From ed19c3b21b338e05efae1067216a5bbb7d60efe4 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 16:09:46 +0100 Subject: changing chars to reflect utf8 --- .../clients/api/moa-spss-handbook-apiClient.iml | 51 ++++++++++++++++++++++ .../handbook/clients/moa-spss-handbook-clients.iml | 13 ++++++ .../moa-spss-handbook-referencedData.iml | 25 +++++++++++ .../moa-spss-handbook-webserviceClient.iml | 51 ++++++++++++++++++++++ 4 files changed, 140 insertions(+) create mode 100644 spss/handbook/clients/api/moa-spss-handbook-apiClient.iml create mode 100644 spss/handbook/clients/moa-spss-handbook-clients.iml create mode 100644 spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml create mode 100644 spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml (limited to 'spss/handbook/clients') diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml new file mode 100644 index 000000000..a1234e810 --- /dev/null +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml new file mode 100644 index 000000000..c418d6693 --- /dev/null +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml new file mode 100644 index 000000000..3b8b05541 --- /dev/null +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml new file mode 100644 index 000000000..a1234e810 --- /dev/null +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 65fb688c9323696fcc12e1c049a2b6a75d6ff1e5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Feb 2014 17:25:09 +0100 Subject: merging with other code --- id/ConfigWebTool/ConfigurationInterface.iml | 38 +++++++++-- id/server/auth/moa-id-auth.iml | 73 ++++++++++++++-------- id/server/idserverlib/moa-id-lib.iml | 33 ++++++++-- id/server/idserverlib/pom.xml | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 1 + .../moa/id/config/stork/STORKConfig.java | 13 +++- id/server/moa-id-commons/moa-id-commons.iml | 9 +-- id/server/proxy/moa-id-proxy.iml | 73 ++++++++++++++-------- .../clients/api/moa-spss-handbook-apiClient.iml | 44 ++----------- .../handbook/clients/moa-spss-handbook-clients.iml | 2 +- .../moa-spss-handbook-referencedData.iml | 2 +- .../moa-spss-handbook-webserviceClient.iml | 44 ++----------- spss/handbook/moa-spss-handbook.iml | 2 +- spss/server/moa-spss.iml | 8 +-- spss/server/serverlib/moa-spss-lib.iml | 3 +- spss/server/serverws/moa-spss-ws.iml | 2 +- spss/server/tools/moa-spss-tools.iml | 2 +- 17 files changed, 188 insertions(+), 163 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 18dc5586e..9c351185e 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -103,7 +103,7 @@ - + @@ -138,16 +138,44 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index fe65bde29..d0aa970fc 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -25,12 +25,54 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + @@ -59,16 +101,12 @@ - - - - @@ -84,12 +122,6 @@ - - - - - - @@ -129,28 +161,15 @@ - - - - - - - - - - - - - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index be1804f70..e79bae817 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -14,7 +14,7 @@ - + @@ -114,11 +114,14 @@ - + - - + + + + + @@ -126,12 +129,30 @@ + - + + + + + + + + + + + + + + + + + + + - diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 4528acfec..9896690f5 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -56,7 +56,7 @@ eu.stork Commons - 1.1.0 + 1.2.0 eu.stork diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index b356c6f35..41be2c7e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet { //TODO: found better solution, but QAA Level in response could be not supported yet try { + moasession.setQAALevel(authnResponse.getAssertions().get(0). getAuthnStatements().get(0).getAuthnContext(). getAuthnContextClassRef().getAuthnContextClassRef()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 67638cafd..b340d2449 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,6 +25,7 @@ */ package at.gv.egovernment.moa.id.config.stork; +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -33,10 +34,15 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.xml.sax.SAXException; + +import javax.xml.parsers.ParserConfigurationException; /** * Encapsulates several STORK configuration parameters according MOA configuration @@ -73,7 +79,8 @@ public class STORKConfig { } catch (MalformedURLException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); - } catch (ParserConfigurationException e) { + } + /*catch (ParserConfigurationException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } catch (SAXException e) { @@ -85,7 +92,7 @@ public class STORKConfig { } catch (MessageEncodingException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } + }*/ } SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured @@ -100,6 +107,8 @@ public class STORKConfig { } + } + public SignatureCreationParameter getSignatureCreationParameter() { return new SignatureCreationParameter(props, basedirectory); diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 3dfcfd427..08d15d746 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -26,13 +26,14 @@ - - + + - - + + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 7d6378c87..fb1a16d2e 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -22,12 +22,54 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + @@ -56,16 +98,12 @@ - - - - @@ -81,12 +119,6 @@ - - - - - - @@ -126,28 +158,15 @@ - - - - - - - - - - - - - diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 0d3e3f954..9fb2e9fda 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,51 +1,15 @@ - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index acff675ab..04a6248a2 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index d7e297421..29685104a 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 0d3e3f954..9fb2e9fda 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,51 +1,15 @@ - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index 11d5bfcc8..ce921cbeb 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index d86f7c4dc..4d170c8a3 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,8 +1,8 @@ - - - - + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 0652af183..d36dae117 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -1,5 +1,5 @@ - + @@ -55,7 +55,6 @@ - diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index b90669e54..80378b441 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -1,5 +1,5 @@ - + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index c4d7825ea..40f81fa9a 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,5 +1,5 @@ - + -- cgit v1.2.3 From c3745720650268de1f1b06e2b3dc891122ace9bb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Feb 2014 12:38:45 +0100 Subject: changing some stork parameters; adjusting spss maven config --- id/ConfigWebTool/ConfigurationInterface.iml | 7 ++- id/server/idserverlib/moa-id-lib.iml | 2 +- id/server/idserverlib/pom.xml | 4 +- .../moa/id/auth/AuthenticationServer.java | 2 +- .../id/protocols/stork2/AuthenticationRequest.java | 12 +++-- .../id/protocols/stork2/STORKAuthnRequestDEL.java | 9 ++-- .../moa/id/protocols/stork2/STORKProtocol.java | 31 +++++++++++-- .../clients/api/moa-spss-handbook-apiClient.iml | 52 +++++++++++++++++++-- .../moa-spss-handbook-webserviceClient.iml | 52 +++++++++++++++++++-- spss/server/serverlib/moa-spss-lib.iml | 54 ++++++++++++++++++++-- spss/server/serverlib/pom.xml | 2 +- .../at/gv/egovernment/moa/spss/MOAException.java | 1 + spss/server/serverws/moa-spss-ws.iml | 52 +++++++++++++++++++-- spss/server/tools/moa-spss-tools.iml | 13 ++++-- spss/server/tools/pom.xml | 12 +++-- 15 files changed, 267 insertions(+), 38 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 9c351185e..bb7e047b2 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -74,7 +74,7 @@ - + @@ -116,7 +116,7 @@ - + @@ -183,6 +183,9 @@ + + + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index e79bae817..1c04295d7 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,6 +1,6 @@ - + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 9896690f5..c4d5310bf 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -277,8 +277,8 @@ org.apache.maven.plugins maven-compiler-plugin - 1.6 - 1.6 + 1.5 + 1.5 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 06d5b01bd..4b3995105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1862,7 +1862,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 297c5f366..7e80273ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -5,16 +5,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.api.messages.StartAuthResponse; -import eu.stork.vidp.messages.stork.SpInstitution; -import eu.stork.vidp.messages.util.SAMLUtil; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; - import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -49,6 +44,7 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); //httpResp.addHeader("Location", "http:/www.google.com"); if (req instanceof STORKAuthnRequestDEL) { + /* Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); @@ -78,6 +74,8 @@ public class AuthenticationRequest implements IAction { throw new MOAIDException("error response sending", new Object[]{}); } //httpSession.setAttribute("CCC", ccc); + + */ } @@ -93,6 +91,8 @@ public class AuthenticationRequest implements IAction { } + /* + public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap()); @@ -141,6 +141,8 @@ public class AuthenticationRequest implements IAction { return authResponse; } + */ + public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java index 57dfad73f..c8a5ac84d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -1,8 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import eu.stork.peps.auth.commons.STORKAuthnRequest; import org.opensaml.common.xml.SAMLConstants; /** @@ -16,13 +15,13 @@ public class STORKAuthnRequestDEL implements IRequest { private String target = null; String module = null; String action = null; - private eu.stork.mw.messages.saml.STORKAuthnRequest storkAuthnRequest; + private STORKAuthnRequest