From 1626ac9867cd5406b83e73651080e33c11fb98d1 Mon Sep 17 00:00:00 2001 From: kstranacher_eGovL Date: Thu, 12 Jul 2012 11:27:13 +0000 Subject: Integration of STORK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1285 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../auth/.settings/org.eclipse.jdt.core.prefs | 2 +- .../.settings/org.eclipse.wst.common.component | 161 ++- .../org.eclipse.wst.common.project.facet.core.xml | 6 +- id/server/auth/src/main/webapp/WEB-INF/web.xml | 13 +- id/server/auth/src/main/webapp/css/index.css | 6 + id/server/auth/src/main/webapp/iframeHandyBKU.html | 7 +- .../auth/src/main/webapp/iframeOnlineBKU.html | 11 +- id/server/auth/src/main/webapp/img/stork-logo.png | Bin 0 -> 9160 bytes id/server/auth/src/main/webapp/index.html | 124 +- id/server/auth/src/main/webapp/info_stork.html | 44 + .../auth/src/main/webapp/template_handyBKU.html | 1 - .../auth/src/main/webapp/template_localBKU.html | 3 +- .../auth/src/main/webapp/template_onlineBKU.html | 3 +- .../conf/moa-id/SampleMOAIDConfiguration.xml | 64 +- .../conf/moa-id/SampleMOAIDConfigurationProxy.xml | 64 +- .../SampleMOAIDConfiguration_withTestBKs.xml | 64 +- .../SampleMOAIDConfiguration_withTestBKsProxy.xml | 64 +- .../conf/moa-id/SampleMOAWIDConfiguration.xml | 18 +- .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml | 18 +- .../SampleMOAWIDConfiguration_withTestBKs.xml | 18 +- .../SampleMOAWIDConfiguration_withTestBKsProxy.xml | 18 +- id/server/data/deploy/conf/moa-id/log4j.properties | 1 + .../conf/moa-spss/SampleMOASPSSConfiguration.xml | 8 + .../trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer | 16 + .../trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer | 21 + .../trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer | 32 + .../trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer | 31 + .../moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer | 43 + .../moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer | 21 + .../moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer | 33 + .../moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer | 31 + id/server/doc/moa_id/id-admin_2.htm | 154 ++- id/server/doc/moa_id/moa.htm | 1 + .../.settings/org.eclipse.jdt.core.prefs | 8 +- .../.settings/org.eclipse.wst.common.component | 14 +- .../org.eclipse.wst.common.project.facet.core.xml | 4 +- id/server/idserverlib/pom.xml | 15 +- .../moa/id/auth/AuthenticationServer.java | 394 +++++- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/auth/builder/BPKBuilder.java | 4 +- .../builder/CreateXMLSignatureRequestBuilder.java | 49 +- .../moa/id/auth/data/AuthenticationSession.java | 25 +- .../moa/id/auth/servlet/AuthServlet.java | 64 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 143 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 16 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 227 ++++ .../auth/servlet/StartAuthenticationServlet.java | 80 +- .../servlet/VerifyAuthenticationBlockServlet.java | 15 +- .../moa/id/auth/stork/AssertionVerifier.java | 56 + .../moa/id/auth/stork/CredentialProvider.java | 50 + .../id/auth/stork/KeyStoreCredentialProvider.java | 126 ++ .../auth/stork/PEPSConnectorAssertionVerifier.java | 241 ++++ .../auth/stork/PEPSConnectorResponseVerifier.java | 153 +++ .../moa/id/auth/stork/ResponseVerifier.java | 44 + .../id/auth/stork/STORKAuthnRequestProcessor.java | 170 +++ .../moa/id/auth/stork/STORKException.java | 42 + .../moa/id/auth/stork/STORKResponseProcessor.java | 405 ++++++ .../moa/id/auth/stork/VelocityProvider.java | 88 ++ .../moa/id/config/ConfigurationBuilder.java | 322 ++++- .../id/config/auth/AuthConfigurationProvider.java | 28 +- .../moa/id/config/auth/OAAuthParameter.java | 60 +- .../gv/egovernment/moa/id/config/stork/CPEPS.java | 98 ++ .../moa/id/config/stork/STORKConfig.java | 90 ++ .../config/stork/SignatureCreationParameter.java | 112 ++ .../stork/SignatureVerificationParameter.java | 35 + .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 46 + .../moa/id/util/ParamValidatorUtils.java | 141 +- .../resources/properties/id_messages_de.properties | 11 + id/server/pom.xml | 1 + .../proxy/.settings/org.eclipse.jdt.core.prefs | 2 +- .../.settings/org.eclipse.wst.common.component | 158 ++- .../org.eclipse.wst.common.project.facet.core.xml | 6 +- id/server/stork-saml-engine/pom.xml | 93 ++ .../stork/mw/messages/saml/STORKAuthnRequest.java | 139 ++ .../eu/stork/mw/messages/saml/STORKResponse.java | 52 + .../messages/builder/STORKMessagesBuilder.java | 1367 ++++++++++++++++++++ .../stork/vidp/messages/common/STORKBootstrap.java | 73 ++ .../stork/vidp/messages/common/STORKConstants.java | 176 +++ .../vidp/messages/exception/SAMLException.java | 60 + .../exception/SAMLValidationException.java | 60 + .../stork/vidp/messages/saml/STORKAttribute.java | 65 + .../vidp/messages/saml/STORKAttributeValue.java | 51 + .../stork/vidp/messages/saml/STORKExtensions.java | 78 ++ .../messages/saml/STORKRequestedAttribute.java | 53 + .../messages/saml/impl/STORKAttributeBuilder.java | 60 + .../messages/saml/impl/STORKAttributeImpl.java | 63 + .../saml/impl/STORKAttributeMarshaller.java | 56 + .../saml/impl/STORKAttributeUnmarshaller.java | 58 + .../saml/impl/STORKAuthnRequestBuilder.java | 48 + .../messages/saml/impl/STORKAuthnRequestImpl.java | 170 +++ .../saml/impl/STORKAuthnRequestMarshaller.java | 44 + .../saml/impl/STORKAuthnRequestUnmarshaller.java | 137 ++ .../messages/saml/impl/STORKExtensionsBuilder.java | 45 + .../messages/saml/impl/STORKExtensionsImpl.java | 74 ++ .../saml/impl/STORKExtensionsMarshaller.java | 32 + .../saml/impl/STORKExtensionsUnmarshaller.java | 58 + .../saml/impl/STORKRequestedAttributeBuilder.java | 57 + .../saml/impl/STORKRequestedAttributeImpl.java | 66 + .../impl/STORKRequestedAttributeUnmarshaller.java | 64 + .../messages/saml/impl/STORKResponseBuilder.java | 48 + .../vidp/messages/saml/impl/STORKResponseImpl.java | 59 + .../saml/impl/STORKResponseMarshaller.java | 44 + .../saml/impl/STORKResponseUnmarshaller.java | 51 + .../messages/stork/AuthenticationAttributes.java | 55 + .../vidp/messages/stork/CitizenCountryCode.java | 48 + .../vidp/messages/stork/EIDCrossBorderShare.java | 54 + .../vidp/messages/stork/EIDCrossSectorShare.java | 54 + .../stork/vidp/messages/stork/EIDSectorShare.java | 54 + .../stork/QualityAuthenticationAssuranceLevel.java | 48 + .../vidp/messages/stork/RequestedAttributes.java | 58 + .../stork/vidp/messages/stork/SPAuthRequest.java | 46 + .../eu/stork/vidp/messages/stork/SPCertEnc.java | 44 + .../eu/stork/vidp/messages/stork/SPCertSig.java | 44 + .../eu/stork/vidp/messages/stork/SPCertType.java | 49 + .../java/eu/stork/vidp/messages/stork/SPID.java | 48 + .../stork/vidp/messages/stork/SPInformation.java | 67 + .../stork/vidp/messages/stork/SpApplication.java | 48 + .../eu/stork/vidp/messages/stork/SpCountry.java | 48 + .../stork/vidp/messages/stork/SpInstitution.java | 48 + .../eu/stork/vidp/messages/stork/SpSector.java | 48 + .../stork/VIDPAuthenticationAttributes.java | 60 + .../impl/AuthenticationAttributesBuilder.java | 46 + .../stork/impl/AuthenticationAttributesImpl.java | 74 ++ .../impl/AuthenticationAttributesMarshaller.java | 35 + .../impl/AuthenticationAttributesUnmarshaller.java | 52 + .../stork/impl/CitizenCountryCodeBuilder.java | 46 + .../stork/impl/CitizenCountryCodeImpl.java | 60 + .../stork/impl/CitizenCountryCodeMarshaller.java | 45 + .../stork/impl/CitizenCountryCodeUnmarshaller.java | 45 + .../stork/impl/EIDCrossBorderShareBuilder.java | 46 + .../stork/impl/EIDCrossBorderShareImpl.java | 80 ++ .../stork/impl/EIDCrossBorderShareMarshaller.java | 45 + .../impl/EIDCrossBorderShareUnmarshaller.java | 45 + .../stork/impl/EIDCrossSectorShareBuilder.java | 46 + .../stork/impl/EIDCrossSectorShareImpl.java | 80 ++ .../stork/impl/EIDCrossSectorShareMarshaller.java | 45 + .../impl/EIDCrossSectorShareUnmarshaller.java | 45 + .../messages/stork/impl/EIDSectorShareBuilder.java | 46 + .../messages/stork/impl/EIDSectorShareImpl.java | 80 ++ .../stork/impl/EIDSectorShareMarshaller.java | 45 + .../stork/impl/EIDSectorShareUnmarshaller.java | 45 + ...QualityAuthenticationAssuranceLevelBuilder.java | 46 + .../QualityAuthenticationAssuranceLevelImpl.java | 60 + ...lityAuthenticationAssuranceLevelMarshaller.java | 45 + ...tyAuthenticationAssuranceLevelUnmarshaller.java | 45 + .../stork/impl/RequestedAttributesBuilder.java | 58 + .../stork/impl/RequestedAttributesImpl.java | 88 ++ .../stork/impl/RequestedAttributesMarshaller.java | 40 + .../impl/RequestedAttributesUnmarshaller.java | 55 + .../messages/stork/impl/SPAuthRequestBuilder.java | 50 + .../messages/stork/impl/SPAuthRequestImpl.java | 76 ++ .../stork/impl/SPAuthRequestMarshaller.java | 57 + .../stork/impl/SPAuthRequestUnmarshaller.java | 70 + .../vidp/messages/stork/impl/SPCertEncBuilder.java | 46 + .../vidp/messages/stork/impl/SPCertEncImpl.java | 39 + .../messages/stork/impl/SPCertEncMarshaller.java | 34 + .../messages/stork/impl/SPCertEncUnmarshaller.java | 33 + .../vidp/messages/stork/impl/SPCertSigBuilder.java | 46 + .../vidp/messages/stork/impl/SPCertSigImpl.java | 39 + .../messages/stork/impl/SPCertSigMarshaller.java | 34 + .../messages/stork/impl/SPCertSigUnmarshaller.java | 33 + .../vidp/messages/stork/impl/SPCertTypeImpl.java | 72 ++ .../messages/stork/impl/SPCertTypeMarshaller.java | 34 + .../stork/impl/SPCertTypeUnmarshaller.java | 53 + .../vidp/messages/stork/impl/SPIDBuilder.java | 46 + .../stork/vidp/messages/stork/impl/SPIDImpl.java | 60 + .../vidp/messages/stork/impl/SPIDMarshaller.java | 45 + .../vidp/messages/stork/impl/SPIDUnmarshaller.java | 45 + .../messages/stork/impl/SPInformationBuilder.java | 46 + .../messages/stork/impl/SPInformationImpl.java | 121 ++ .../stork/impl/SPInformationMarshaller.java | 35 + .../stork/impl/SPInformationUnmarshaller.java | 61 + .../messages/stork/impl/SpApplicationBuilder.java | 46 + .../messages/stork/impl/SpApplicationImpl.java | 60 + .../stork/impl/SpApplicationMarshaller.java | 45 + .../stork/impl/SpApplicationUnmarshaller.java | 45 + .../vidp/messages/stork/impl/SpCountryBuilder.java | 46 + .../vidp/messages/stork/impl/SpCountryImpl.java | 60 + .../messages/stork/impl/SpCountryMarshaller.java | 45 + .../messages/stork/impl/SpCountryUnmarshaller.java | 45 + .../messages/stork/impl/SpInstitutionBuilder.java | 46 + .../messages/stork/impl/SpInstitutionImpl.java | 60 + .../stork/impl/SpInstitutionMarshaller.java | 45 + .../stork/impl/SpInstitutionUnmarshaller.java | 45 + .../vidp/messages/stork/impl/SpSectorBuilder.java | 47 + .../vidp/messages/stork/impl/SpSectorImpl.java | 60 + .../messages/stork/impl/SpSectorMarshaller.java | 45 + .../messages/stork/impl/SpSectorUnmarshaller.java | 45 + .../impl/VIDPAuthenticationAttributesBuilder.java | 46 + .../impl/VIDPAuthenticationAttributesImpl.java | 91 ++ .../VIDPAuthenticationAttributesMarshaller.java | 35 + .../VIDPAuthenticationAttributesUnmarshaller.java | 55 + .../java/eu/stork/vidp/messages/util/SAMLUtil.java | 405 ++++++ .../java/eu/stork/vidp/messages/util/XMLUtil.java | 143 ++ .../validation/StorkAssertionValidator.java | 91 ++ .../validation/StorkAttributeValidator.java | 204 +++ .../StorkAudienceRestrictionValidator.java | 56 + .../StorkAuthenticationAttributesValidator.java | 57 + .../validation/StorkAuthnRequestValidator.java | 137 ++ .../validation/StorkAuthnStatementValidator.java | 62 + .../StorkCitizenCountryCodeValidator.java | 63 + .../validation/StorkConditionsValidator.java | 70 + .../validation/StorkEIDSectorShareValidator.java | 51 + .../StorkEncryptedAttributeValidator.java | 50 + .../validation/StorkEncryptedIdValidator.java | 51 + .../validation/StorkExtensionsValidator.java | 66 + .../messages/validation/StorkIssuerValidator.java | 61 + .../messages/validation/StorkNameIDValidator.java | 67 + .../validation/StorkNameIdPolicyValidator.java | 52 + ...alityAuthenticationAssuranceLevelValidator.java | 54 + .../StorkRequestedAttributeValidator.java | 92 ++ .../StorkRequestedAttributesValidator.java | 45 + .../validation/StorkResponseValidator.java | 137 ++ .../messages/validation/StorkSPIDValidator.java | 64 + .../validation/StorkSPInformationValidator.java | 49 + .../validation/StorkSpApplicationValidator.java | 63 + .../validation/StorkSpCountryValidator.java | 58 + .../validation/StorkSpInstitutionValidator.java | 62 + .../validation/StorkSpSectorValidator.java | 65 + .../validation/StorkStatusCodeValidator.java | 139 ++ .../messages/validation/StorkStatusValidator.java | 55 + .../StorkSubjectConfirmationValidator.java | 128 ++ .../validation/StorkSubjectLocalityValidator.java | 47 + .../messages/validation/StorkSubjectValidator.java | 60 + ...StorkVIDPAuthenticationAttributesValidator.java | 57 + .../src/main/resources/saml2-post-binding-moa.vm | 38 + .../src/main/resources/saml2-stork-config.xml | 242 ++++ 227 files changed, 15461 insertions(+), 423 deletions(-) create mode 100644 id/server/auth/src/main/webapp/img/stork-logo.png create mode 100644 id/server/auth/src/main/webapp/info_stork.html create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java create mode 100644 id/server/stork-saml-engine/pom.xml create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKAuthnRequest.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/mw/messages/saml/STORKResponse.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/builder/STORKMessagesBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKConstants.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLException.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/exception/SAMLValidationException.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttribute.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKAttributeValue.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKExtensions.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/STORKRequestedAttribute.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAttributeUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKExtensionsUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKRequestedAttributeUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKResponseUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/AuthenticationAttributes.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/CitizenCountryCode.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossBorderShare.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDCrossSectorShare.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/EIDSectorShare.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/QualityAuthenticationAssuranceLevel.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/RequestedAttributes.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPAuthRequest.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertEnc.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertSig.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPCertType.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPID.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SPInformation.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpApplication.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpCountry.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpInstitution.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/SpSector.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/VIDPAuthenticationAttributes.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/AuthenticationAttributesUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/CitizenCountryCodeUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossBorderShareUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDCrossSectorShareUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/EIDSectorShareUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/QualityAuthenticationAssuranceLevelUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/RequestedAttributesUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPAuthRequestUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertEncUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertSigUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPCertTypeUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPIDUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SPInformationUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpApplicationUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpCountryUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpInstitutionUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/SpSectorUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesBuilder.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesImpl.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesMarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/stork/impl/VIDPAuthenticationAttributesUnmarshaller.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/XMLUtil.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java create mode 100644 id/server/stork-saml-engine/src/main/resources/saml2-post-binding-moa.vm create mode 100644 id/server/stork-saml-engine/src/main/resources/saml2-stork-config.xml (limited to 'id') diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs index 63fe7cb8a..7ba572a76 100644 --- a/id/server/auth/.settings/org.eclipse.jdt.core.prefs +++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,3 @@ -#Fri Nov 16 13:12:23 CET 2007 eclipse.preferences.version=1 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4 @@ -9,4 +8,5 @@ org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning org.eclipse.jdt.core.compiler.source=1.4 diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index b116cf610..ddba575d7 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -1,18 +1,145 @@ - - - - - - uses - - - uses - - - uses - - - - - + + + + + + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + uses + + + + \ No newline at end of file diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml index f30a1de6e..a801c94a0 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -1,5 +1,7 @@ + + + - - + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index ef75dff24..2a1d093d9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -70,6 +70,13 @@ jspservlet org.apache.jasper.servlet.JspServlet + + PEPSConnectorServlet + PEPSConnectorServlet + Servlet receiving STORK SAML Response Messages from different C-PEPS + + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + @@ -124,8 +131,12 @@ AxisServlet /services/* + + PEPSConnectorServlet + /PEPSConnector + - 30 + 5 500 diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css index 18a0dccde..3dd974813 100644 --- a/id/server/auth/src/main/webapp/css/index.css +++ b/id/server/auth/src/main/webapp/css/index.css @@ -124,6 +124,12 @@ button { cursor: pointer; } +input { + background: #efefef; + border:1px solid #000; + cursor: pointer; +} + #installJava, #BrowserNOK { clear:both; font-size:0.8em; diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html index 0f6e1e282..b5936679f 100644 --- a/id/server/auth/src/main/webapp/iframeHandyBKU.html +++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html @@ -8,11 +8,11 @@ @@ -117,16 +156,17 @@ - +
- + + - - +
@@ -145,14 +185,44 @@ - - + + + +
+

