) + new ConsentEvaluator().requestConsent(container, response, oaParam); + else + new ConsentEvaluator().generateSTORKResponse(response, container); return "12345"; // AssertionId diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index b7e8f6ff3..936363169 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -883,11 +883,16 @@ - - - + + + - + + + -- cgit v1.2.3 From 60ac2a89fce86eb1e8344eb22535cfdd0b9aa147 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 14 Mar 2014 18:37:56 +0100 Subject: attr --- id/ConfigWebTool/ConfigurationInterface.iml | 9 ++-- id/pom.xml | 5 +++ id/server/auth/moa-id-auth.iml | 9 ++-- id/server/idserverlib/moa-id-lib.iml | 9 ++-- id/server/idserverlib/pom.xml | 5 ++- .../id/protocols/stork2/AttributeCollector.java | 1 + .../protocols/stork2/AttributeProviderFactory.java | 10 ++++- .../id/protocols/stork2/AuthenticationRequest.java | 32 ++++++++++++- .../moa/id/protocols/stork2/ConsentEvaluator.java | 8 +++- .../stork2/MandateAttributeRequestProvider.java | 52 ++++++++++++++++++++++ .../src/main/resources/config/moaid_config_2.0.xsd | 2 +- id/server/pom.xml | 2 +- id/server/proxy/moa-id-proxy.iml | 9 ++-- pom.xml | 2 +- 14 files changed, 125 insertions(+), 30 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 13c327c84..77fafd064 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -35,7 +35,6 @@ - @@ -106,8 +105,8 @@ - - + + @@ -125,7 +124,7 @@ - + @@ -165,7 +164,7 @@ - + diff --git a/id/pom.xml b/id/pom.xml index bd3344638..5eb67cc9f 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -43,6 +43,11 @@ org.slf4j:1.5* org.slf4j:1.6* + SamlEngine:1.1* + SamlEngine:1.2* + Commons:1.1* + Commons:1.2* + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 815c21ef2..c431a320c 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -23,7 +23,6 @@ - @@ -78,8 +77,8 @@ - - + + @@ -98,7 +97,7 @@ - + @@ -153,7 +152,7 @@ - + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index 47c38c069..0bcb37f55 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -13,9 +13,8 @@ - - - + + @@ -42,7 +41,7 @@ - + @@ -142,7 +141,7 @@ - + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 59275055f..f495ba9b3 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -56,12 +56,12 @@ eu.stork Commons - 1.2.0 + 1.4.0 eu.stork SamlEngine - 1.1.0 + 1.4.0 @@ -195,6 +195,7 @@ commons-fileupload commons-fileupload + 1.3 commons-httpclient diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7dbbb5734..1dfccb6c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -178,6 +178,7 @@ public class AttributeCollector implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e1); + e1.printStackTrace(); throw new MOAIDException("stork.11", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index c998b5f69..a8a9d9677 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; import java.util.List; @@ -20,6 +21,7 @@ public class AttributeProviderFactory { result.add("StorkAttributeRequestProvider"); result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); + result.add("MandateAttributeRequestProvider"); return result; } @@ -38,6 +40,8 @@ public class AttributeProviderFactory { return new EHvdAttributeProviderPlugin(url, attributes); } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); + } else if (shortname.equals("MandateAttributeRequestProvider")) { + return new MandateAttributeRequestProvider(url, attributes); } else { return null; } @@ -51,10 +55,14 @@ public class AttributeProviderFactory { */ public static List getConfiguredPlugins( List configuredAPs) { + Logger.setHierarchy("moa.id.protocols.stork2"); List result = new ArrayList(); - for (AttributeProviderPlugin current : configuredAPs) + for (AttributeProviderPlugin current : configuredAPs) { + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); + Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); + } return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3d5fbd337..442fa8a5b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -10,8 +10,11 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; +import org.joda.time.DateTime; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; @@ -61,13 +64,25 @@ public class AuthenticationRequest implements IAction { // check if we have authentication request else if (moaStorkRequest.isAuthnRequest()) { Logger.debug("Starting AuthenticationRequest"); - moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + // Get personal attributtes from MOA/IdentityLink moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + + Logger.debug("Starting generation of SAML response"); + try { + moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false)); + } catch (STORKSAMLEngineException ex) { + // TODO + } + } - moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); + //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); // Prepare extended attributes Logger.debug("Preparing data container"); @@ -84,6 +99,19 @@ public class AuthenticationRequest implements IAction { container.setRemoteAddress(httpReq.getRemoteAddr()); + STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse(); + + + arep.setCountry("XX"); + arep.setInResponseTo("xxxx"); + arep.setMessage("xxxx"); + arep.setSamlId("xxxx"); + arep.setStatusCode("xxxx"); + + // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); + // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); + + Logger.debug("Data container prepared"); return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 79404d4f0..19ec754ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -15,11 +15,13 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; @@ -92,7 +94,8 @@ public class ConsentEvaluator implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e1); + e1.printStackTrace(); + Logger.error("Error putting incomplete Stork response into temporary storage", e1); throw new MOAIDException("stork.17", null); } @@ -143,7 +146,8 @@ public class ConsentEvaluator implements IAction { response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); else response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); - + + //generateSAML Token Logger.info("SAML response succesfully generated!"); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java new file mode 100644 index 000000000..123999166 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Provides mandate attribute from MIS + * + */ +public class MandateAttributeRequestProvider implements AttributeProvider { + /** The destination. */ + private Object destination; + + /** The attributes. */ + private String attributes; + + public MandateAttributeRequestProvider(String url, String supportedAttributes) { + Logger.setHierarchy("moa.id.protocols.stork2"); + destination = url; + attributes = supportedAttributes; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + this.getClass().getName()); + // break if we cannot handle the requested attribute + if(!attributes.contains(attribute.getName())) + throw new UnsupportedAttributeException(); + PersonalAttributeList result = new PersonalAttributeList(); + //return result; + throw new ExternalAttributeRequestRequiredException(this); + } + + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + Logger.info("Redirecting: " + this.getClass().getName()); + + } + + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { + Logger.info("Parsing attribute: " + this.getClass().getName()); + + return null; // + } +} diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 936363169..3a2b8cc62 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -892,7 +892,7 @@ - + diff --git a/id/server/pom.xml b/id/server/pom.xml index 056accdad..fbaeaeaf1 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -18,7 +18,7 @@ proxy auth moa-id-commons - stork2-saml-engine + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index d0e7de0b2..ebb14c7b0 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -21,7 +21,6 @@ - @@ -75,8 +74,8 @@ - - + + @@ -95,7 +94,7 @@ - + @@ -150,7 +149,7 @@ - + diff --git a/pom.xml b/pom.xml index c4126fbfb..045c8b545 100644 --- a/pom.xml +++ b/pom.xml @@ -163,7 +163,7 @@ commons-fileupload commons-fileupload - 1.1.1 + 1.3 commons-httpclient -- cgit v1.2.3 From 70e3ac3a5a76c430f453019eba72a1f291069913 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 13:35:29 +0100 Subject: adjust bpk builder --- id/ConfigWebTool/ConfigurationInterface.iml | 2 +- id/server/auth/moa-id-auth.iml | 6 +++--- id/server/idserverlib/moa-id-lib.iml | 2 +- .../java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 7 ++++++- .../egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java | 4 +++- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 1 + id/server/moa-id-commons/moa-id-commons.iml | 4 ++-- id/server/pom.xml | 5 +++-- id/server/proxy/moa-id-proxy.iml | 6 +++--- id/server/stork2-saml-engine/pom.xml | 4 ++-- 10 files changed, 25 insertions(+), 16 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 7af1731c8..0006e531e 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -106,7 +106,7 @@ - + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 73af6885e..a82e8089d 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + @@ -78,7 +78,7 @@ - + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index dba9b563f..5dae15c18 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -14,7 +14,7 @@ - + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 603d924d8..866c5a923 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -170,9 +170,12 @@ public class BPKBuilder { new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); } + Logger.info("Building STORK identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry+"/"+destinationCountry+"/"+identificationValue; + /* Commented - it is already done by BKU, we need only to add Stork values String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - Logger.info("Building STORK identification from:" + basisbegriff); + Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); @@ -182,6 +185,8 @@ public class BPKBuilder { } catch (Exception ex) { throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); } + */ + return eIdentifier; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index ba347c9e5..81ef5e408 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.builder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; /** @@ -79,7 +80,7 @@ public class InfoboxReadRequestBuilder implements Constants { * @return <InfoboxReadRequest> as String */ public String build(boolean businessService, String identityLinkDomainIdentifier) { - + Logger.info("Building InfoBoxReadRequest"); String slPrefix; String slNsDeclaration; @@ -144,6 +145,7 @@ public class InfoboxReadRequestBuilder implements Constants { * */ public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + Logger.info("Building Stork InfoBoxReadRequest for " + identityLinkDomainIdentifier); String slPrefix; String slNsDeclaration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index b3d831b80..618311a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -162,3 +162,4 @@ public class StorkAttributeRequestProvider implements AttributeProvider { } } + diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index aeb4ad88c..387cfa900 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -26,8 +26,8 @@ - - + + diff --git a/id/server/pom.xml b/id/server/pom.xml index c44773994..dfe5d33af 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -18,8 +18,9 @@ proxy auth moa-id-commons - - SamlEngine-VIDP + stork2-saml-engine + stork2-commons + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 083fd2df8..f22728405 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + @@ -75,7 +75,7 @@ - + diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index cead61eb8..c1992b3fb 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -131,8 +131,8 @@ maven-compiler-plugin 2.3.2 - 1.6 - 1.6 + 1.7 + 1.7 -- cgit v1.2.3
AP PluginURLAttribute (CSV)