storkAuthnRequest; - public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) { + public void setSTORKAuthnRequest(STORKAuthnRequest request) { this.storkAuthnRequest = request; } - public eu.stork.mw.messages.saml.STORKAuthnRequest getStorkAuthnRequest() { + public STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e99079191..2c47620e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -8,14 +8,16 @@ import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -97,6 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } + /* STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); @@ -107,10 +110,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); - + */ STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + + + //extract STORK Response from HTTP Request + //Decodes SAML Response + + /* + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + Logger.error("Unable to retrieve STORK Response", e); + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); + + STORKAuthnResponse authnResponse = null; + PEPSUtil.decode + engine.validateSTORKAuthnRequest() + */ return STORK2Request; } diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 9fb2e9fda..26b212283 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,15 +1,61 @@ - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 9fb2e9fda..26b212283 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,15 +1,61 @@ - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index d36dae117..11dc743a9 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -44,9 +44,9 @@ - - - + + + @@ -55,6 +55,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 1c756d4d4..5afc4b70c 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -260,7 +260,7 @@ http://java.sun.com/j2se/1.5.0/docs/api/ http://logging.apache.org/log4j/docs/api/ - 1.4 + 1.5 diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java index 30eed7001..6cf46c50a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java @@ -36,6 +36,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.util.Constants; + import at.gv.egovernment.moa.spss.util.MessageProvider; /** diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 80378b441..45ebf8969 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -14,14 +14,60 @@ - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index 40f81fa9a..a0c44cf2c 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,8 +1,8 @@ - - - + + + @@ -10,6 +10,13 @@ + + + + + + + diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index 61e7ffa6f..503c49545 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -71,10 +71,16 @@ + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.5 + 1.5 + + - - - -- cgit v1.2.3 From 4c104d5d8349195007d19a13ed54426f9fe7b49a Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 6 Feb 2014 18:29:23 +0100 Subject: iml --- id/ConfigWebTool/ConfigurationInterface.iml | 2 +- id/oa/moa-id-oa.iml | 4 +- id/server/auth/moa-id-auth.iml | 4 +- id/server/idserverlib/moa-id-lib.iml | 4 +- .../id/protocols/stork2/AuthenticationRequest.java | 99 +++++++++++++++++++++- .../moa/id/protocols/stork2/STORKProtocol.java | 1 + id/server/proxy/moa-id-proxy.iml | 4 +- id/templates/moa-id-templates.iml | 4 +- .../clients/api/moa-spss-handbook-apiClient.iml | 4 +- .../handbook/clients/moa-spss-handbook-clients.iml | 2 +- .../moa-spss-handbook-referencedData.iml | 2 +- .../moa-spss-handbook-webserviceClient.iml | 4 +- spss/handbook/moa-spss-handbook.iml | 2 +- spss/server/moa-spss.iml | 2 +- spss/server/serverlib/moa-spss-lib.iml | 4 +- spss/server/serverws/moa-spss-ws.iml | 4 +- spss/server/tools/moa-spss-tools.iml | 4 +- 17 files changed, 121 insertions(+), 29 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index bb7e047b2..20f45337e 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -57,7 +57,7 @@ - + diff --git a/id/oa/moa-id-oa.iml b/id/oa/moa-id-oa.iml index 0b7bf00de..6d9905e25 100644 --- a/id/oa/moa-id-oa.iml +++ b/id/oa/moa-id-oa.iml @@ -13,8 +13,8 @@ - - + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index d0aa970fc..f61dfa171 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index 1c04295d7..cf1b34b4b 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 7e80273ca..1971fe12d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -2,9 +2,16 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; @@ -14,12 +21,11 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; +import java.util.ArrayList; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; +import sun.rmi.runtime.Log; /** * @author bsuzic @@ -40,6 +46,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Remote user: " + httpReq.getRemoteAddr()); Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); //httpResp.addHeader("Location", "http:/www.google.com"); @@ -82,6 +89,90 @@ public class AuthenticationRequest implements IAction { //httpResp.setStatus(200); //VPEPSInboundPostHandler + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry("AT"); + + + try { + + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("eIdentifier"); + newAttribute.setValue(new ArrayList(Collections.singletonList("xxxxxxxxxxxxxxx"))); + attributeList.add(newAttribute); + authnResponse.setPersonalAttributeList(attributeList); + + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(((STORKAuthnRequestDEL)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + Logger.debug("STORK response: "); + + Logger.debug("authn response string: " + authnResponse.toString()); + + String statusCodeValue = authnResponse.getStatusCode(); + Logger.debug("authn status code value: " + statusCodeValue); + + try { + Logger.debug("authn saml:" + IOUtils.toString(authnResponse.getTokenSaml())); + + } catch (IOException e) { + e.printStackTrace(); + } + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); + Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + httpResp.getOutputStream().write(writer.toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + Logger.info("Status code: " + authnResponse.getStatusCode()); + + + return "12345"; // AssertionId } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 2e42a0d75..9564afa27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -153,6 +153,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); + STORK2Request.setSTORKAuthnRequest(authnRequest); return STORK2Request; } diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index fb1a16d2e..86fa1b292 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + diff --git a/id/templates/moa-id-templates.iml b/id/templates/moa-id-templates.iml index 3b8b05541..0ecf962d0 100644 --- a/id/templates/moa-id-templates.iml +++ b/id/templates/moa-id-templates.iml @@ -13,8 +13,8 @@ - - + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 26b212283..c9c03b243 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index 04a6248a2..3dda938d9 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,6 +1,6 @@ - + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index 29685104a..678776d19 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -12,7 +12,7 @@ - + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 26b212283..c9c03b243 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index ce921cbeb..deed935ed 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -9,7 +9,7 @@ - + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index 4d170c8a3..567359474 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,6 +1,6 @@ - + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 11dc743a9..7864354f4 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -45,8 +45,8 @@ - - + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 45ebf8969..60f6d1803 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -15,8 +15,8 @@ - - + + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index a0c44cf2c..a880f50ab 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,8 +1,8 @@ - - + + -- cgit v1.2.3 From cd0887a43b0b4350e736433c2b513901a2151601 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 17:51:06 +0100 Subject: after merge, having problem --- id/ConfigWebTool/ConfigurationInterface.iml | 20 +- id/oa/moa-id-oa.iml | 4 +- id/server/auth/moa-id-auth.iml | 19 +- id/server/auth/pom.xml | 9 +- id/server/idserverlib/moa-id-lib.iml | 25 +- .../moa/id/auth/AuthenticationServer.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 9 +- id/server/moa-id-commons/moa-id-commons.iml | 7 +- id/server/moa-id-commons/pom.xml | 491 +++++++++++---------- id/server/proxy/moa-id-proxy.iml | 17 +- .../oasis-dss-api-1.0.0-SNAPSHOT.jar | Bin 180095 -> 282629 bytes .../clients/api/moa-spss-handbook-apiClient.iml | 4 +- .../moa-spss-handbook-webserviceClient.iml | 4 +- spss/server/serverlib/moa-spss-lib.iml | 4 +- spss/server/serverws/moa-spss-ws.iml | 4 +- 15 files changed, 308 insertions(+), 311 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 20f45337e..43790145b 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -73,8 +73,6 @@ - - @@ -121,29 +119,20 @@ + - - - - - - - - - - - - + + @@ -168,6 +157,8 @@ + + @@ -186,6 +177,7 @@ + diff --git a/id/oa/moa-id-oa.iml b/id/oa/moa-id-oa.iml index 6d9905e25..0b7bf00de 100644 --- a/id/oa/moa-id-oa.iml +++ b/id/oa/moa-id-oa.iml @@ -13,8 +13,8 @@ - - + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index f61dfa171..b8b4208b8 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -14,8 +14,8 @@ - - + + @@ -96,19 +96,10 @@ - + - - - - - - - - - - + @@ -134,12 +125,12 @@ - + diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 987ae1951..c17722df0 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -79,8 +79,13 @@ MOA.id.server moa-id-lib - - + + eu.stork + oasis-dss-api + 1.0.0-SNAPSHOT + + + iaik.prod iaik_jce_full diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index cf1b34b4b..d995f23af 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -1,8 +1,8 @@ - - + + @@ -43,20 +43,7 @@ - - - - - - - - - - - - - - + @@ -88,12 +75,12 @@ - + @@ -111,6 +98,7 @@ + @@ -120,6 +108,7 @@ + @@ -145,6 +134,8 @@ + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ce5aa15c3..6f6d9611a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 84831a7b5..10cdcba6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -62,7 +62,12 @@ public class AttributeCollector implements IAction { this.httpResp = httpResp; - // find the attribute provider plugin that can handle the response + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { @@ -167,7 +172,7 @@ public class AttributeCollector implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", An Introduction to Knowledge Engineeringnull); + throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 08d15d746..8ded8b94a 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -26,8 +26,8 @@ - - + + @@ -71,9 +71,6 @@ - - - diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 9a3cf4f7c..055a67bf4 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -1,235 +1,260 @@ - - 4.0.0 - - MOA.id - moa-id - 1.9.98-SNAPSHOT - - moa-id-commons - moa-id-commons - MOA.id.server - - - - hyberjaxb - http://repository.highsource.org/maven2/releases/ - true - - - JBoss IAIK - http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ - - - - - - - org.hibernate - hibernate-core - 4.2.1.Final - - - org.hibernate - hibernate-c3p0 - 4.2.1.Final - - - org.hibernate - hibernate-entitymanager - 4.2.1.Final - - - - org.apache.commons - commons-lang3 - 3.1 - - - MOA - moa-common - jar - + + 4.0.0 + + MOA.id + moa-id + 1.9.98-SNAPSHOT + + moa-id-commons + moa-id-commons + MOA.id.server - - - - org.hibernate.javax.persistence - hibernate-jpa-2.0-api - 1.0.1.Final - - - - org.jvnet.hyperjaxb3 - hyperjaxb3-ejb-runtime - 0.5.6 - - - org.jvnet.hyperjaxb3 - maven-hyperjaxb3-plugin - 0.5.6 - - - mysql - mysql-connector-java - 5.1.25 - - - - - install - - - - src/main/resources/config - - **/*.java - - - - target/generated-sources/xjc - - **/*.java - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - 1.5 - 1.5 - - - - org.apache.maven.plugins - maven-jar-plugin - - true - true - - false - - - - - - test-jar - - - - - - - org.jvnet.hyperjaxb3 - maven-hyperjaxb3-plugin - 0.5.6 - - - - generate - - - - - true - src/main/resources/config - src/main/resources/config - src/main/resources/config/persistence_template.xml - at.gv.egovernment.moa.id.commons.db.dao.config - - - - true - maven-compiler-plugin - 2.0.2 - - 1.5 - 1.5 - - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.5 - - UTF-8 - UTF-8 - true - false - false - true - at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* - - - pre - a - Preconditions: - - - post - a - Postconditions: - - - - http://java.sun.com/j2se/1.4/docs/api/ - http://java.sun.com/j2se/1.5.0/docs/api/ - http://logging.apache.org/log4j/docs/api/ - - 1.5 - - - - generate-javadoc - package - - jar - - - - - - - - - - org.eclipse.m2e - lifecycle-mapping - 1.0.0 - - - - - - - org.jvnet.hyperjaxb3 - - - maven-hyperjaxb3-plugin - - - [0.5.6,) - - - generate - - - - - - - - - - - - - + + + hyberjaxb + http://repository.highsource.org/maven2/releases/ + + true + + + + JBoss IAIK + http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/ + + + + + + + org.hibernate + hibernate-core + 4.2.1.Final + + + org.hibernate + hibernate-c3p0 + 4.2.1.Final + + + org.hibernate + hibernate-entitymanager + 4.2.1.Final + + + + org.apache.commons + commons-lang3 + 3.1 + + + MOA + moa-common + jar + + + + + + org.hibernate.javax.persistence + hibernate-jpa-2.0-api + 1.0.1.Final + + + + org.jvnet.hyperjaxb3 + hyperjaxb3-ejb-runtime + 0.5.6 + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + + + org.jvnet.hyperjaxb3 + maven-hyperjaxb3-plugin + 0.5.6 + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + + + mysql + mysql-connector-java + 5.1.25 + + + + + install + + + + src/main/resources/config + + **/*.java + + + + target/generated-sources/xjc + + **/*.java + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.5 + 1.5 + + + + org.apache.maven.plugins + maven-jar-plugin + + true + true + + false + + + + + + test-jar + + + + + + + org.jvnet.hyperjaxb3 + maven-hyperjaxb3-plugin + 0.5.6 + + + + generate + + + + + true + src/main/resources/config + src/main/resources/config + src/main/resources/config/persistence_template.xml + at.gv.egovernment.moa.id.commons.db.dao.config + + + + true + maven-compiler-plugin + 2.0.2 + + 1.5 + 1.5 + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.5 + + UTF-8 + UTF-8 + true + false + false + true + + at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* + + + + pre + a + Preconditions: + + + post + a + Postconditions: + + + + http://java.sun.com/j2se/1.4/docs/api/ + http://java.sun.com/j2se/1.5.0/docs/api/ + http://logging.apache.org/log4j/docs/api/ + + 1.5 + + + + generate-javadoc + package + + jar + + + + + + + + + + org.eclipse.m2e + lifecycle-mapping + 1.0.0 + + + + + + + org.jvnet.hyperjaxb3 + + + maven-hyperjaxb3-plugin + + + [0.5.6,) + + + generate + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 86fa1b292..936460e23 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -13,8 +13,8 @@ - - + + @@ -96,16 +96,7 @@ - - - - - - - - - - + @@ -131,12 +122,12 @@ - + diff --git a/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar b/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar index 5ad0cb42e..8414d7851 100644 Binary files a/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar and b/repository/eu/stork/oasis-dss-api/1.0.0-SNAPSHOT/oasis-dss-api-1.0.0-SNAPSHOT.jar differ diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index c9c03b243..26b212283 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index c9c03b243..26b212283 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -1,8 +1,8 @@ - - + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 7864354f4..11dc743a9 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -45,8 +45,8 @@ - - + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 60f6d1803..45ebf8969 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -15,8 +15,8 @@ - - + + -- cgit v1.2.3 From 7f1c5affaa9358bef6995371dc08c8f0c981a849 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:06:41 +0100 Subject: resolving problems related to commons and slf4j libraries --- common/moa-common.iml | 5 + common/pom.xml | 234 +++++++++++++-------- id/ConfigWebTool/ConfigurationInterface.iml | 10 +- id/pom.xml | 32 +++ id/server/auth/moa-id-auth.iml | 10 +- id/server/idserverlib/pom.xml | 28 ++- id/server/moa-id-commons/moa-id-commons.iml | 5 + id/server/moa-id.iml | 4 +- id/server/proxy/moa-id-proxy.iml | 10 +- id/templates/moa-id-templates.iml | 4 +- .../clients/api/moa-spss-handbook-apiClient.iml | 5 + .../moa-spss-handbook-webserviceClient.iml | 5 + spss/server/serverlib/moa-spss-lib.iml | 5 + spss/server/serverws/moa-spss-ws.iml | 5 + 14 files changed, 252 insertions(+), 110 deletions(-) (limited to 'spss/handbook/clients') diff --git a/common/moa-common.iml b/common/moa-common.iml index 9d4261fc6..46304fcc3 100644 --- a/common/moa-common.iml +++ b/common/moa-common.iml @@ -24,6 +24,11 @@ + + + + + diff --git a/common/pom.xml b/common/pom.xml index 468ecaf2d..46f26501f 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -1,94 +1,148 @@ - - - MOA - MOA - 2.0.0 - - 4.0.0 - moa-common - - jar - MOA common library + + + MOA + MOA + 2.0.0 + + 4.0.0 + moa-common + + jar + MOA common library - - ${basedir}/../repository - + + ${basedir}/../repository + + + + + commons-logging + commons-logging + + + iaik.prod + iaik_jce_full + + + iaik.prod + iaik_moa + + + junit + junit + test + + + jaxen + jaxen + + + saxpath + saxpath + + + xalan-bin-dist + xalan + compile + true + + + xerces + xercesImpl + true + + + xalan-bin-dist + xml-apis + compile + true + + + xalan-bin-dist + serializer + runtime + true + + + joda-time + joda-time + 1.6.2 + + + org.slf4j + slf4j-api + 1.7.5 + + + org.slf4j + slf4j-simple + 1.7.5 + + + org.slf4j + jcl-over-slf4j + 1.7.5 + + + org.slf4j + log4j-over-slf4j + 1.7.5 + + + org.slf4j + jul-to-slf4j + 1.7.5 + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + false + + + + + + test-jar + + + + + + maven-enforcer-plugin + 1.1.1 + + + enforce-banned-dependencies + + enforce + + + + + true + + + org.slf4j:1.5* + org.slf4j:1.6* + + + + + true + + + + + + - - - commons-logging - commons-logging - - - iaik.prod - iaik_jce_full - - - iaik.prod - iaik_moa - - - junit - junit - test - - - jaxen - jaxen - - - saxpath - saxpath - - - xalan-bin-dist - xalan - compile - true - - - xerces - xercesImpl - true - - - xalan-bin-dist - xml-apis - compile - true - - - xalan-bin-dist - serializer - runtime - true - - - joda-time - joda-time - 1.6.2 - - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - false - - - - - - test-jar - - - - - - diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 43790145b..742f8df89 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -58,6 +58,11 @@ + + + + + @@ -119,11 +124,6 @@ - - - - - diff --git a/id/pom.xml b/id/pom.xml index db4ee137e..bd3344638 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -24,4 +24,36 @@ UTF-8 + + + + maven-enforcer-plugin + 1.1.1 + + + enforce-banned-dependencies + + enforce + + + + + true + + + org.slf4j:1.5* + org.slf4j:1.6* + + + + + true + + + + + + + diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index b8b4208b8..043374bc0 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -53,6 +53,11 @@ + + + + + @@ -91,11 +96,6 @@ - - - - - diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index cca543a26..82a42cb8c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -151,7 +151,33 @@ provided - + + + + org.slf4j + slf4j-api + 1.7.5 + + + org.slf4j + slf4j-simple + 1.7.5 + + + org.slf4j + jcl-over-slf4j + 1.7.5 + + + org.slf4j + log4j-over-slf4j + 1.7.5 + + + org.slf4j + jul-to-slf4j + 1.7.5 + junit diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 8ded8b94a..ef994abd3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -56,6 +56,11 @@ + + + + + diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml index 