From b73822979de23a3b7236411a7a737e2c93642a7d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 4 Jul 2013 10:09:26 +0200 Subject: =?UTF-8?q?BKU=20Auswahl=20in=20Kontext=20von=20MOA-ID=20f=C3=BCr?= =?UTF-8?q?=20standardkonforme=20Variante?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 12 +- .../auth/src/main/webapp/css/2.0/stammzahl.css | 192 +++++ .../auth/src/main/webapp/css/2.0/stylesinput.css | 251 +++++++ .../auth/src/main/webapp/css/2.0/stylesnew.css | 830 +++++++++++++++++++++ id/server/auth/src/main/webapp/css/index.css | 30 +- .../auth/src/main/webapp/img/2.0/bg_footer.png | Bin 0 -> 266 bytes .../auth/src/main/webapp/img/2.0/bg_header.png | Bin 0 -> 491 bytes .../auth/src/main/webapp/img/2.0/bg_mainnav.png | Bin 0 -> 192 bytes .../src/main/webapp/img/2.0/bg_mainnav_left.png | Bin 0 -> 236 bytes .../src/main/webapp/img/2.0/bg_mainnav_right.png | Bin 0 -> 3282 bytes .../auth/src/main/webapp/img/2.0/bku_local.gif | Bin 0 -> 1354 bytes .../auth/src/main/webapp/img/2.0/bku_mobile.gif | Bin 0 -> 1558 bytes .../auth/src/main/webapp/img/2.0/bku_online.gif | Bin 0 -> 1301 bytes .../src/main/webapp/img/2.0/checkbox_checked.png | Bin 0 -> 878 bytes .../src/main/webapp/img/2.0/checkbox_unchecked.gif | Bin 0 -> 117 bytes id/server/auth/src/main/webapp/img/2.0/dsk.ico | Bin 0 -> 3262 bytes id/server/auth/src/main/webapp/img/2.0/logo.png | Bin 0 -> 11141 bytes .../src/main/webapp/img/2.0/logo_digitalesOE.gif | Bin 0 -> 1242 bytes .../auth/src/main/webapp/img/2.0/logo_dsk_nav.png | Bin 0 -> 5860 bytes .../main/webapp/img/2.0/logo_dsk_szr_header.png | Bin 0 -> 85110 bytes .../auth/src/main/webapp/img/2.0/std_handy.gif | Bin 0 -> 2632 bytes .../auth/src/main/webapp/img/2.0/std_karte.gif | Bin 0 -> 2369 bytes .../moa/id/auth/AuthenticationServer.java | 188 +---- .../moa/id/auth/MOAIDAuthConstants.java | 10 + .../AuthenticationBlockAssertionBuilder.java | 46 +- .../moa/id/auth/builder/LoginFormBuilder.java | 11 +- .../auth/builder/StartAuthenticationBuilder.java | 56 ++ .../moa/id/auth/data/AuthenticationSession.java | 16 + .../StartAuthentificationParameterParser.java | 239 ++++++ .../servlet/GenerateIFrameTemplateServlet.java | 178 +++++ .../auth/servlet/StartAuthenticationServlet.java | 173 ++--- .../CreateXMLSignatureResponseValidator.java | 22 + .../id/config/auth/AuthConfigurationProvider.java | 8 +- .../moa/id/entrypoints/DispatcherServlet.java | 23 +- .../moa/id/moduls/AuthenticationManager.java | 183 ++++- .../gv/egovernment/moa/id/moduls/IModulInfo.java | 3 + .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 6 + .../pvp2x/requestHandler/AuthnRequestHandler.java | 4 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 4 +- .../moa/id/protocols/saml1/GetArtifactServlet.java | 4 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 34 + .../moa/id/util/ParamValidatorUtils.java | 46 +- .../resources/properties/id_messages_de.properties | 77 +- .../resources/resources/templates/loginForm.html | 304 ++++++-- .../gv/egovernment/moa/id/commons/db/DBUtils.java | 2 +- .../src/main/resources/hibernate.cfg.xml | 8 +- 46 files changed, 2554 insertions(+), 406 deletions(-) create mode 100644 id/server/auth/src/main/webapp/css/2.0/stammzahl.css create mode 100644 id/server/auth/src/main/webapp/css/2.0/stylesinput.css create mode 100644 id/server/auth/src/main/webapp/css/2.0/stylesnew.css create mode 100644 id/server/auth/src/main/webapp/img/2.0/bg_footer.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/bg_header.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/bku_local.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/bku_online.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/dsk.ico create mode 100644 id/server/auth/src/main/webapp/img/2.0/logo.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png create mode 100644 id/server/auth/src/main/webapp/img/2.0/std_handy.gif create mode 100644 id/server/auth/src/main/webapp/img/2.0/std_karte.gif create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java (limited to 'id') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index f2235b91f..68fb1c6c6 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -9,6 +9,12 @@ Select Bürgerkartenartenumgebung at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet + + GenerateIframeTemplate + GenerateIframeTemplate + Generate BKU Request template + at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet + StartAuthentication StartAuthentication @@ -130,9 +136,13 @@ /SelectBKU + GenerateIframeTemplate + /GenerateIframeTemplate + GenerateIframeTemplate + VerifyIdentityLink /VerifyIdentityLink diff --git a/id/server/auth/src/main/webapp/css/2.0/stammzahl.css b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css new file mode 100644 index 000000000..99c9ab425 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css @@ -0,0 +1,192 @@ +#header { + position: relative; + top: -5px; padding-top : 114px; +/* background: url("../../img/2.0/logo_dsk_szr_header.png") right top no-repeat; */ + text-align: right; + padding-top: 114px; +} + +html { + height: 100%; +} + +body { + margin: 0px; background : url(../../../img/2.0/bg_header.png) 0 0 repeat-x; + padding-bottom: 2em; + font-weight: inherit; + font-style: inherit; + font-size: 100%; + font-family: Verdana, Arial, Helvetica, sans-serif; + line-height: 1; + min-height: 101%; + background: url(../../img/2.0/bg_header.png) 0 0 repeat-x; +} + +ol,ul { + list-style-type: none; + list-style-image: none; + list-style-position: outside; +} + +#pagebase { + background: url(../../img/2.0/bg_footer.png) repeat-x left bottom; + width: 100%; +} + +#page { + min-width: 800px; + max-width: 1000px; + margin: 0 auto 5px auto; + padding: 0 5px; +} + +#homelink { + position: absolute; + top: 20px; + left: 0; +} + +#homelink a:hover,#homelink a:focus,#homelink a:active { + border-bottom: 3px solid #c51713; +} + +#mainnav { + margin-top: 0px; + margin-bottom: 0px; + margin-left: 95px; + background: url(../../img/2.0/bg_mainnav.png) right bottom repeat-x; + float: right; + padding-top: 0pt; + padding-right: 0pt; + padding-bottom: 0pt; + padding-left: 0pt; +} + +#mainnav li { + float: left; + /*font-size: 0.9em;*/ + background: #fff url(../../img/2.0/bg_mainnav_right.png) right top no-repeat; + margin-left: 2px; +} + +#mainnav li.first-item { + margin-left: 0; +} + +#mainnav li a { + display: block; + font-weight: bold; + padding: 7px 0.75em; + text-decoration: none; + color: Black; + background: url(../../img/2.0/bg_mainnav_left.png) left top no-repeat; +} + +#mainnav li a.current { + color: #c51713; +} + +#mainnav li a:hover,#mainnav li a:focus,#mainnav li a:active { + color: #c51713; + text-decoration: underline; +} + +#footer { + position: relative; + clear: both; + display: block; + height: 48px; +} + +#footer ul { + float: right; + margin-top: 0.5em; + background: url(../../img/2.0/bg_bottom_line.png) 0 3px repeat-x; +} + +#footer li { + float: left; + font-size: 0.8em; + display: inline; +} + +#footer li a { + display: block; + padding: 0 1em; + margin-top: 3px; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#footer li a.last-item { + border-right: none; + padding-right: 