+ Home Country Selection +

+
+ + + @@ -182,7 +279,8 @@ - + +

diff --git a/id/server/auth/src/main/webapp/info_stork.html b/id/server/auth/src/main/webapp/info_stork.html new file mode 100644 index 000000000..3bd88300c --- /dev/null +++ b/id/server/auth/src/main/webapp/info_stork.html @@ -0,0 +1,44 @@ + + + + Information (STORK) + + + + + +

+ + +
+
+

+ Information using STORK for secure authentication +

+
+ +

The STORK project makes it easier for citizens to access online public services across borders by implementing Europe-wide interoperable cross border platforms for the mutual recognition of national electronic identity (eID) between participating countries.

+

For more information, please consult the STORK website:

https://www.eid-stork.eu/ +
+
+
+
+ + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html index 0ad73a6f3..27834cd91 100644 --- a/id/server/auth/src/main/webapp/template_handyBKU.html +++ b/id/server/auth/src/main/webapp/template_handyBKU.html @@ -12,7 +12,6 @@
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html index f197d2c5c..64275391a 100644 --- a/id/server/auth/src/main/webapp/template_localBKU.html +++ b/id/server/auth/src/main/webapp/template_localBKU.html @@ -11,8 +11,7 @@ - - Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: + diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html index 565955538..b8cd19866 100644 --- a/id/server/auth/src/main/webapp/template_onlineBKU.html +++ b/id/server/auth/src/main/webapp/template_onlineBKU.html @@ -11,8 +11,7 @@ - - Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 6525642f1..109a59d6b 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -1,6 +1,6 @@ - + @@ -40,6 +40,39 @@ + + + + + + + + + + + + + + + file_to_keystore + signing_key_name + + + + + C-PEPS + + + + + @@ -69,6 +102,35 @@ + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 27bf6681c..f292a7c64 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -1,6 +1,6 @@ - + @@ -41,6 +41,39 @@ + + + + + + + + + + + + + + + file_to_keystore + signing_key_name + + + + + C-PEPS + + + + + @@ -80,6 +113,35 @@ + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index eefc7cf6a..b4735db0d 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -1,6 +1,6 @@ - + @@ -42,6 +42,39 @@ + + + + + + + + + + + + + + + file_to_keystore + signing_key_name + + + + + C-PEPS + + + + + @@ -71,6 +104,35 @@ + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index f9e296c62..9c5223de5 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -1,6 +1,6 @@ - + @@ -42,6 +42,39 @@ + + + + + + + + + + + + + + + file_to_keystore + signing_key_name + + + + + C-PEPS + + + + + @@ -81,6 +114,35 @@ + + + + + + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml index f639af1b6..bf6a7b489 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml @@ -1,6 +1,6 @@ - + @@ -29,19 +29,7 @@ MOAIDTransformAuthBlockTable_DE - - - - - - - - - - - - - + @@ -52,7 +40,7 @@ 468924i - + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml index a63eb8db9..f54f3df3e 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml @@ -1,6 +1,6 @@ - + @@ -29,19 +29,7 @@ MOAIDTransformAuthBlockTable_DE - - - - - - - - - - - - - + @@ -62,7 +50,7 @@ 468924i - + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml index 6d7e1d0d1..1472571fc 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml @@ -1,6 +1,6 @@ - + @@ -30,19 +30,7 @@ MOAIDTransformAuthBlockTable_DE - - - - - - - - - - - - - + @@ -53,7 +41,7 @@ 468924i - + diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml index 6ce0f5d51..ea8260a91 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml @@ -1,6 +1,6 @@ - + @@ -30,19 +30,7 @@ MOAIDTransformAuthBlockTable_DE - - - - - - - - - - - - - + @@ -63,7 +51,7 @@ 468924i - + diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index 0f31f4891..5f44f06bc 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -8,6 +8,7 @@ log4j.logger.moa.spss.server=info log4j.logger.iaik.server=info log4j.logger.moa.id.auth=info log4j.logger.moa.id.proxy=info +log4j.logger.eu.stork=info # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index dbf7cab1c..1352154c5 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -39,6 +39,14 @@ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + + C-PEPS-Test + trustProfiles/C-PEPS-Test + + + C-PEPS + trustProfiles/C-PEPS + true diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer new file mode 100644 index 000000000..10c4987ef --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer @@ -0,0 +1,16 @@ +MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj +YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV +BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4 +MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE +BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu +OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0 +BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd +dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ +9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU +RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn +XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy +zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I +uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6 +ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE +jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why +Ht0CXp0= \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer new file mode 100644 index 000000000..925fedbc2 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN +AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO +MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt +c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow +ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL +MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD +VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv +z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+ ++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT +OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE +WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au +zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF +AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o +/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu +WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W +VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7 +M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ +QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer new file mode 100644 index 000000000..7b625ea9f --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw +dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg +MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC +UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS +QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN +b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh +dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u +XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg +oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8 +jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG +CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE +gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs +dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8 +CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1 +AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0 +AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB +AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v +Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv +bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0 +MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw +MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM +J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G +CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22 +QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB +hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0 +03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv +eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR +EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer new file mode 100644 index 000000000..25fd95a59 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt +Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC +c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU +LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF +UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz +FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ +AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE +toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL +N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4 +o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P +AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx +MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ +aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME +DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2 +BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh +dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS +TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z +dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0 +P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt +Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW +BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM +MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW +LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00 +Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb +vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54 +AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe +4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer new file mode 100644 index 000000000..541d231c4 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE +AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0 +YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw +NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV +BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD +VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD +R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl +k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5 +uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n +/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW +iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC +AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud +JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+ +FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV +HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ +YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p +bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx +MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h +IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G +CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP +MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC +ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA +bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA +ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA +dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA +dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA +ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA +bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA +NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA +dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo +dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu +oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv +BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw +OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw +CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e +fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq +LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg +V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0 +ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z +rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer new file mode 100644 index 000000000..925fedbc2 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN +AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO +MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt +c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow +ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL +MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD +VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv +z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+ ++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT +OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE +WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au +zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF +AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o +/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu +WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W +VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7 +M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ +QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer new file mode 100644 index 000000000..085416b7b --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw +dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg +MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC +UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS +QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh +cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP +V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk +YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp +CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn +v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u +PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC +A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0 +aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB +BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh +LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA +dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA +cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww +EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw +Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh +cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V +TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX +oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW +BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY +MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV +rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV +RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN +WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd +4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou +TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5 +TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M +vz83eaDr +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer new file mode 100644 index 000000000..9c8e73b1c --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j +YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy +dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB +TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j +vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c +xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5 +aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri +ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T +u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/ +BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw +MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw +Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow +CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm +MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0 +aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG +hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1 +dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6 +Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw +FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7 +lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ +KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW +Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc +Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP +4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun +YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj +85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm index 8a217bfcc..c5ba8827b 100644 --- a/id/server/doc/moa_id/id-admin_2.htm +++ b/id/server/doc/moa_id/id-admin_2.htm @@ -519,6 +519,76 @@ Projekt moa 