567359474..c418d6693 100644 --- a/id/server/moa-id.iml +++ b/id/server/moa-id.iml @@ -1,8 +1,8 @@ - - + + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index 936460e23..e61d841ce 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -50,6 +50,11 @@ + + + + + @@ -88,11 +93,6 @@ - - - - - diff --git a/id/templates/moa-id-templates.iml b/id/templates/moa-id-templates.iml index 0ecf962d0..3b8b05541 100644 --- a/id/templates/moa-id-templates.iml +++ b/id/templates/moa-id-templates.iml @@ -13,8 +13,8 @@ - - + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 26b212283..6ed837a51 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -38,6 +38,11 @@ + + + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 26b212283..6ed837a51 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -38,6 +38,11 @@ + + + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 11dc743a9..4c0128bf3 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -84,6 +84,11 @@ + + + + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 45ebf8969..ae8f03a70 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -51,6 +51,11 @@ + + + + + -- cgit v1.2.3 From eb32824288778c0fd427dbcbf826c8d9c16596b2 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:26:15 +0100 Subject: after merge ap --- id/server/moa-id-commons/moa-id-commons.iml | 1 + spss/handbook/clients/api/moa-spss-handbook-apiClient.iml | 1 + spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml | 1 + spss/server/serverlib/moa-spss-lib.iml | 2 ++ spss/server/serverws/moa-spss-ws.iml | 1 + 5 files changed, 6 insertions(+) (limited to 'spss/handbook/clients') diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index ef994abd3..3bd426fc3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -37,6 +37,7 @@ + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 4c0128bf3..93d7e676f 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,6 +55,8 @@ + + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index ae8f03a70..7943aa854 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -22,6 +22,7 @@ + -- cgit v1.2.3 From 458a579978fa4fd0718c754bb8b6ca41f82d8145 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:33:36 +0100 Subject: after chaning --- .../id/protocols/stork2/AttributeCollector.java | 58 +--------------------- id/server/moa-id-commons/moa-id-commons.iml | 1 - .../clients/api/moa-spss-handbook-apiClient.iml | 1 - .../moa-spss-handbook-webserviceClient.iml | 1 - spss/server/serverlib/moa-spss-lib.iml | 2 - spss/server/serverws/moa-spss-ws.iml | 1 - 6 files changed, 2 insertions(+), 62 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 72dddee88..0317322ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -15,25 +15,6 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; -<<<<<<< HEAD - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -======= import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -47,7 +28,6 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; ->>>>>>> origin/bs_3_fr /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -56,7 +36,6 @@ import javax.servlet.http.HttpServletResponse; * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. * * TODO how do we treat mandatory and optional attributes? - * */ public class AttributeCollector implements IAction { @@ -70,8 +49,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { -<<<<<<< HEAD -======= // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); DataContainer container; @@ -82,7 +59,6 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } ->>>>>>> origin/bs_3_fr // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) @@ -107,33 +83,20 @@ public class AttributeCollector implements IAction { Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); } -<<<<<<< HEAD - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - -======= ->>>>>>> origin/bs_3_fr // - insert the embedded attribute(s) into the container addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes return processRequest(container, httpReq, httpResp, moasession, oaParam); } - + /** * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, * this very method creates and sends the protocol result to the asking S-PEPS. * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string - * @throws MOAIDException + * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch @@ -199,11 +162,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL -<<<<<<< HEAD - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); -======= e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); ->>>>>>> origin/bs_3_fr } catch (Exception e1) { // TODO should we return the response as is to the PEPS? @@ -222,13 +181,8 @@ public class AttributeCollector implements IAction { * @throws MOAIDException the mOAID exception */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { -<<<<<<< HEAD - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); -======= MOASTORKRequest request = container.getRequest(); MOASTORKResponse response = container.getResponse(); ->>>>>>> origin/bs_3_fr try { //Get SAMLEngine instance @@ -247,14 +201,6 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); -<<<<<<< HEAD - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); - Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); - - container.setResponse(authnResponse); -======= ->>>>>>> origin/bs_3_fr } /** diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index 3bd426fc3..ef994abd3 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -37,7 +37,6 @@ - diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 4e0a0fddf..6ed837a51 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,7 +9,6 @@ - diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 4e0a0fddf..6ed837a51 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,7 +9,6 @@ - diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 93d7e676f..4c0128bf3 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,8 +55,6 @@ - - diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index 7943aa854..ae8f03a70 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -22,7 +22,6 @@ - -- cgit v1.2.3 From 683209b2aabf589e1e22ed9cb7c69d6e76442bb0 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:40:29 +0100 Subject: after merging, inspecting, fixing, tbc. --- .../moa/id/protocols/stork2/STORKProtocol.java | 17 +---------------- .../clients/api/moa-spss-handbook-apiClient.iml | 1 + .../webservice/moa-spss-handbook-webserviceClient.iml | 1 + spss/server/serverlib/moa-spss-lib.iml | 2 ++ 4 files changed, 5 insertions(+), 16 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 5e9d50221..a361d5f67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -105,20 +104,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); -<<<<<<< HEAD - } catch (ClassCastException e) { - Logger.error("Could not extract authenticaiton request"); - } - - - // check if a valid attr request is containerd - try { - attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - } catch (ClassCastException e) { - Logger.error("Could not extract attribute request"); -======= } catch(ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container @@ -127,8 +112,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } ->>>>>>> origin/bs_3_fr } + // if there is no authn or attr request, raise error if ((authnRequest == null) && (attrRequest == null)) { Logger.error("There is no authentication or attribute request contained."); diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 6ed837a51..4e0a0fddf 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,6 +9,7 @@ + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 4c0128bf3..93d7e676f 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,6 +55,8 @@ + + -- cgit v1.2.3 From 19e164874ea92d51f9df12f56047d77db9683091 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 20:57:05 +0100 Subject: storkid derivation pro country --- id/ConfigWebTool/ConfigurationInterface.iml | 2 +- .../id/configuration/data/oa/OAGeneralConfig.java | 8 +- .../configuration/struts/action/EditOAAction.java | 7 +- id/server/auth/moa-id-auth.iml | 2 +- id/server/idserverlib/moa-id-lib.iml | 2 +- .../moa/id/auth/AuthenticationServer.java | 3928 ++++++++++---------- .../id/auth/builder/InfoboxReadRequestBuilder.java | 197 +- .../gv/egovernment/moa/id/config/OAParameter.java | 20 +- id/server/moa-id-commons/moa-id-commons.iml | 2 +- id/server/moa-id.iml | 1 + id/server/proxy/moa-id-proxy.iml | 2 +- pom.xml | 6 + .../clients/api/moa-spss-handbook-apiClient.iml | 2 +- .../handbook/clients/moa-spss-handbook-clients.iml | 5 +- .../moa-spss-handbook-referencedData.iml | 5 +- .../moa-spss-handbook-webserviceClient.iml | 2 +- spss/handbook/moa-spss-handbook.iml | 5 +- spss/server/moa-spss.iml | 5 +- spss/server/serverlib/moa-spss-lib.iml | 3 +- spss/server/serverws/moa-spss-ws.iml | 1 + spss/server/tools/moa-spss-tools.iml | 5 +- 21 files changed, 2104 insertions(+), 2106 deletions(-) (limited to 'spss/handbook/clients') diff --git a/id/ConfigWebTool/ConfigurationInterface.iml b/id/ConfigWebTool/ConfigurationInterface.iml index 742f8df89..f6325d7c7 100644 --- a/id/ConfigWebTool/ConfigurationInterface.iml +++ b/id/ConfigWebTool/ConfigurationInterface.iml @@ -63,6 +63,7 @@ + @@ -77,7 +78,6 @@ - diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 495444db1..c9f5fdde9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -120,7 +120,8 @@ public class OAGeneralConfig { identificationTypeList = Arrays.asList( Constants.IDENIFICATIONTYPE_FN, Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB); + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK); } @@ -216,7 +217,10 @@ public class OAGeneralConfig { if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { identificationType = split[1]; identificationNumber = split[2]; - } + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; // setting at as iden category ? + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 4a0bf744a..370923ca1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -746,13 +746,8 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, dboa.setStorkSPTargetCountry(generalOA.getStorkSPTargetCountry()); - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_STORK)) - num = num.substring(Constants.IDENIFICATIONTYPE_STORK.length()); - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getIdentificationType() + num); + idnumber.setValue(Constants.PREFIX_STORK + "AT+" + generalOA.getStorkSPTargetCountry()); idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); authoa.setIdentificationNumber(idnumber); diff --git a/id/server/auth/moa-id-auth.iml b/id/server/auth/moa-id-auth.iml index 043374bc0..bf76e8805 100644 --- a/id/server/auth/moa-id-auth.iml +++ b/id/server/auth/moa-id-auth.iml @@ -58,6 +58,7 @@ + @@ -96,7 +97,6 @@ - diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml index d995f23af..91b3617ad 100644 --- a/id/server/idserverlib/moa-id-lib.iml +++ b/id/server/idserverlib/moa-id-lib.iml @@ -40,7 +40,7 @@ - + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6f6d9611a..01a2e5485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,74 +1,9 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.util.logging.Log; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.util.ArrayList; -//import java.security.cert.CertificateFactory; -import java.util.Calendar; -import java.util.Date; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Vector; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.