0; +} + +#footer li a:hover,#footer li a:focus,#footer li a:active { + text-decoration: underline; +} + +#servicenav { + margin: 0px; + padding: 0px; position : absolute; + top: 0; + left: 0; + width: 100%; + text-align: right; + margin-top: 3px; + position: absolute; +} + +#servicenav li { + display: inline; + font-size: 0.8em; + line-height: 1.2; +} + +#servicenav li a,#servicenav li span.current { + padding: 0 0.5em; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#servicenav li a:hover,#servicenav li a:focus,#servicenav li a:active { + text-decoration: underline; +} + +#servicenav li span.current { + color: #c51713; + font-weight: bold; +} + +#servicenav li a.last-item { + border-right: none; + padding-right: 2px; +} + +.hidden { + position: absolute; + top: -1000em; + left: -1000em; + height: 1px; + width: 1px; + overflow: hidden; +} + +.clearfix:after { + content: "."; + display: block; + height: 0; + clear: both; + visibility: hidden; +} + +.clearfix { + display: inline-block; +} + +.clearfix { + display: block; +} \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesinput.css b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css new file mode 100644 index 000000000..000888b7b --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css @@ -0,0 +1,251 @@ +@CHARSET "utf-8"; + +/* ************************************* */ +/* * generated css (see input.css.jsp) * */ +/* ************************************* */ +/* **** classes for value **** */ + +fieldset label.value, textarea.value, input.value { + width: 150px !important; +} + +textarea.value { + height: 50px !important; +} + +select.value { + /* Firefox ... */ + width: 154px !important; + /* IE5 - IE6 */ + _width: 156px !important; + /* IE7 */ + !width: 156px !important; +} +/* **** classes for xs **** */ + +fieldset label.xs, textarea.xs, input.xs { + width: 25px !important; +} + +select.xs { + /* Firefox ... */ + width: 29px !important; + /* IE5 - IE6 */ + _width: 31px !important; + /* IE7 */ + !width: 31px !important; +} + +/* **** classes for s **** */ + +fieldset label.s, textarea.s, input.s { + width: 50px !important; +} + +select.s { + /* Firefox ... */ + width: 54px !important; + /* IE5 - IE6 */ + _width: 56px !important; + /* IE7 */ + !width: 56px !important; +} + +/* **** classes for m **** */ + +fieldset label.m, textarea.m, input.m { + width: 75px !important; +} + +select.m { + /* Firefox ... */ + width: 79px !important; + /* IE5 - IE6 */ + _width: 81px !important; + /* IE7 */ + !width: 81px !important; +} + +/* **** classes for l **** */ + +fieldset label.l, textarea.l, input.l { + width: 100px !important; +} + +select.l { + /* Firefox ... */ + width: 104px !important; + /* IE5 - IE6 */ + _width: 106px !important; + /* IE7 */ + !width: 106px !important; +} + +/* **** classes for xl **** */ + +fieldset label.xl, textarea.xl, input.xl { + width: 200px !important; +} + +select.xl { + /* Firefox ... */ + width: 204px !important; + /* IE5 - IE6 */ + _width: 206px !important; + /* IE7 */ + !width: 206px !important; +} + +/* **** classes for xll **** */ + +fieldset label.xll, textarea.xll, input.xll { + width: 250px !important; +} + +select.xll { + /* Firefox ... */ + width: 254px !important; + /* IE5 - IE6 */ + _width: 256px !important; + /* IE7 */ + !width: 256px !important; +} + +/* **** classes for xlll **** */ + +fieldset label.xlll, textarea.xlll, input.xlll { + width: 300px !important; +} + +select.xlll { + /* Firefox ... */ + width: 304px !important; + /* IE5 - IE6 */ + _width: 306px !important; + /* IE7 */ + !width: 306px !important; +} + +/* **** classes for xllll **** */ + +fieldset label.xllll, textarea.xllll, input.xllll { + width: 350px !important; +} + +select.xllll { + /* Firefox ... */ + width: 354px !important; + /* IE5 - IE6 */ + _width: 356px !important; + /* IE7 */ + !width: 356px !important; +} + +/* **** classes for xxl **** */ + +fieldset label.xxl, textarea.xxl, input.xxl { + width: 400px !important; +} + +fieldset input[type=file].xxl { + margin-right: 5px; + width: 250px !important; + !width: 400px !important; + _width: 400px !important; +} + + + +textarea.xxl { + height: 100px !important; +} + +select.xxl { + /* Firefox ... */ + width: 404px !important; + /* IE5 - IE6 */ + _width: 406px !important; + /* IE7 */ + !width: 406px !important; +} + +/* **** classes for xxll **** */ + +fieldset label.xxll, textarea.xxll, input.xxll { + width: 450px !important; +} + +select.xxll { + /* Firefox ... */ + width: 454px !important; + /* IE5 - IE6 */ + _width: 456px !important; + /* IE7 */ + !width: 456px !important; +} + +/* **** classes for xxlll **** */ + +fieldset label.xxlll, textarea.xxlll, input.xxlll { + width: 500px !important; +} + +select.xxlll { + /* Firefox ... */ + width: 504px !important; + /* IE5 - IE6 */ + _width: 506px !important; + /* IE7 */ + !width: 506px !important; +} + +/* **** classes for xxllll **** */ + +fieldset label.xxllll, textarea.xxllll, input.xxllll { + width: 550px !important; +} + +select.xxllll { + /* Firefox ... */ + width: 554px !important; + /* IE5 - IE6 */ + _width: 556px !important; + /* IE7 */ + !width: 556px !important; +} + +/* **** classes for xxxl **** */ + +fieldset label.xxxl, textarea.xxxl, input.xxxl { + width: 600px !important; +} + +textarea.xxxl { + height: 200px !important; +} + +select.xxxl { + /* Firefox ... */ + width: 604px !important; + /* IE5 - IE6 */ + _width: 606px !important; + /* IE7 */ + !width: 606px !important; +} +fieldset label.xxxxl, textarea.xxxxl, input.xxxxl { + width: 700px !important; +} + +textarea.xxxxl { + height: 250px !important; +} + +select.xxxxl { + /* Firefox ... */ + width: 704px !important; + /* IE5 - IE6 */ + _width: 706px !important; + /* IE7 */ + !width: 706px !important; +} + diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesnew.css b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css new file mode 100644 index 000000000..e9c02120f --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css @@ -0,0 +1,830 @@ +@CHARSET "utf-8"; + +/* TODO: check min-width for all styles */ + +/* ********************************** */ +/* Neudefinition von bestehenden Tags */ +/* ********************************** */ + +html { + margin: 0px; + padding: 0px; +} + +body { + margin: 0px; + padding: 0px; + +} + +input, textarea, html, body { + font-family: Arial, Helvetica, sans-serif; + font-size: 10pt; +} + +h1 { + font-weight: bold; + font-size: 14pt; + color: #006464; + margin: 10px 0px 10px 0px; +} + +h2, h3, h4, h5, h6 { + background-color: #CCCCCC; + font-size: 11pt; + padding: 3px; + margin: 3px 2px 4px 2px; +} + + p { + margin: 1px; + padding: 4px 3px 0px 3px; +} + +img { + border: 0px; +} + +fieldset { + border: 0px; + margin: 0px; +} + +a { + color: #D60029; + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +textarea { + overflow: auto; +} + +/* ****************** */ +/* allgemeine Klassen */ +/* ****************** */ + +.pageWidth { + min-width: 982px; /* wegen padding vom body, 950+20px */ + margin: 5px; + /* IE 6 hack */ + _width: 982px; +} + +.info-label{ + padding:6px; + white-space:nowrap; + width:100%; + font-size: 10pt; + font-weight: normal; +} + + + +.box, .overflowedBox, .whiteBox, .debugBox { + padding: 0px 0px; +} + +.box, .overflowedBox, .debugBox { + /*background-color: #EEEEEE;*/ +} + +.box { + padding-bottom: 4px; +} + +/*.whiteBox { + background-color: #FFFFFF; + border: 2px solid #EEEEEE; +}*/ + +.overflowedBox { + overflow: auto; +} + +.marginBottomNegative { + margin-bottom: -10px; + margin-top: 5px; +} + +.redColor { + color: #CC0000; +} + +.emcolor { + color: #006464; +} + +.subheader{ + font-weight: bold; + font-size:14pt; + color: #CC0000; + padding: 0px; + border: none; + background: #FFFFF; + padding: 0px; +} + +.pathnavigation { + border: none; + font-weight: bold; + font-family: Helvetica, sans-serif; + font-size: .9em; + margin-bottom: 10px; + padding: 3px; + cursor: pointer; + margin-right: 5px; +} + +.pathnavigation.selected { + color: #FFFFFF; + background: #006464; +} + +.pathnavigation.deselected { + color: #006464; + background: #FFFFFF; +} + +.upload-remove { + margin: 0px 2px 0px 2px; + width: 75px !important; +/* display: inline !important; + float: none !important;*/ +} + +.upload { + margin-top:2px; + padding:4px 1px 0px 3px; +} + +.repeat-evenindex, tr.repeat-item.repeat-evenindex td { + background-color: #dddddd; +} + +.repeat-minimal { + margin-bottom: 0px; +} + +.repeat-minimal, .repeat-minimal-item { + overflow: auto; +} + +fieldset.box .repeat-minimal-item input, +fieldset.box .repeat-minimal-item select, +fieldset.box .repeat-minimal-item textarea { + !margin-top: 1px; +} + +.repeat-minimal-item { + padding: 2px 0px; + margin: 2px; + _height: 100%; +} + +/* vertical centering ?? */ +/*.repeat-minimal-item span, .repeat-minimal-item a, .repeat-minimal-item input { + display: block; + float: left; + vertical-align: middle; + margin-right: 3px; +}*/ + +.repeat-selector { + width: auto !important; +} + +.full-repeat-box { + overflow: auto; + margin: 10px 0px 10px 0px; +} + +.disabled, .deselected-case { + display: none !important; +} + +.output-spaced { + display: block; +} + +.output{ + padding-top: 6px; + padding-left: 6px; + vertical-align: top; + text-align: left; +} + +fieldset.box span.verylarge{ + width: 650px; +} + +fieldset.box span.selector-item { + margin: 0px 5px; +} + +.groupwide { + width: 900px; +} + +fieldset.box span { + display: block; + float: left; + padding: 0px 3px; + min-height: 14px; + _height: 14px; +} + +fieldset.box span.output { + padding-top: 4px; +} + +dl.ic { + padding: 0px; + margin: 0px; + clear: both; +} + +dl.ic dt { + width: 200px; + font-weight: bold; + float: left; + clear: none; + text-align: right; + padding: 2px 0px 2px 10px; + margin: 0 2px 0 0; +} +dl.ic dd { + padding: 2px 3px 2px 0px; + margin-left: 215px; +} + +fieldset.box div { + padding-top: 0px; + !padding-top: 0px; + _padding-top: 0px; +} + +fieldset.box div span.selector-item { + float: none; + display: inline; +} + +fieldset.box div span.selector-item span, fieldset.box div span.selector-item input { + float: none; + display: inline; + vertical-align: middle; +} + + +/*fieldset.box div span, fieldset.box span span { + display: inline; + float: none; +}*/ + +.group { + background: #EEEEEE; + padding: 2px; + margin: 5px 0px; +} + +.groupwhite { + background: #FFFFFF; + padding: 2px; + margin: 5px 0px; +} + +.repeat-item { + padding: 0px; + margin: 0px; +} + +.repeated-evenindex { + background: #dddddd; + overflow: auto; +} + +div.spacing{ + overflow: hidden; + float: left; + !margin_bottom: 2px; + _height: 100%; +} + + +/* ******************** */ +/* tag specific classes */ +/* ******************** */ + +h2.label { + /*min-width: 954px;*/ + +} + +h3.inputcommit, h4.inputcommit, h5.inputcommit, h6.inputcommit { + margin: 10px 0px 0px -10px; +} + +a.info, span.info { + margin-right: 7px; + padding-bottom: 3px; +} + +div.signaturblock { + overflow: visible; + min-height: 160px; +} + +div.signaturtop { + float: left; + font-size: 9pt; + padding-left: 13px; + padding-top: 13px; + width: 240px; +} + +#amtssignaturtext .bold { + font-weight: bold; +} + +img.signaturlogo { + /*position: absolute;*/ + border: none; + padding-bottom: 3px; + display: block; +} + +br.clearAll { + clear: both; +} + +br.clearLeft { + clear: left; +} + +span.label { + float: left; + margin: 3px 0px 3px 0px; +} + +/* **** Inputs **** */ + +/* doesn't work with IE6 */ +/*input[type=submit].value, input[type=button].value { + width: auto !important; + margin-right: 5px; +} + +input[type=radio], input[type=radio].value { + width: auto !important; +} + +input[type=checkbox], input[type=checkbox].value { + width: auto !important; + float: left; +}*/ + +input.textright { + text-align: right; +} + +input.button, fieldset.box input.button, div input.button, div div input.button{ + width: auto !important; + margin-right: 5px; +} + +input.radio, fieldset.box input.radio { + width: auto !important; + margin: 4px 3px; + !margin: 4px; +} + +fieldset.box input[type=hidden] { + width: 0px; + display: none; +} + +input.checkbox, fieldset.box input.checkbox { + width: auto !important; + float: left; + padding: 2px; +} + +tr.repeat-item td label { + width: auto; +} + +/* **** Fieldsets **** */ + +/* needed to be html4 conform, only used for screen readers */ +fieldset.box legend { + display: none; +} + +fieldset.box { + padding-bottom: 0px; + margin-bottom: 0px; +} + +fieldset.box span.required,fieldset.box span.error,fieldset.box a.info, +span.required, span.error, a.info, span.info { + display: block; + float: left; + width: 10px; + overflow: hidden; + text-align: center; + font-weight: bold; + margin-right: 4px 0px 2px 0px; + height: 14px; + padding: 3px 0px 3px; +} + +fieldset.box a.info , fieldset.box span.error, span.error, a.info, span.info, span.required { + margin-top: 4px; + margin-left: 1px; + margin-right: 1px; +} + +fieldset.box .repeat-minimal-item a.info, +fieldset.box .repeat-minimal-item span.error, +fieldset.box .repeat-minimal-item span.info { + margin-top: 3px; + !margin-top: 3px; + _margin-top: 3px; +} + +/* +fieldset.box span.error, fieldset.box a.info, fieldset.box span.required +fieldset.box input, fieldset.box select, fieldset.box textarea, fieldset.box label { + margin-bottom: 5px; +}*/ + +fieldset.box span.error, span.error { + color: white; + background-color: red; +} + +fieldset.box a.info, a.info { + background-color: #005A00; + color: white; + font-family: serif; + text-decoration: none; + margin: 4px 4px; +} + +fieldset.box label { + display: block; + float: left; + width: 150px; + text-align: right; + padding: 4px 1px 0px 10px; + margin-top: 0px; +} + +fieldset.box label.bold { + font-weight: bold; +} + +fieldset.box br { + line-height: 1px; + !line-height: 2px; /* IE7 */ +} + +fieldset.box label.labelnone { + width: 0px; +} + +fieldset.box label.labelverysmall { + width: 50px; +} + +fieldset.box label.labelabitsmall { + width: 80px; +} + +fieldset.box label.labelsmaller { + width: 100px; +} + +fieldset.box label.labelsmall { + width: 120px; +} + +fieldset.box label.labelsm { + width: 130px; +} + +fieldset.box label.labelmedium { + width: 150px; +} + +fieldset.box label.labelml { + width: 170px; +} + +fieldset.box label.labelwide { + width: 190px; /* wegen