AuthComponent/ForeignIdentities
Ab Version 1.4.7 bietet MOA-ID die Möglichkeit der Nutzung von ausländischen Karten. Hierfür ist ein Stammzahlenregister-Gateway nötig, das einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein entsprechender ConnectionParameter zu definieren, der die Zugangsdaten zum Gateway bereithält (siehe ConnectionParameter). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat für die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben.

+

AuthComponent/ForeignIdentities/STORK
+

Ab MOA Release 1.5.2 ist es auch möglich, ausländische Bürger über STORK zu authentifizieren. Da auch für diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angeführten Ausführungen hinsichtlich ConnectionParameter auch für STORK. Für eine STORK Authentifizierung sind jedoch noch weitere Konfigurationen notwendig. Folgende Einträge müssen für eine STORK Authentifizierung hier noch konfiguriert werden: +

    +
  • C-PEPS Informationen +
    +
    • +
  • KeyStore zum SAML Signatur-Zertifikat +
    +
    • +
  • MOA-SP TrustProfil zur SAML Signatur-Validierung +
    +
    • +
+

+

AuthComponent/ForeignIdentities/STORK/C-PEPS
+ Unter diesem Konfigurationselement können die Verbindungsparameter zu den jeweiligen C-PEPS (Citizen Country - PEPS) der europäischen Länder, die auch STORK unterstützen, angegeben werden. Für eine erfolgreiche C-PEPS Konfiguration muss der ISO-Country Code des jeweiligen Landes und die dazugehörige C-PEPS URL angegeben werden. In Ausnahmenfällen müssen bei einzelnen C-PEPS länderspezifische Attribute abgefragt werden, dies funktioniert durch zusätzliche Angabe eines <stork:RequestedAttribute> Elements. Die C-PEPS Konfigurationen sind in den der MOA-Release beliegenden Beispielkonfigurationen bereits vorkonfiguriert. Sollte sich an diesen Konfigurationen etwas ändern, werden diese via JoinUp (MOA@JoinUp) bzw. MOA-Mailingliste veröffentlicht. Im Folgenden wird eine Beispielkonfiguration kurz veranschaulicht. + 

+<C-PEPS countryCode="PT" URL="https://eu-id.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>					   			   			 
+<C-PEPS countryCode="SI" URL="https://peps.mju.gov.si/PEPS/ColleagueRequest">
+    <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/fiscalNumber" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+</C-PEPS>
+
+ Details zur Angabe von <stork:RequestedAttribute> bzw. welche Attribute von STORK überhaupt unterstützt werden, wird in der Konfiguration zur Online Application angegeben (hier). + +