*; +import at.gv.egovernment.moa.id.auth.data.*; +import at.gv.egovernment.moa.id.auth.exception.*; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -81,13 +16,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -109,13 +40,7 @@ import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.*; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; @@ -123,12 +48,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.*; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; import eu.stork.oasisdss.profile.SignRequest; @@ -138,6 +59,42 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import iaik.asn1.ObjectID; +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.*; +import org.xml.sax.SAXException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.cert.CertificateException; +import java.util.*; + +//import java.security.cert.CertificateFactory; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -149,148 +106,147 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; */ public class AuthenticationServer implements MOAIDAuthConstants { - /** single instance */ - private static AuthenticationServer instance; - - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes - private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data - * store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of AuthenticationServer. - * - * @return the single instance of AuthenticationServer - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - - - /** - * Processes the beginning of an authentication session. - *
    - *
  • Starts an authentication session
    • - *
  • Creates an <InfoboxReadRequest>
    • - *
  • Creates an HTML form for querying the identity link from the security - * layer implementation.
    - * Form parameters include - *
      - *
    • the <InfoboxReadRequest>
      • - *
    • the data URL where the security layer implementation sends it - * response to
      • - *
    - *
- * - * @param authURL - * URL of the servlet to be used as data URL - * @param target - * "Geschäftsbereich" of the online application requested - * @param targetFriendlyName - * Friendly name of the target if the target is configured via - * configuration - * @param oaURL - * online application URL requested - * @param bkuURL - * URL of the "Bürgerkartenumgebung" to be used; may be - * null; in this case, the default location will be - * used - * @param useMandate - * Indicates if mandate is used or not - * @param templateURL - * URL providing an HTML template for the HTML form generated - * @param templateMandteURL - * URL providing an HTML template for the HTML form generated - * (for signing in mandates mode) - * @param req - * determines the protocol used - * @param sourceID - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, - AuthenticationException, ConfigurationException, BuildException { - - if (session == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //load OnlineApplication configuration - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - - //load Template - String template = null; - if (session.getTemplateURL() != null) { - try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - session.getTemplateURL(), ex.toString() }, ex); - } - } - - String infoboxReadRequest = ""; - - String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { - //load identityLink with SSO Target - boolean isbuisness = false; - - if (domainIdentifier.startsWith(PREFIX_WPBK)) { - - isbuisness = true; - - } else { - isbuisness = false; - - } - - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - isbuisness, domainIdentifier); - - } else { - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getBusinessService(), oaParam - .getIdentityLinkDomainIdentifier()); - } - - - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); - - //removed in MOAID 2.0 - String pushInfobox = ""; + /** + * single instance + */ + private static AuthenticationServer instance; + + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + + + /** + * Processes the beginning of an authentication session. + *
    + *
  • Starts an authentication session
    • + *
  • Creates an <InfoboxReadRequest>
    • + *
  • Creates an HTML form for querying the identity link from the security + * layer implementation.
    + * Form parameters include + *
      + *
    • the <InfoboxReadRequest>
      • + *
    • the data URL where the security layer implementation sends it + * response to
      • + *
    + *
+ * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via + * configuration + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; may be + * null; in this case, the default location will be + * used + * @param useMandate Indicates if mandate is used or not + * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated + * (for signing in mandates mode) + * @param req determines the protocol used + * @param sourceID + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + AuthenticationException, ConfigurationException, BuildException { + + if (session == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[]{ + session.getTemplateURL(), ex.toString()}, ex); + } + } + + String infoboxReadRequest = ""; + + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = true; + + } else { + isbuisness = false; + + } + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + isbuisness, domainIdentifier); + + } else { + + if (oaParam.getStorkService()) + // build stork request + infoboxReadRequest = new InfoboxReadRequestBuilder().buildStorkReadRequest( + oaParam.getIdentityLinkDomainIdentifier()); + else + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.getBusinessService(), oaParam + .getIdentityLinkDomainIdentifier()); + } + + + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session + .getSessionID()); + + //removed in MOAID 2.0 + String pushInfobox = ""; // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); @@ -299,1787 +255,1743 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setPushInfobox(pushInfobox); // } - //build CertInfo request - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(); - String certInfoDataURL = new DataURLBuilder() - .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - session.getSessionID()); - - //get Applet Parameters - String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); - String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); - appletheigth = StringEscapeUtils.escapeHtml(appletheigth); - appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - * @throws BKUException - */ - public String verifyIdentityLink(AuthenticationSession session, - Map infoboxReadResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); - - String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // check if an identity link was found - // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform - // (SL1.2)) - // CharSequence se = "ErrorCode>2911".substring(0); - // boolean b = xmlInfoboxReadResponse.contains(se); - String se = "ErrorCode>2911"; - int b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // no identity link found - Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); - return null; - } - // spezifikationsgemaess (SL1.2) Errorcode - se = "ErrorCode>4002"; - // b = xmlInfoboxReadResponse.contains(se); - b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // Unbekannter Infoboxbezeichner - Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); - return null; - } - - // parses the - IdentityLink identityLink = new InfoboxReadResponseParser( - xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true - : false; - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - ignoreManifestValidationResult); - - session.setIdentityLink(identityLink); - // now validate the extended infoboxes - - //Removed in MOA-ID 2.0 - //verifyInfoboxes(session, infoboxReadResponseParameters, false); - - return "found!"; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, MOAIDException{ - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - // check if person is a Organwalter - // if true - don't show bPK in AUTH Block - try { - for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { - if (certificate.getExtension(OWid) != null) { - session.setOW(true); - } - - } - - } catch (X509ExtensionInitException e) { - Logger.warn("Certificate extension is not readable."); - session.setOW(false); - } - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - return returnvalue; - } - - /** - * Processes an Mandate sent by the MIS.