tourismus-formular-seitenbreite */ +} + +fieldset.box label.labellarge { + width: 230px; +} + +fieldset.box label.labellarger { + width: 250px; +} + +fieldset.box label.labelverylarge, +div.box dl.labelverylarge dt { + width: 650px; +} + +fieldset.box input,fieldset.box output, fieldset.box select, fieldset.box textarea { + float: left; + display: block; + width: 150px; + margin: 3px 4px 3px 0px; +} + +fieldset.box br { + clear: left; + margin: 1px; +} + +/*fieldset.box label.s { + display: block; + float: left; + width: 100px !important; + text-align: right; + padding-right: 5px; + margin-top: 2px; +} + +fieldset.box label.xxxl { + width: 300px; +}*/ + +/* **** dl Liste **** */ + +dl.tabbed, dl.info, dl.signatur { + margin: 3px 0px; + min-height: 160px; +} + +dl.tabbed dt, dl.info dt, dl.signatur dt { + font-weight: bold; + width: 250px; + float: left; + text-align: right; + padding: 1px 5px; + clear: left; +} + +dl.signatur dt { + width: 170px; + clear: none; +} + +dl.tabbed dt.labelverylarge { + width: 650px; +} + +dl.info dt { + /* doesn't work with IE, caused by the float: left */ + /*display: list-item;*/ + width: 150px; + text-align: left; + margin-left: 25px; + padding: 0px 5px 5px 5px; +} + +dl.tabbed dd, dl.info dd, dl.signatur dd { + margin-left: 160px; + padding: 1px 3px 2px 0px; +} + +dl.signatur dd { + margin-left: 440px; +} + +dl.info dd { + padding: 0px 5px 5px 5px; +} + +/* ******** */ +/* Regionen */ +/* ******** */ + +/* **** Logo **** */ +#szrlogo { + float:right; + top: 10px; + right: 10px; + text-align: right; +} + +#logotext { + white-space: nowrap; + font-weight: bold; + font-size: 14pt; + color: #006464; +} + +/* **** Empfängerinfo **** */ + +#empfaengerinfo { + + float: left; +} + +#empfaengerinfo span#empfaenger { + font-weight: bold; + display: block; +} + +/* **** Hinweisbox **** */ +#hinweisbox { + background-color: #EEEEEE; + overflow: auto; + _padding-bottom: 40px; +} + +#hinweisbox #bittebeachten { + font-size: 16px; + font-weight: bold; + background-color: #d60028; + padding: 10px; + float: left; + color: white; + margin-right: 5px; +} + +#hinweisbox .spaced { + margin: 12px 50px 0px 0px; + float: left; +} + +#hinweisbox .spaced .error, #hinweisbox .spaced .info { + margin-right: 7px; + margin-top: -2px; + padding-top: 2px; +} + +#hinweisbox .spaced .info{ + background-color: #005A00; + color: white; + font-family: serif; +} + +/* **** Fehlermeldungen **** */ + +#fehlermeldungen h2 { + border-width: 0px; + background-color: #FFFFFF; +} + +#fehlermeldungen ul { + padding-left: 15px; +} + +#fehlermeldungen h2, #fehlermeldungen ul li, #fehlermeldungen ul li a{ + color:red; + font-weight: bold; + font-size: 10pt; +} + +#erfolgsmeldungen h2, #erfolgsmeldungen ul li, #erfolgsmeldungen ul li a{ + color:#009900; + font-weight: bold; + font-size: 10pt; +} + +/* **** Fehlermeldungen Transaction **** */ + +#fehlertransaction span { + color:red; + font-weight: bold; + font-size: 10pt; +} + +/* **** Navigationsleiste **** */ + +#submitbar { + clear: both; + background-color: #EEEEEE; + margin-top: 5px; + padding: 5px 10px; + overflow: auto; +} + +#submitbar #leftbuttons { + float: left; +} + +#submitbar #centerbuttons { + text-align: center; +} + +#submitbar #rightbuttons { + float: right; +} + +#submitbar #kontrollseite { + float: right; +} + +/* **** Fußzeile **** */ + +#footerbar { + margin-top: 5px; + background-color: #EEEEEE; + padding: 0px 5px; + overflow: auto; +} + +#footerbar #serverinfo { + float: left; + padding: 15px 0px; +} + +#footerbar #support { + text-align: center; + padding: 15px 0px; +} + +#footerbar #xgovguetesiegel { + float: right; + margin: 5px 0px; +} + +#savecommitdiv input, #formabortdiv input, +#errorabortdiv input, #loadcommitdiv input { + margin-right: 5px; + vertical-align: middle; + text-align: center; +} + +#formabortdiv h3, #savecommitdiv h3,#savecommitserverdiv h3, #loadcommitdiv h3 { + border: none; + font-size: 10pt; + background-color: transparent; + margin: 6px 0px 0px -2px; +} + +#formabortdiv ul, #savecommitdiv ul, #loadcommitdiv ul { + margin-top: 3px; +} + +#formabortdiv p, #savecommitdiv p, #loadcommitdiv p { + margin: 0 0 6px 6px; +} + +#statusimage { + width: 148px; + height: 57px; + /* special IE style propertie */ + behavior: url('bku-handling/css/pngbehavior.htc'); +} + +#validateallheader { + border-spacing: 2px; + border: thin solid #CCCCCC; +} + +#validateallsubheader { + background-color: transparent; + font-size: 10pt; + margin: 0px 0px 0px -10px; + padding: 0px; +} + + +/* bei repeats radio ausrücken */ +.repeat-item .radio { + float: left; + margin-top: 11px; +} + +.repeat-item .group { + margin-left: 20px; +} + +.repeat-without-radio .group { + margin-left: 0px; +} + +.area { + background-color: #EEEEEE; + padding-bottom: 5px; +} + +.area>p { + margin-left: 10px; + margin-bottom: 10px; +} + +#numberSearch { + margin-bottom: 15px; +} \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css index 3dd974813..41f5bb2aa 100644 --- a/id/server/auth/src/main/webapp/css/index.css +++ b/id/server/auth/src/main/webapp/css/index.css @@ -76,13 +76,16 @@ p#skiplinks a:active { #main { clear:both; position:relative; + margin-left: 50%; } /* left */ #leftcontent { float:left; - width:220px; + width:220px; + margin-bottom: 25px; + } h2#tabheader, h2#contentheader { @@ -92,6 +95,12 @@ h2#tabheader, h2#contentheader { border-bottom:2px solid #fff; } + +#stork { + margin-bottom: 10px; + margin-top: 5px; +} + #bkulogin { overflow:hidden; width:220px; @@ -251,7 +260,24 @@ p { /* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */ #leftcontent a, #content a { - color: blue; + color: white; +} + +.OA_header { + background-color: white; + font-size: 20pt; + margin-bottom: 25px; + margin-left: 25%; + margin-top: 25px; +} + +.main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + } @media print { diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_footer.png b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png new file mode 100644 index 000000000..d8a430e0f Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_header.png b/id/server/auth/src/main/webapp/img/2.0/bg_header.png new file mode 100644 index 000000000..190cf97ea Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bg_header.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png new file mode 100644 index 000000000..efaf93582 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png new file mode 100644 index 000000000..1dd281826 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png new file mode 100644 index 000000000..f598be094 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_local.gif b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif new file mode 100644 index 000000000..9bbf631c0 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif new file mode 100644 index 000000000..97c8cee35 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_online.gif b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif new file mode 100644 index 000000000..03a54765a Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png new file mode 100644 index 000000000..562fbc66f Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif new file mode 100644 index 000000000..c93a6ea06 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/dsk.ico b/id/server/auth/src/main/webapp/img/2.0/dsk.ico new file mode 100644 index 000000000..df7e8d31e Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/dsk.ico differ diff --git a/id/server/auth/src/main/webapp/img/2.0/logo.png b/id/server/auth/src/main/webapp/img/2.0/logo.png new file mode 100644 index 000000000..dfb4351d0 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/logo.