AuthComponent/ForeignIdentities/STORK/SAMLSigningParameter
+ Dieser Konfigurationseintrag enthält Informationen dazu, mit welchem Zertifikat ausgehende STORK SAML Nachichten signiert werden und welches MOA-SP TrustProfil zur Signaturüberprüfung von empfangenen STORK SAML Nachrichten herangezogen werden soll. + In der Konfiguration wird eine Unterscheidung zwischen Signaturerstellungs- und Signaturverifizierungsparameter getroffen: +

    +
  • <SignatureCreationParameter> +
    +
    • +
  • <SignatureVerificationParameter> +
    +
    • +
+ Der <SignatureCreationParameter> kapselt dabei Informationen, welche zum Signieren von ausgehenden STORK SAML Nachrichten benötigt werden. Im Wesentlichen sind das Informationen zu dem KeyStore, welcher das Schlüsselpaar zum Signieren ausgehender STORK SAML Nachrichten beinhaltet. Der entsprechende Konfigurationseintrag sieht wie folgt aus: +
+<SignatureCreationParameter>
+    <KeyStore password="Keystore Pass">file_to_keystore</KeyStore>
+    <KeyName password="Keystore Name">signing_key_name</KeyName>                 			           
+</SignatureCreationParameter>
+
+ Die folgenden Werte sind dabei anzugeben bzw. durch echte Werte auszutauschen: +
    +
  • file_to_keystore: Relativer Pfad zum KeyStore (Java oder PKCS#12), welcher das Schlüsselpaar zum Signieren ausgehender STORK SAML Nachrichten speichert +
    +
    • +
  • Keystore Pass: Passwort zum angegebenen KeyStore +
    +
    • +
  • signing_key_name: Alias Name des Schlüssels, welcher zum Signieren verwendet werden soll +
    +
    • +
  • Key Pass: Passwort zum angegebenen Schlüssel +
    +
    • +
+ Der <SignatureCreationParameter> kapselt dabei Informationen, die für eine Signaturprüfung von eingehenden STORK SAML Nachrichten benötigt werden. Im Wesentlich ist das die Angabe des MOA-SP TrustProfils, welches die vertrauenswürdigen Zertifikate der europäischen C-PEPS enthält. Der entsprechende Konfigurationseintrag sieht daher wie folgt aus: +
+<SignatureVerificationParameter>	       	  
+    <TrustProfileID>C-PEPS</TrustProfileID>			       	   
+</SignatureVerificationParameter>	
+
+Die folgenden Werte sind dabei anzugeben: +
    +
  • TrustProfile: Dieser Eintrag gibt jenes TrustProfil von MOA-SP an, welches zur Signaturprüfung von eingehenden STORK SAML Nachrichten herangezogen werden soll. Vorkonfiguriert sind die beiden TrustProfiles C-PEPS (Produktive C-PEPS Zertifikate) und C-PEPS-Test (Test C-PEPS Zertifikate). Sollte es auch hier zu Änderungen kommen, werden diese auch via JoinUp (MOA@JoinUp) bzw. MOA-Mailingliste veröffentlicht. +
    +
    • +
+

AuthComponent/OnlineMandates

Ab Version 1.5.0 bietet MOA-ID die Möglichkeit der Nutzung von Online-Vollmachten für Anwendungen aus dem öffentlichen Bereich. Hierfür ist ein Online-Vollmachten-Service nötig. Es ist hierzu ein ensprechender ConnectionParameter zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereithält (siehe ConnectionParameter). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat für die SSL-Verbinung zum Service angegeben werden. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben.
Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben - siehe hier. @@ -923,11 +993,93 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt Mit Hilfe dieses Elements werden die Online-Vollmachten für die Online-Applikation aktiviert. Als Kindelement muss Profiles angegeben werden. Dieses Element beinhaltet eine (Komma-separierte) Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann. - Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der untersttzen Vollmachten-Profile.
+ Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.
Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe hier

+
+

OnlineApplication/AuthComponent/STORK +
+ Innerhalb dieses Konfigurationsblocks kann angegeben werden, welche zusätzlichen Attribute (neben eIdentifier, givenName, surname und dateOfBirth, welche defaultmäßig requested werden) im Rahmen einer STORK Anmeldung für diese Applikation vom Bürger abgefragt werden sollen. Außerdem kann zu Testzwecken das benötigte Authentifzierungslevel (STORK QAALevel) vom defaultmäßig höchstem Level von 4 für diese Applikation verringert werden. + Für ein anderes STORK QAALevel muss folgendes XML Element mit einem Wert zwischen 1 und 4 angegeben werden: <stork:QualityAuthenticationAssuranceLevel>. +
+ Die zusätzlichen Attribute werden im Element <storkp:RequestedAttributes> gekapselt. Ein entsprechener Konfigurationseintrag könnte folgendermaßen aussehen: +