- *
    - *
  • Validates given Mandate
    • - *
  • Verifies Mandate by calling the MOA SP component
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - GET_MIS_SESSIONID, PARAM_SESSIONID }); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - try { - // sets the extended SAML attributes for OID (Organwalter) - setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam - .getBusinessService()); - - validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - - } - - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); - - // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos); - return createXMLSignatureRequest; - } - - /** - * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
- *
    - *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param cert - * The certificate from the user - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, - X509Certificate cert) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - Principal subject = cert.getSubjectDN(); - - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); - return createXMLSignatureRequest; - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param createXMLSignatureResponseParameters - * The parameters from the response returned from the BKU - * including the <CreateXMLSignatureResponse> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_SESSIONID }); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // parses the - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param readInfoboxResponseParameters - * The parameters from the response returned from the BKU - * including the <ReadInfoboxResponse> - * @throws BKUException - */ - public X509Certificate getCertificate(String sessionID, - Map readInfoboxResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlReadInfoboxResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE }); - - // parses the - InfoboxReadResponseParser p = new InfoboxReadResponseParser( - xmlReadInfoboxResponse); - X509Certificate cert = p.parseCertificate(); - - return cert; - - } - - /** - * Builds an authentication block <saml:Assertion> from - * given session data. - * - * @param session - * authentication session - * - * @return <saml:Assertion> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - - String identificationValue = null; - String identificationType = null; - - //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { - identificationType = ""; - identificationValue = ""; - - } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - if (oaParam.getBusinessService()) { - - String bpkBase64 = new BPKBuilder().buildWBPK(identityLink - .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); - identificationValue = bpkBase64; - - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) - identificationType = oaParam.getIdentityLinkDomainIdentifier(); - else - identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - - } else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); - } - - - } else { - identificationValue = identityLink.getIdentificationValue(); - identificationType = identityLink.getIdentificationType(); - - } - - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - - if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); - - } catch (ConfigurationException e) { - } - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - } - } - - - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void validateExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, - boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - mandate, business, false); - - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - verifySAMLAttribute(samlAttribute, i, "MISService", - "MISService"); - - } - } - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void setExtendedSAMLAttributeForMandatesOID( - AuthenticationSession session, MISMandate mandate, boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( - mandate, business); - - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); - - } - - /** - * Adds given SAML Attributes to the current session. They will be appended - * to the final SAML Assertion or the AUTH block. If the attributes are - * already in the list, they will be replaced. - * - * @param session - * The current session - * @param extendedSAMLAttributes - * The SAML attributes to add - * @param identifier - * The infobox identifier for debug purposes - * @param friendlyNam - * The friendly name of the infobox for debug purposes - */ - private static void AddAdditionalSAMLAttributes( - AuthenticationSession session, - ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, - String friendlyName) throws ValidateException { - if (extendedSAMLAttributes == null) - return; - List oaAttributes = session.getExtendedSAMLAttributesOA(); - if (oaAttributes == null) - oaAttributes = new Vector(); - List authAttributes = session.getExtendedSAMLAttributesAUTH(); - if (authAttributes == null) - authAttributes = new Vector(); - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - Object value = verifySAMLAttribute(samlAttribute, i, identifier, - friendlyName); - - if ((value instanceof String) || (value instanceof Element)) { - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - default: - Logger - .info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() - + ") in SAML attribute number " - + (i + 1) - + " for infobox " + identifier); - throw new ValidateException("validator.47", new Object[] { - friendlyName, String.valueOf((i + 1)) }); - } - } else { - Logger - .info("The type of SAML-Attribute number " - + (i + 1) - + " returned from " - + identifier - + "-infobox validator is not valid. Must be either \"java.Lang.String\"" - + " or \"org.w3c.dom.Element\""); - throw new ValidateException("validator.46", new Object[] { - identifier, String.valueOf((i + 1)) }); - } - } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - - protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( - MISMandate mandate, boolean business, boolean provideStammzahl) - throws SAXException, IOException, ParserConfigurationException, - TransformerException { - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // Name - Element domMandate = mandateToElement(mandate); - Element nameSpaceNode = domMandate.getOwnerDocument().createElement( - "NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, - Constants.PD_NS_URI); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, - SZRGWConstants.MANDATE_NS); - - Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, - "//md:Mandate/md:Mandator", nameSpaceNode); - - // Mandate - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_RAW, domMandate, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)) { - String idType = ParepUtils - .extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) - && idType.startsWith(Constants.URN_PREFIX_BASEID)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_CB_BASE_ID, - ParepUtils.getRegisterString(idType) + ": " + wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (business) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_WBPK, wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( - MISMandate mandate, boolean business) throws SAXException, - IOException, ParserConfigurationException, TransformerException { - - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // RepresentationType - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_REPRESENTATIONTYPE, - EXT_SAML_MANDATE_REPRESENTATIONTEXT, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - String oid = mandate.getProfRep(); - - if (oid != null) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OID, oid, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - String oidDescription = mandate.getTextualDescriptionOfOID(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - oidDescription, SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * - * @param mandate - * @return - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private static Element mandateToElement(MISMandate mandate) - throws SAXException, IOException, ParserConfigurationException { - ByteArrayInputStream bais = new ByteArrayInputStream(mandate - .getMandate()); - Document doc = DOMUtils.parseDocumentSimple(bais); - return doc.getDocumentElement(); - } - - protected static void replaceExtendedSAMLAttribute(List attributes, - ExtendedSAMLAttribute samlAttribute) { - if (null == attributes) { - attributes = new Vector(); - } else { - String id = samlAttribute.getName(); - int length = attributes.size(); - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes - .get(i); - if (id.equals(att.getName())) { - // replace attribute - attributes.set(i, samlAttribute); - return; - } - } - attributes.add(samlAttribute); - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - * @throws BKUException - */ - public String verifyAuthenticationBlock(AuthenticationSession session, - String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - // parses - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureReadResponse).parseResponse(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp - .getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } - // validates - if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); - else - new CreateXMLSignatureResponseValidator().validate(csresp, session); - - // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, - vtids, tpid); - // debug output - - // invokes the call - Element domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); - // debug output - - // parses the - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( - domVsresp).parseData(); - - if (Logger.isTraceEnabled()) { - if (domVsresp != null) { - try { - String xmlVerifyXMLSignatureResponse = DOMUtils - .serializeNode(domVsresp, true); - Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); - Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); - } catch (Throwable t) { - t.printStackTrace(); - Logger.info(new LogMsg(t.getStackTrace())); - } - } - } - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - false); - - // Compare AuthBlock Data with information stored in session, especially - // date and time - CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, session.getIdentityLink()); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(false); - - if (session.getUseMandate()) { - // mandate mode - return null; - - } else { - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - - String oldsessionID = session.getSessionID(); - - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - return newMOASessionID; - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - - protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { - Element identificationBpK = mandatePerson.getOwnerDocument() - .createElementNS(Constants.PD_NS_URI, "Identification"); - Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Value"); - - String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); - valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - bpkBase64)); - Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Type"); - typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - "urn:publicid:gv.at:cdid+bpk")); - identificationBpK.appendChild(valueBpK); - identificationBpK.appendChild(typeBpK); - - return identificationBpK; - - } - - protected String getBaseId(Element mandatePerson) - throws TransformerException, IOException { - NodeList list = mandatePerson.getElementsByTagNameNS( - Constants.PD_NS_URI, "Identification"); - for (int i = 0; i < list.getLength(); i++) { - Element identification = (Element) list.item(i); - Element type = (Element) identification.getElementsByTagNameNS( - Constants.PD_NS_URI, "Type").item(0); - if (type.getTextContent().compareToIgnoreCase( - "urn:publicid:gv.at:baseid") == 0) { - Element value = (Element) identification - .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") - .item(0); - return value.getTextContent(); - } - } - return null; - - } - - /** - * Gets the foreign authentication data.