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif new file mode 100644 index 000000000..ff83cd82b Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png new file mode 100644 index 000000000..9b3e7055a Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png new file mode 100644 index 000000000..b4f8be6d8 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png differ diff --git a/id/server/auth/src/main/webapp/img/2.0/std_handy.gif b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif new file mode 100644 index 000000000..088ec0957 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif differ diff --git a/id/server/auth/src/main/webapp/img/2.0/std_karte.gif b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif new file mode 100644 index 000000000..1ec7afc2e Binary files /dev/null and b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif differ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 911920e83..9abbf2970 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -389,95 +389,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID, String modul, String action) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; - } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; - } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - session.setModul(modul); - session.setAction(action); - if (sourceID != null) - session.setSourceID(sourceID); - } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); + + //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); @@ -485,22 +421,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam .getVerifyInfoboxParameters(); @@ -509,21 +430,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPushInfobox(pushInfobox); } - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -2311,6 +2228,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { + //TODO: CHECK if STORK parts works correct!!!! + if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); @@ -2784,46 +2703,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID, - String modul, - String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - moaSession.setAction(action); - moaSession.setModul(modul); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2838,7 +2732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - Logger.debug("QAALevel: " + qaaLevel.getValue()); + //Logger.debug("QAALevel: " + qaaLevel.getValue()); RequestedAttributes requestedAttributes = null; @@ -2850,7 +2744,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List countrySpecificReqAttributeList = new ArrayList(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2888,13 +2782,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2944,9 +2838,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 01c875533..47bf61db4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -118,5 +121,12 @@ public interface MOAIDAuthConstants { public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; /** the number of the certifcate extension for party organ representatives */ public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..897933ea0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " {6}" + NL + " " + NL + "{7}" + + "{8}" + " " + NL + ""; @@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " " + NL + " " + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " " + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " " + NL + @@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + //TODO: load special text from OAconfig + String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + //String text = ""; + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5191a2f81..83b7ae592 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { + private static String SERVLET = "GenerateIframeTemplate"; + private static String AUTH_URL = "#AUTH_URL#"; - private static String OA_URL = "#OA_URL#"; - private static String RED_URL = "#RED_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; private static String template; @@ -29,7 +30,7 @@ public class LoginFormBuilder { StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); template = writer.toString(); - template = template.replace(AUTH_URL, "StartBKUAuthentication"); + template = template.replace(AUTH_URL, SERVLET); } catch (Exception e) { Logger.error("Failed to read template", e); } @@ -38,11 +39,10 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String oaURL, String modul, String action) { + public static String buildLoginForm(String modul, String action, String oaname) { String value = getTemplate(); if(value != null) { - value = value.replace(OA_URL, oaURL); if(modul == null) { modul = SAML1Protocol.PATH; } @@ -51,6 +51,7 @@ public class LoginFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e023acafa..22a3337e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -113,6 +113,12 @@ public class AuthenticationSession implements Serializable { */ private boolean useMandate; + + /** + * STORK + */ + private String ccc; + /** * Reference value for mandate */ @@ -1025,6 +1031,16 @@ public class AuthenticationSession implements Serializable { public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } + + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } + + // public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { // return XMLCreateSignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..1d3c82aaf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String sourceID, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + + // escape parameter strings + //TODO: use URLEncoder.encode!! + target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moasession.setTarget(target); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider + .getInstance() + .getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (sourceID != null) + moasession.setSourceID(sourceID); + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } + moasession.setTemplateURL(templateURL); + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + + //check Module and Action + HttpSession httpSession = req.getSession(); + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..29d407dc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + String moasessionid = null; + AuthenticationSession moasession = null; + + try { + moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + String sourceID = ""; //TODO: load from Config + String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); + String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; + + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + sourceID, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + + } + + private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List