+<storkp:RequestedAttributes>                    
+    <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/age" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+    <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eMail" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+    <stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/isAgeOver" isRequired="false" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+      <stork:AttributeValue>1</stork:AttributeValue>
+    </stork:RequestedAttribute>
+</storkp:RequestedAttributes>  
+
+ Bei der Inkludierung von <stork:RequestedAttribute> Elementen sind folgende XML Attribute anzugeben: +
    +
  • Name: Der Name des entsprechenden STORK Attributes. +
    +
    • +
  • isRequired: Gibt durch true oder false an, ob das angefragte Attribut für die Applikation verpflichtend oder nur optional benötigt wird. +
    +
    • +
  • NameFormat: Gibt das Format des Attributes an und MUSS den Wert urn:oasis:names:tc:SAML:2.0:attrname-format:uri beinhalten. +
    +
    • +
  • Element <stork:AttributeValue>: Dieses Element ist optional und gibt einen Vergleichswert für ein abzufragendes Attribut an. Im Beispiel von isAgeOver wird in der Antwort retourniert, ob die authentifizierte Person älter als das geforderte angegebene Alter ist. +
    +
    • +
+ Details zu den STORK Attributen können im Anhang zur MOA-ID Spezifikation bzw. in der STORK Spezifikation gefunden werden. + Im Wesentlichen kann die folgende Menge an Attributen bzw. Teile daraus für eine Online Applikation angefragt werden: +
    +
  • http://www.stork.gov.eu/1.0/inheritedFamilyName +
    +
    • +
  • http://www.stork.gov.eu/1.0/adoptedFamilyName +
    +
    • +
  • http://www.stork.gov.eu/1.0/gender +
    +
    • +
  • http://www.stork.gov.eu/1.0/countryCodeOfBirth +
    +
    • +
  • http://www.stork.gov.eu/1.0/nationalityCode +
    +
    • +
  • http://www.stork.gov.eu/1.0/maritalStatus +
    +
    • +
  • http://www.stork.gov.eu/1.0/textResidenceAddress +
    +
    • +
  • http://www.stork.gov.eu/1.0/canonicalResidenceAddress +
    +
    • +
  • http://www.stork.gov.eu/1.0/eMail +
    +
    • +
  • http://www.stork.gov.eu/1.0/title +
    +
    • +
  • http://www.stork.gov.eu/1.0/residencePermit +
    +
    • +
  • http://www.stork.gov.eu/1.0/pseudonym +
    +
    • +
  • http://www.stork.gov.eu/1.0/age +
    +
    • +
  • http://www.stork.gov.eu/1.0/citizenQAALevel +
    +
    • +
  • http://www.stork.gov.eu/1.0/isAgeOver +
    +
    • +

    +
+

OnlineApplication/ProxyComponent
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm index 09fb1c5b6..3284e19cc 100644 --- a/id/server/doc/moa_id/moa.htm +++ b/id/server/doc/moa_id/moa.htm @@ -230,6 +230,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge

Ab der MOA Release 1.4.7 ist es möglich, dass sich auch ausländische Bürger mittels MOA-ID einloggen können. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausländischen Bürgers eine Eintragung im Ergänzungsregister für natürliche Personen gemäß E-Government Gesetz §6(5) vornimmt. Somit ist es möglich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird.

Der Zugang zu diesem Stammzahlenregister-Gateway ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert.

+

Ab MOA Release 1.5.2 ist es auch möglich, ausländische Bürger über STORK zu authentifizieren. Da auch für diese Art der Authentifizierung eine Kommunikation mit dem Stammzahlenregister-Gateway notwendig ist, gelten die zuvor angeführten Ausführungen auch für STORK.