bkuURIs = Arrays.asList( + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); + +// List bkuURIs = Arrays.asList( +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, + "auth.12"); + } + + private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List bkuURIs = Arrays.asList( + "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", + "https://127.0.0.1:3496/https-security-layer-request"); + +// List bkuURIs = Arrays.asList( +// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, + "auth.12"); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index e15d8f908..16ff65477 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); + Logger.debug("GET StartAuthentication"); + + String sessionID = req.getParameter(PARAM_SESSIONID); + sessionID = (String) req.getAttribute(PARAM_SESSIONID); + + + + try { + + if (StringUtils.isEmpty(sessionID)) + throw new MOAIDException("auth.18", null); + + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + setNoCachingHeadersInHttpRespone(req, resp); - HttpSession httpSession = req.getSession(); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - IRequest request = RequestStorage.getPendingRequest(httpSession); - - String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); - String action = request.requestedAction();//req.getParameter(PARAM_ACTION); - request.getOAURL(); - - // escape parameter strings - //TODO: use URLEncoder.encode!! - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - modul = StringEscapeUtils.escapeHtml(modul); - action = StringEscapeUtils.escapeHtml(action); - - oaURL = request.getOAURL(); - target = request.getTarget(); - - setNoCachingHeadersInHttpRespone(req, resp); - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - if(modul == null) { - modul = SAML1Protocol.PATH; - } - - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } - - Logger.info("Start Authentication Module: " + modul + " Action: " + action); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action); + //TODO: Load MOASession + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + //TODO: insert sessionID to STORK!! + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + } + Logger.debug("Finished GET StartAuthentication"); - } + } + catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + + } catch (MOADatabaseException e) { + handleError(null, e, req, resp); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8d2f95cce..93bc0d214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + //TODO:load Text from OA config + String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + //String text = ""; + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d1e3d809c..0771fb86c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -43,8 +43,10 @@ import test.tlenz.simpletest; import eu.stork.vidp.messages.common.STORKBootstrap; import at.gv.egovernment.moa.id.commons.db.HibernateUtil; -import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -305,6 +307,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Configuration hibernateConfig = new Configuration(); hibernateConfig.addAnnotatedClass(AssertionStore.class); hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); + hibernateConfig.addAnnotatedClass(OASessionStore.class); + hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class); hibernateConfig.addProperties(props); HibernateUtil.initHibernate(hibernateConfig, props); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c993290e9..5342cd0d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -188,7 +188,8 @@ public class DispatcherServlet extends AuthServlet { // check if pending request is same protocol and action if (!protocolRequest.requestedModule().equals(module) || !protocolRequest.requestedAction() - .equals(action)) { + .equals(action) + || !info.validate(req, resp, protocolRequest)) { resp.sendError(HttpServletResponse.SC_CONFLICT); Logger.error("Different Request is pending in this session!"); return; @@ -210,7 +211,9 @@ public class DispatcherServlet extends AuthServlet { } RequestStorage.setPendingRequest(httpSession, protocolRequest); - + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -219,30 +222,30 @@ public class DispatcherServlet extends AuthServlet { } if (protocolRequest.forceAuth()) { - if (!AuthenticationManager.tryPerformAuthentication( + if (!authmanager.tryPerformAuthentication( req, resp)) { - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Is authenticated .. proceed } else { // Start authentication! - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } @@ -253,7 +256,7 @@ public class DispatcherServlet extends AuthServlet { RequestStorage.removePendingRequest(httpSession); - AuthenticationManager.logout(req, resp); + authmanager.logout(req, resp); } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 21e431bf8..5e792ab78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,28 +1,57 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends AuthServlet { + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static AuthenticationSession getAuthenticationSession( + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + + public AuthenticationSession getAuthenticationSession( HttpSession session) { String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); @@ -44,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, + public boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { Logger.info("Checking authentication"); @@ -84,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean tryPerformAuthentication(HttpServletRequest request, + public boolean tryPerformAuthentication(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); @@ -116,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - public static void logout(HttpServletRequest request, + public void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -146,8 +175,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { authSession.setAuthenticated(false); HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - //TODO: delete session from Database!!! - //AuthenticationSessionStoreage.destroySession(moaSessionID); + AuthenticationSessionStoreage.destroySession(moaSessionID); session.invalidate(); @@ -158,10 +186,9 @@ public class AuthenticationManager implements MOAIDAuthConstants { } - public static void doAuthentication(HttpServletRequest request, + public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) @@ -173,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants { "auth.12"); } - // TODO: Build authentication form + setNoCachingHeadersInHttpRespone(request, response); + + //TODO:move this to config!!! + final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); + + //is legacy allowed + boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); - /* - * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), - * modul, protocol); - * - * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = - * new PrintWriter(response.getOutputStream()); out.print(loginForm); - * out.flush(); return; - */ + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + + if (legacyallowed && legacyparamavail) { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //parse request parameter into MOASession + try{ + StartAuthentificationParameterParser.parse(request, response, moasession); + + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, request, response); + } + + catch (MOAIDException ex) { + handleError(null, ex, request, response); + } + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + //TODO: Find a better place for this!! + request.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + + else { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); - session.getServletContext().getNamedDispatcher("StartAuthentication") - .forward(request, response); + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } } + + private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { + + //String sessionID = request.getParameter(PARAM_SESSIONID); + String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); + AuthenticationSession moasession; + + try { + moasession = AuthenticationSessionStoreage.getSession(sessionID); + Logger.info("Found existing MOASession with sessionID=" + sessionID + + ". This session is used for reauthentification."); + + } catch (MOADatabaseException e) { + try { + moasession = AuthenticationSessionStoreage.createSession(); + Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession are not created."); + throw new MOAIDException("init.04", new Object[] { + "0"}); + } + } + + return moasession; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 5a2bb1efc..679ccb000 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -22,4 +22,7 @@ public interface IModulInfo { public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable; + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 5ea596eeb..11710904b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -231,4 +231,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + // TODO implement validation! + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 964c19208..f05866f70 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -70,8 +70,8 @@ public class AuthnRequestHandler implements IRequestHandler { spSSODescriptor.getAttributeConsumingServices().iterator().next(); - AuthenticationSession authSession = - AuthenticationManager.getAuthenticationSession(req.getSession()); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5649e5260..de87ebc50 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -26,8 +26,8 @@ public class GetArtifactAction implements IAction { HttpServletResponse httpResp) { HttpSession httpSession = httpReq.getSession(); - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); String oaURL = (String) httpReq.getAttribute(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 47050bf28..7f7d82a20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -39,8 +39,8 @@ public class GetArtifactServlet extends AuthServlet { throws ServletException, IOException { HttpSession httpSession = req.getSession(); - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); String oaURL = (String) req.getAttribute(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 678d5f961..610c61343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -69,6 +69,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { oaURL = StringEscapeUtils.escapeHtml(oaURL); String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); @@ -95,4 +103,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + //TODO: funktioniert so nicht!!! + +// String oaURL = (String) request.getParameter(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String target = (String) request.getParameter(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// //the target parameter is used to define the OA in SAML1 standard +// if (target.startsWith("http")) { +// oaURL = target; +// target = null; +// } +// +// if (oaURL != null) { +// if (oaURL.equals(pending.getOAURL())) +// return true; +// else +// return false; +// } + + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..6c8365e67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.InputSource; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils { +public class ParamValidatorUtils implements MOAIDAuthConstants{ /** * Checks if the given target is valid @@ -212,10 +214,12 @@ public class ParamValidatorUtils { return false; } } - - } - else { + else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + Logger.debug("Parameter bkuURI from configuration is used."); + return true; + + } else { Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https"); return false; } @@ -467,7 +471,39 @@ public class ParamValidatorUtils { return false; } - } + } + + public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { + + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + + // check parameter + try { + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + } catch (WrongParametersException e) { + return false; + } + + if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + return false; + else + return true; + } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 75f35cb70..d9c55c5db 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -8,16 +8,16 @@ # status messages included in of GetAuthenticationDataService 1200=Anfrage erfolgreich beantwortet -1201=Fehlerhaftes Requestformat: mehr als 1 Request �bergeben -1202=Fehlerhaftes Requestformat: kein SAML-Artifakt �bergeben -1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt �bergeben +1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben +1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben +1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben 1204=Fehlerhaftes Requestformat 1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1} 1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0}) -1207=Zeit�berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0}) +1207=Zeit?berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0}) 1299=Interner Server-Fehler -auth.00=Anmeldung an dieser Applikation wird nicht unterst�tzt (URL={0}) +auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0}) auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0}) auth.02=MOASessionID ist unbekannt (MOASessionID={0}) auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1} @@ -25,20 +25,23 @@ auth.04=Fehler beim Auslesen der Resource "{0}": {1} auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}" auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0}) auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
Hinweis: Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten. -auth.08=In der B�rgerkartenumgebung ist ein Fehler aufgetreten:
Fehlercode {0}: {1} -auth.09=Zur Auswahlseite der B�rgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. :
HTTP-Statuscode {1} +auth.08=In der B?rgerkartenumgebung ist ein Fehler aufgetreten\:
Fehlercode {0}\: {1} +auth.09=Zur Auswahlseite der B?rgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \:
HTTP-Statuscode {1} auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt -auth.11=Die zentral gespeicherte Auswahlseite f�r B�rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals.
URL "{0}" Interne Fehlermeldung: {1} +auth.11=Die zentral gespeicherte Auswahlseite f?r B?rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals.