Online-Vollmachten
diff --git a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs index 8bba65ebb..6d046587d 100644 --- a/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs +++ b/id/server/idserverlib/.settings/org.eclipse.jdt.core.prefs @@ -1,7 +1,7 @@ -#Thu Sep 20 14:35:41 CEST 2007 eclipse.preferences.version=1 -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4 -org.eclipse.jdt.core.compiler.compliance=1.4 +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5 +org.eclipse.jdt.core.compiler.compliance=1.5 org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning -org.eclipse.jdt.core.compiler.source=1.4 +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning +org.eclipse.jdt.core.compiler.source=1.5 diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component index 87b873d7b..a5eb3d4d8 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component @@ -1,7 +1,7 @@ - - - - - - - + + + + + + + \ No newline at end of file diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml index 30c02fe23..656f15b87 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ - - + + \ No newline at end of file diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 24d9452c2..7fbde1c6a 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -131,10 +131,23 @@ commons-lang 2.6 + + MOA.id + stork-saml-engine + 1.5.2 + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.5 + 1.5 + + org.apache.maven.plugins maven-jar-plugin @@ -179,7 +192,7 @@ http://java.sun.com/j2se/1.5.0/docs/api/ http://logging.apache.org/log4j/docs/api/ - 1.4 + 1.5 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a58f5fce2..a57ab5262 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,8 +29,12 @@ import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.HashMap; @@ -41,18 +45,24 @@ import java.util.Map; import java.util.Set; import java.util.Vector; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.xpath.XPathAPI; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -83,6 +93,9 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -90,6 +103,9 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -98,6 +114,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -113,6 +131,15 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -543,16 +570,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { int b = xmlInfoboxReadResponse.indexOf(se); if (b != -1) { // no identity link found Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslndische eID."); + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausl�ndische eID."); return null; } - // spezifikationsgemer (SL1.2) Errorcode + // spezifikationsgem��er (SL1.2) Errorcode se = "ErrorCode>4002"; // b = xmlInfoboxReadResponse.contains(se); b = xmlInfoboxReadResponse.indexOf(se); if (b != -1) { // Unbekannter Infoboxbezeichner Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslndische eID."); + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausl�ndische eID."); return null; } @@ -1732,7 +1759,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC); + useUTC, false); if (session.getUseMandate()) { // mandate mode @@ -2037,17 +2064,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); - try { - String serializedAssertion = DOMUtils.serializeNode(session - .getIdentityLink().getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } + // post processing of the infoboxes Iterator iter = session.getInfoboxValidatorIterator(); boolean formpending = false; @@ -2097,7 +2114,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { boolean useCondition = oaParam.getUseCondition(); int conditionLength = oaParam.getConditionLength(); AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC); + useUTC, true); String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, session.getAssertionPrPerson(), session @@ -2141,6 +2158,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { * authentication session * @param verifyXMLSigResp * VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates * @return AuthenticationData object * @throws ConfigurationException * while accessing configuration data @@ -2149,7 +2169,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC) + VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); @@ -2196,21 +2216,44 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } authData.setSignerCertificate(signerCertificateBase64); - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); + if(!isForeigner) { + //we have Austrian citizen + if (businessService) { + authData.setWBPK(identityLink.getIdentificationValue()); + } else { + authData.setBPK(identityLink.getIdentificationValue()); + + // BZ.., calculation of bPK already before sending AUTHBlock + /* + * if(identityLink.getIdentificationType().equals(Constants. + * URN_PREFIX_BASEID)) { // only compute bPK if online + * application is a public service and we have the Stammzahl + * String bpkBase64 = new BPKBuilder().buildBPK( + * identityLink.getIdentificationValue(), session.getTarget()); + * authData.setBPK(bpkBase64); } + */ + + } } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - + //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); + authData.setWBPK(wbpkBase64); + } + + } else { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); + authData.setBPK(bpkBase64); + } + + + } + } String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink .getSerializedSamlAssertion() @@ -2227,8 +2270,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAssertionBusinessService(businessService); session.setAssertionIlAssertion(ilAssertion); session.setAssertionPrPerson(prPerson); - session - .setAssertionSignerCertificateBase64(signerCertificateBase64); + session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2482,4 +2524,288 @@ public class AuthenticationServer implements MOAIDAuthConstants { return value; } + + /** + * Does the request to the SZR-GW + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } catch (GeneralSecurityException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } catch (PKIException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } + + + return response; + + } + + /** + * Starts a MOA-ID authentication process using STORK + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + String ccc, + String oaURL, + String target, + String targetFriendlyName, + String authURL, + String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + if (!oaParam.getBusinessService()) { + if (StringUtils.isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); + } else { + target = null; + } + + //create MOA session + AuthenticationSession moaSession = newSession(); + Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); + moaSession.setTarget(target); + moaSession.setTargetFriendlyName(targetFriendlyName); + moaSession.setOAURLRequested(oaURL); + moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moaSession.setAuthURL(authURL); + moaSession.setBusinessService(oaParam.getBusinessService()); + moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + if (sourceID != null) + moaSession.setSourceID(sourceID); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(ccc); + + Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName= oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + Logger.debug("QAALevel: " + qaaLevel.getValue()); + + RequestedAttributes requestedAttributes; + + requestedAttributes = oaParam.getRequestedAttributes(); + requestedAttributes.detach(); + List reqAttributeList = new ArrayList(); + List oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); + //check if country specific attributes must be additionally requested + if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { + //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("The following attributes are requested for this specific country:"); + List countrySpecificReqAttributeList = new ArrayList(cpeps.getCountrySpecificRequestedAttributes()); + for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { + csReqAttr.detach(); + if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) { + //this country specific attribute does not override default attribute + if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) { + //the same attribute is requested for OA, applying hierachy + //remove oa attribute + oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName())); + //add country specific attribute instead + Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead"); + } + oaReqAttributeList.add(csReqAttr); + Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired()); + } else { + Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it."); + } + + } + reqAttributeList.addAll(oaReqAttributeList); + } else { + //no country specific requested attributes + reqAttributeList.addAll(oaReqAttributeList); + } + + reqAttributeList = (List) SAMLUtil.releaseDOM(reqAttributeList); + requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (RequestedAttribute logReqAttr : reqAttributeList) { + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired()); + + } + } + + String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + String textToBeSigned = + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + + //generate AuthnRquest + STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( + destination, + acsURL, + providerName, + issuerValue, + qaaLevel, + requestedAttributes, + spSector, + spInstitution, + spApplication, + spCountry, + textToBeSigned, + "application/xhtml+xml"); + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + //sign AuthnRequest + String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath(); + String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword(); + String keyName = storkConfig.getSignatureCreationParameter().getKeyName(); + String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword(); + + Logger.debug("Starting signing process of STORK AuthnRequest."); + Logger.trace("Using the following Keystore and Key for that:"); + Logger.trace("KeyStore: " + keyStorePath); + Logger.trace("KeyName: " + keyName); + + try { + storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); + } catch (SAMLException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest); + } catch (SAMLValidationException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moaSession.setStorkAuthnRequest(storkAuthnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + + Logger.debug("Preparing to send STORK AuthnRequest."); + + try { + STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[] { destination }); + } + + Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination()); + Logger.debug("STORKAuthnRequest sent (pretty print): "); + Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM())); + Logger.trace("STORKAuthnRequest sent (original): "); + Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM())); + + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + CertificateFactory cf; + X509Certificate cert = null; + cf = CertificateFactory.getInstance("X.509"); + cert = (X509Certificate)cf.generateCertificate(is); + + return cert; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f3be98ef0..7d5835f20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -47,6 +47,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "CCC (Citizen Country Code)" */ + public static final String PARAM_CCC = "CCC"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index b6ba5871d..fa9789530 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -56,7 +56,7 @@ public class BPKBuilder { target.length() == 0)) { throw new BuildException("builder.00", - new Object[] {"BPK", "Unvollstndige Parameterangaben: identificationValue=" + + new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",target=" + target}); } String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; @@ -86,7 +86,7 @@ public class BPKBuilder { registerAndOrdNr.length() == 0)) { throw new BuildException("builder.00", - new Object[] {"wbPK", "Unvollstndige Parameterangaben: identificationValue=" + + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 9c696f245..2da7db2b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -129,7 +129,31 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @return String representation of <CreateXMLSignatureRequest> */ public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + + String request = ""; + request += ""; + request += "SecureSignatureKeypair"; + request += ""; + request += ""; + request += ""; + + request += buildForeignIDTextToBeSigned(subject, oaParam, session); + request += ""; + request += ""; + request += ""; + request += ""; + request += "application/xhtml+xml"; + request += ""; + request += ""; + request += ""; + request += ""; + + return request; + } + + public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + String target = session.getTarget(); String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); @@ -137,14 +161,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants { String date = DateTimeUtils.buildDate(cal); String time = DateTimeUtils.buildTime(cal); - String request = ""; - request += ""; - request += "SecureSignatureKeypair"; - request += ""; - request += ""; - request += ""; - - request += ""; + String request = ""; + request += ""; //application/xhtml+xml text/html + //request += ""; request += ""; request += "Signatur der Anmeldedaten"; request += "