URL "{0}" Interne Fehlermeldung\: {1} auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}" auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt. auth.14=Zertifikat konnte nicht ausgelesen werden. auth.15=Fehler bei Anfrage an Vollmachten Service. auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt. +auth.18=Keine MOASessionID vorhanden init.00=MOA ID Authentisierung wurde erfolgreich gestartet -init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist m�glicherweise nicht verf�gbar +init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar init.02=Fehler beim Starten des Service MOA ID Authentisierung +init.04=Fehler beim Datenbankzugriff mit der SessionID {0} + config.00=MOA ID Konfiguration erfolgreich geladen: {0} config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt @@ -62,11 +65,11 @@ config.17=Fehler beim initialisieren von Hibernate parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} parser.02=Schwerer Fehler beim Parsen: {0} -parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl�ssels: {0} +parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl?ssels\: {0} parser.04=Fehler beim Serialisieren: {0} parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden. -parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollst�ndig ({1} im {2} fehlt) -parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth�lt einen Schl�ssel ohne zugeh�rigen Wert ("Key"-Element statt "Pair"-Element). +parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt) +parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enth?lt einen Schl?ssel ohne zugeh?rigen Wert ("Key"-Element statt "Pair"-Element). builder.00=Fehler beim Aufbau der Struktur "{0}": {1} builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt @@ -87,7 +90,7 @@ proxy.00=MOA ID Proxy wurde erfolgreich gestartet proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} proxy.02=Unbekannter URL {0}.
Es wurde keine �bereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. proxy.04=URL {0} : {1} -proxy.05=Fehler beim Aufbauen der SSLSocketFactory f�r {0} : {1} +proxy.05=Fehler beim Aufbauen der SSLSocketFactory f?r {0} \: {1} proxy.06=Fehler beim Starten des Service MOA ID Proxy proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an. proxy.08=Kein URL-Mapping in der HttpSession verf�gbar (URL {0}) @@ -95,8 +98,8 @@ proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0} proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy) proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten. proxy.12=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich.
Prüfen Sie bitte ihre Berechtigung. -proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr�fix: {0} -proxy.14=

Folgende Ursachen k�nnen zu dem Fehler gef�hrt haben:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr�nden bei l�ngerer Inaktivit�t beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0} +proxy.14=

Folgende Ursachen k?nnen zu dem Fehler gef?hrt haben\:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr?nden bei l?ngerer Inaktivit?t beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
proxy.15=Auf die gew�nschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung. proxy.16=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.
Prüfen Sie bitte ihre Berechtigung. @@ -104,7 +107,7 @@ validator.00=Kein SAML:Assertion Objekt gefunden {0} validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0} validator.02=Das verwendete Schl�sselformat eines �ffentlichen Schl�ssels ist unbekannt {0} validator.03=Der Namespace eines �ffentlichen Schl�ssels ist ung�ltig {0} -validator.04=Es wurde ein SAML:Attribut ohne �ffentlichen Schl�ssel gefunden {0} +validator.04=Es wurde ein SAML\:Attribut ohne ?ffentlichen Schl?ssel gefunden {0} validator.05=Es wurde {0} keine DSIG:Signature gefunden validator.06=Die Signatur ist ung�ltig @@ -144,33 +147,35 @@ validator.32="Issuer" im AUTH-Block nicht vorhanden. validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") �berein. validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) �berein. validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ung�ltig. -validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver�ndert: {0} statt der erwarteten {1} -validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver�ndert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position -validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung�ltig: "{3}" anstelle von "{4}" -validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver�ndert: {0} anstelle von {1}. M�glicherweise wurde Ihre B�rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B�rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung. - - -validator.40=�berpr�fung der {0}-Infobox fehlgeschlagen: {1} -validator.41=�berpr�fung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur �berpr�fung der {0}-Infobox vorhanden. -validator.42=�berpr�fung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden. -validator.43=�berpr�fung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse f�r die {0}-Infobox konnte nicht erfolgreich geparst werden. -validator.44=�berpr�fung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Pr�fapplikation ist ein Fehler aufgetreten. -validator.45=�berpr�fung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {2} ist {3}. -validator.46=�berpr�fung der {0}-Infobox fehlgeschlagen: Der Wert des von der Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {1} ist ung�ltig. -validator.47=�berpr�fung der {0}-Infobox fehlgeschlagen: Das von der Pr�fapplikation zur�ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden. -validator.48={0}-Infobox wurde nicht von der BKU �bermittelt: F�r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox. +validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver?ndert\: {0} statt der erwarteten {1} +validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver?ndert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position +validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung?ltig\: "{3}" anstelle von "{4}" +validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver?ndert\: {0} anstelle von {1}. M?glicherweise wurde Ihre B?rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B?rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung. + + +validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1} +validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden. +validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden. +validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden. +validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten. +validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}. +validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig. +validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden. +validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox. validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten. validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein. -validator.60=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden. -validator.61=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten f�r berufliche Parteienvertreter nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden. -validator.62=Fehler in der �bermittlung: keine prim�re Vollmacht �bergeben. +validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden. +validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden. +validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben. validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten. validator.64=Fehler beim Austausch von Vollmachtsdaten validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden. -validator.66=�berpr�fung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert. +validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert. + +validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein. ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen @@ -179,7 +184,7 @@ stork.01=STORK SAML AuthnRequest nicht g�ltig stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0} stork.04=STORK SAML Response konnte nicht decodiert werden stork.05=STORK SAML Response Validierung fehlgeschlagen -stork.06=STORK SAML Response enth�lt eine Fehlermeldung: {0} +stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0} stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response stork.08=STORK SAML Assertion Validierung fehlgeschlagen stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html index 576683dc7..688732c15 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html @@ -1,59 +1,267 @@ + + + + + + + + + -
-
-
- - - - - - -
-
- Login mit Karte +
+ +
+
+ + + + +
+ +
+
+
+ +

Anmeldung an: #OAName#

+ +
+
+

+ Login mit Bürgerkarte +

+
+ +
+ + + + + + +
i
+
+ +
+ +
+ +
+ +
+ + + +
+
+

+ Home Country Selection +

+
+

+ + + i +

+
+
+ + + +
- -
-
-
- Login mit Handy
-
- +
+
+ +
+ + + +
-
- - - - - i -
- \ No newline at end of file + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java index 1111618d6..d60c5ef45 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java @@ -5,7 +5,7 @@ import java.util.List; import org.hibernate.Query; import org.hibernate.Session; -import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml index 707d5cc61..4841481b6 100644 --- a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml +++ b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml @@ -5,8 +5,10 @@ - - - + + + + + \ No newline at end of file -- cgit v1.2.3