- *
    - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - public String getForeignAuthenticationData(AuthenticationSession session) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getSignerCertificate(); - vsresp.setX509certificate(cert); - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(true); - - //TODO: regenerate MOASession ID! - return "new Session"; - } - - /** - * Builds the AuthenticationData object together with the corresponding - * <saml:Assertion> - * - * @param session - * authentication session - * @param verifyXMLSigResp - * VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException - * while accessing configuration data - * @throws BuildException - * while building the <saml:Assertion> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - if (session.getUseMandate() && session.isOW()) { - MISMandate mandate = session.getMISMandate(); - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - - /** - * Retrieves a session from the session store. - * - * @param id - * session ID - * @return AuthenticationSession stored with given session ID, - * null if session ID unknown - */ - public static AuthenticationSession getSession(String id) - throws AuthenticationException { - - AuthenticationSession session; - try { - session = AuthenticationSessionStoreage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("parser.04", new Object[] { id }); - } - } - - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - - //clean AuthenticationSessionStore - - AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - - //clean AssertionStore - AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore - DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); - exstore.clean(now, authDataTimeOut); - - } - - /** - * Sets the sessionTimeOut. - * - * @param seconds - * Time out of the session in seconds - */ - public void setSecondsSessionTimeOutCreated(long seconds) { - sessionTimeOutCreated = seconds * 1000; - } - - public void setSecondsSessionTimeOutUpdated(long seconds) { - sessionTimeOutUpdated = seconds * 1000; - } - - /** - * Sets the authDataTimeOut. - * - * @param seconds - * Time out for signing AuthData in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = seconds * 1000; - } - - /** - * Checks a parameter. - * - * @param param - * parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Checks the correctness of SAML attributes and returns its value. - * - * @param param - * samlAttribute - * @param i - * the number of the verified attribute for messages - * @param identifier - * the infobox identifier for messages - * @param friendlyname - * the friendly name of the infobox for messages - * @return the SAML attribute value (Element or String) - */ - protected static Object verifySAMLAttribute( - ExtendedSAMLAttribute samlAttribute, int i, String identifier, - String friendlyName) throws ValidateException { - String name = samlAttribute.getName(); - - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "null" }); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is empty."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "leer" }); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", - new Object[] { friendlyName, "Namespace", - String.valueOf((i + 1)), "null" }); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Wert", String.valueOf((i + 1)), "null" }); - } - - return value; - } - - /** - * Does the request to the SZR-GW - * @param oaFriendlyName - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException - */ - - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - - SZRGWClient client = new SZRGWClient(connectionParameters); - - - CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(citizenSignature.getBytes()); - - PEPSData data = new PEPSData(); - data.setDateOfBirth(PEPSDateOfBirth); - data.setFamilyname(PEPSFamilyname); - data.setFirstname(PEPSFirstname); - data.setIdentifier(PEPSIdentifier); - - data.setRepresentative(representative); - data.setRepresented(represented); - data.setMandateContent(mandateContent); - - data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); - data.setLegalPersonTranslatableType(organizationType); - - if(null != mandateContent) { - MISType mis = new MISType(); - - Target targetObject = new Target(); - targetObject.setType(targetType); - targetObject.setValue(targetValue); - mis.setTarget(targetObject); - - mis.setOAFriendlyName(oaFriendlyName); - - Filters filterObject = new Filters(); - MandateIdentifiers mandateIds = new MandateIdentifiers(); - for(String current : filters.split(",")) - mandateIds.getMandateIdentifier().add(current.trim()); - filterObject.setMandateIdentifiers(mandateIds); - mis.setFilters(filterObject); - - request.setMIS(mis); - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); - return response; - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } - - return null; - - } - - /** - * Does the request to the SZR-GW. - * - * @param signature the signature - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); - } - - /** - * Does the request to the SZR-GW. - * - * @param PEPSIdentifier the pEPS identifier - * @param PEPSFirstname the pEPS firstname - * @param PEPSFamilyname the pEPS familyname - * @param PEPSDateOfBirth the pEPS date of birth - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); - } - - /** - * Gets the identity link. - * - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @param organizationAddress the organization address - * @param organizationType the organization type - * @return the identity link - * @throws SZRGWClientException - */ - public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, - String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, - citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * SZR-GW Client interface. - * - * @param eIdentifier the e identifier - * @param givenName the given name - * @param lastName the last name - * @param dateOfBirth the date of birth - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - */ - public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, String gender, - String citizenSignature, String representative, String represented, - String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, - citizenSignature, representative, represented, mandate, null, - null, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * Starts a MOA-ID authentication process using STORK - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public static void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - String providerName= oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - List attributesFromConfig = oaParam.getRequestedAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for(OAStorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if(current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = currentGlobalAttribute.isMandatory(); - break; - } - - newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", - moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (OAStorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL); - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setStorkAuthnRequest(authnRequest); - HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - httpSession.invalidate(); - throw new MOAIDException("stork.02", new Object[] { destination }); - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - } - - private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes()); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } - - /** - * Extracts an X509 Certificate out of an XML signagture element - * @param signedXML XML signature element - * @return X509Certificate - * @throws CertificateException - */ - public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - - NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - - String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { - String msg = "XML does not contain a X509Certificate element."; - Logger.error(msg); - throw new CertificateException(msg); - } - - InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - X509Certificate cert; - try { - cert = new X509Certificate(is); - return cert; - - } catch (Throwable e) { - throw new CertificateException(e); - } - } + //build CertInfo request + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() + .build(); + String certInfoDataURL = new DataURLBuilder() + .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, + session.getSessionID()); + + //get Applet Parameters + String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); + String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); + appletheigth = StringEscapeUtils.escapeHtml(appletheigth); + appletwidth = StringEscapeUtils.escapeHtml(appletwidth); + + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, + certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + * @throws BKUException + */ + public String verifyIdentityLink(AuthenticationSession session, + Map infoboxReadResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform + // (SL1.2)) + // CharSequence se = "ErrorCode>2911".substring(0); + // boolean b = xmlInfoboxReadResponse.contains(se); + String se = "ErrorCode>2911"; + int b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // no identity link found + Logger + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); + return null; + } + // spezifikationsgemaess (SL1.2) Errorcode + se = "ErrorCode>4002"; + // b = xmlInfoboxReadResponse.contains(se); + b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // Unbekannter Infoboxbezeichner + Logger + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); + return null; + } + + // parses the + IdentityLink identityLink = new InfoboxReadResponseParser( + xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(identityLink, authConf + .getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has + // to be ignored + boolean ignoreManifestValidationResult = (oaParam.getBusinessService() || oaParam.getStorkService()) ? true + : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + + //Removed in MOA-ID 2.0 + //verifyInfoboxes(session, infoboxReadResponseParameters, false); + + return "found!"; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String verifyCertificate(AuthenticationSession session, + X509Certificate certificate) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, MOAIDException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + // check if person is a Organwalter + // if true - don't show bPK in AUTH Block + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; + } + + /** + * Processes an Mandate sent by the MIS.
+ *
    + *
  • Validates given Mandate
    • + *
  • Verifies Mandate by calling the MOA SP component
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public void verifyMandate(AuthenticationSession session, MISMandate mandate) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + GET_MIS_SESSIONID, PARAM_SESSIONID}); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + try { + // sets the extended SAML attributes for OID (Organwalter) + setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam + .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } + + } + + /** + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ + public String getCreateXMLSignatureRequestAuthBlockOrRedirect( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam) throws ConfigurationException, + BuildException, ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session, oaParam); + + // builds the + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .build(authBlock, oaParam.getKeyBoxIdentifier(), + transformsInfos); + return createXMLSignatureRequest; + } + + /** + * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
+ *
    + *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param cert The certificate from the user + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String createXMLSignatureRequestForeignID(AuthenticationSession session, + X509Certificate cert) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, + cert); + } + + public String getCreateXMLSignatureRequestForeigID( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam, X509Certificate cert) + throws ConfigurationException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + Principal subject = cert.getSubjectDN(); + + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .buildForeignID(subject.toString(), oaParam, session); + return createXMLSignatureRequest; + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU + * including the <CreateXMLSignatureResponse> + * @throws BKUException + */ + public X509Certificate verifyXMLSignature(String sessionID, + Map createXMLSignatureResponseParameters) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p + .parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .buildDsig(createXMLSignatureResponse, authConf + .getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from the BKU + * including the <ReadInfoboxResponse> + * @throws BKUException + */ + public X509Certificate getCertificate(String sessionID, + Map readInfoboxResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser( + xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + + /** + * Builds an authentication block <saml:Assertion> from + * given session data. + * + * @param session authentication session + * @return <saml:Assertion> as a String + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + + String identificationValue = null; + String identificationType = null; + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested + if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + identificationType = ""; + identificationValue = ""; + + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (oaParam.getBusinessService()) { + + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink + .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); + identificationValue = bpkBase64; + + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = oaParam.getIdentityLinkDomainIdentifier(); + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); + + // Bug #485 + // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + // String oaURL = session.getPublicOAURLPrefix(); + + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + + + if (session.isSsoRequested()) { + String oaURL = new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + } + + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void validateExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, + boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandatesOID( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( + mandate, business); + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, + "MISService", "MISService"); + + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes( + AuthenticationSession session, + ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, + String friendlyName) throws ValidateException { + if (extendedSAMLAttributes == null) + return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes == null) + oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes == null) + authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[]{ + friendlyName, String.valueOf((i + 1))}); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[]{ + identifier, String.valueOf((i + 1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + MISMandate mandate, boolean business, boolean provideStammzahl) + throws SAXException, IOException, ParserConfigurationException, + TransformerException { + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // Name + Element domMandate = mandateToElement(mandate); + Element nameSpaceNode = domMandate.getOwnerDocument().createElement( + "NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, + Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, + SZRGWConstants.MANDATE_NS); + + Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, + "//md:Mandate/md:Mandator", nameSpaceNode); + + // Mandate + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_RAW, domMandate, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)) { + String idType = ParepUtils + .extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) + && idType.startsWith(Constants.URN_PREFIX_BASEID)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_CB_BASE_ID, + ParepUtils.getRegisterString(idType) + ": " + wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (business) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_WBPK, wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( + MISMandate mandate, boolean business) throws SAXException, + IOException, ParserConfigurationException, TransformerException { + + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // RepresentationType + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String oid = mandate.getProfRep(); + + if (oid != null) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + String oidDescription = mandate.getTextualDescriptionOfOID(); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * @param mandate + * @return + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private static Element mandateToElement(MISMandate mandate) + throws SAXException, IOException, ParserConfigurationException { + ByteArrayInputStream bais = new ByteArrayInputStream(mandate + .getMandate()); + Document doc = DOMUtils.parseDocumentSimple(bais); + return doc.getDocumentElement(); + } + + protected static void replaceExtendedSAMLAttribute(List attributes, + ExtendedSAMLAttribute samlAttribute) { + if (null == attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes + .get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + * @throws BKUException + */ + public String verifyAuthenticationBlock(AuthenticationSession session, + String xmlCreateXMLSignatureReadResponse) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + // parses + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureReadResponse).parseResponse(); + + try { + String serializedAssertion = DOMUtils.serializeNode(csresp + .getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + + // builds a for a MOA-SPSS call + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, + vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker() + .verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( + domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp != null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils + .serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + // Compare AuthBlock Data with information stored in session, especially + // date and time + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, session.getIdentityLink()); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp + .getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + + if (session.getUseMandate()) { + // mandate mode + return null; + + } else { + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + + protected Element createIdentificationBPK(Element mandatePerson, + String baseid, String target) throws BuildException { + Element identificationBpK = mandatePerson.getOwnerDocument() + .createElementNS(Constants.PD_NS_URI, "Identification"); + Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Value"); + + String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); + valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + bpkBase64)); + Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Type"); + typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + "urn:publicid:gv.at:cdid+bpk")); + identificationBpK.appendChild(valueBpK); + identificationBpK.appendChild(typeBpK); + + return identificationBpK; + + } + + protected String getBaseId(Element mandatePerson) + throws TransformerException, IOException { + NodeList list = mandatePerson.getElementsByTagNameNS( + Constants.PD_NS_URI, "Identification"); + for (int i = 0; i < list.getLength(); i++) { + Element identification = (Element) list.item(i); + Element type = (Element) identification.getElementsByTagNameNS( + Constants.PD_NS_URI, "Type").item(0); + if (type.getTextContent().compareToIgnoreCase( + "urn:publicid:gv.at:baseid") == 0) { + Element value = (Element) identification + .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") + .item(0); + return value.getTextContent(); + } + } + return null; + + } + + /** + * Gets the foreign authentication data.
+ *
    + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + public String getForeignAuthenticationData(AuthenticationSession session) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session + .getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getSignerCertificate(); + vsresp.setX509certificate(cert); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //TODO: regenerate MOASession ID! + return "new Session"; + } + + /** + * Builds the AuthenticationData object together with the corresponding + * <saml:Assertion> + * + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance())); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + try { + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + authData.setIdentityLink(identityLink); + + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + return authData; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + } + + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) + throws AuthenticationException { + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + if (session == null) + throw new AuthenticationException("auth.02", new Object[]{id}); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[]{id}); + } + } + + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + + //clean AuthenticationSessionStore + + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); + + //clean ExeptionStore + DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); + exstore.clean(now, authDataTimeOut); + + } + + /** + * Sets the sessionTimeOut. + * + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; + } + + /** + * Sets the authDataTimeOut. + * + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = seconds * 1000; + } + + /** + * Checks a parameter. + * + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + /** + * Checks the correctness of SAML attributes and returns its value. + * + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + protected static Object verifySAMLAttribute( + ExtendedSAMLAttribute samlAttribute, int i, String identifier, + String friendlyName) throws ValidateException { + String name = samlAttribute.getName(); + + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is empty."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", + new Object[]{friendlyName, "Namespace", + String.valueOf((i + 1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Wert", String.valueOf((i + 1)), "null"}); + } + + return value; + } + + /** + * Does the request to the SZR-GW + * + * @param oaFriendlyName + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + SZRGWClient client = new SZRGWClient(connectionParameters); + + + CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); + request.setSignature(citizenSignature.getBytes()); + + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); + + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); + + if (null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setType(targetType); + targetObject.setValue(targetValue); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for (String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); + return response; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null)); + } + + return null; + + } + + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); + } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, String gender, + String citizenSignature, String representative, String represented, + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * Starts a MOA-ID authentication process using STORK + * + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); + + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName = oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + // prepare collection of required attributes + // - attributes for online application + List attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for (OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + + boolean globallyMandatory = false; + for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if (current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); + attributeList.add(newAttribute); + } + + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List value = new ArrayList(); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); + } + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode(moasession.getCcc()); + + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + try { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moasession.setStorkAuthnRequest(authnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[]{destination}); + } + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + } + + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + DocumentType doc = new DocumentType(); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); + + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (IOException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index 828fc78ab..ba347c9e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -51,82 +51,143 @@ import at.gv.egovernment.moa.util.Constants; /** * Builder for the <InfoboxReadRequest> structure * used for requesting the identity link from the security layer implementation. - * + * * @author Paul Ivancsics * @version $Id$ */ public class InfoboxReadRequestBuilder implements Constants { - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - - - /** - * Builds an <InfoboxReadRequest>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe null if the OA - * is a public service; must not be null - * if the OA is a business service - * - * @return <InfoboxReadRequest> as String - */ - public String build(boolean businessService, String identityLinkDomainIdentifier) { - - String slPrefix; - String slNsDeclaration; - + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + */ + public String build(boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + // if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; // } else { // slPrefix = SL10_PREFIX; // slNsDeclaration = SL10_NS_URI; // } - - StringBuffer sb = new StringBuffer(""); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>IdentityLink"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); - if (businessService) { - sb.append("<"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":IdentityLinkDomainIdentifier>"); - sb.append(identityLinkDomainIdentifier); - sb.append(""); - sb.append(""); + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + * + */ + public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + + // append box parameters - necessary for stork? + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + // end appending box parameters + + sb.append(""); + + return sb.toString(); + } - sb.append(""); - - return sb.toString(); - - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 7e21c6667..2d0a0e367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,7 +55,12 @@ public class OAParameter { this.businessService = true; else this.businessService = false; - + + if (this.oaType.equals("storkService")) + this.storkService = true; + else + this.storkService = false; + this.publicURLPrefix = oa.getPublicURLPrefix(); this.friendlyName = oa.getFriendlyName(); @@ -81,8 +86,15 @@ public class OAParameter { * if value of {@link #oaType} is "businessService" */ private boolean businessService; - - /** + + /** + * specifies whether the online application is a stork application or not (true + * if value of {@link #oaType} is "storkService" + */ + private boolean storkService; + + + /** * public URL prefix of the online application */ private String publicURLPrefix; @@ -139,5 +151,7 @@ public class OAParameter { public OAOAUTH20 getoAuth20Config() { return oAuth20Config; } + + public boolean getStorkService() { return storkService; } } diff --git a/id/server/moa-id-commons/moa-id-commons.iml b/id/server/moa-id-commons/moa-id-commons.iml index ef994abd3..aeb4ad88c 100644 --- a/id/server/moa-id-commons/moa-id-commons.iml +++ b/id/server/moa-id-commons/moa-id-commons.iml @@ -61,6 +61,7 @@ + @@ -75,7 +76,6 @@ - diff --git a/id/server/moa-id.iml b/id/server/moa-id.iml index c418d6693..6e02e5944 100644 --- a/id/server/moa-id.iml +++ b/id/server/moa-id.iml @@ -8,6 +8,7 @@ + diff --git a/id/server/proxy/moa-id-proxy.iml b/id/server/proxy/moa-id-proxy.iml index e61d841ce..279d544b1 100644 --- a/id/server/proxy/moa-id-proxy.iml +++ b/id/server/proxy/moa-id-proxy.iml @@ -55,6 +55,7 @@ + @@ -93,7 +94,6 @@ - diff --git a/pom.xml b/pom.xml index d87ab8a4e..c4126fbfb 100644 --- a/pom.xml +++ b/pom.xml @@ -469,6 +469,12 @@ dll runtime + + commons-io + commons-io + 1.3.2 + + diff --git a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml +++ b/spss/handbook/clients/api/moa-spss-handbook-apiClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/clients/moa-spss-handbook-clients.iml b/spss/handbook/clients/moa-spss-handbook-clients.iml index 3dda938d9..6e02e5944 100644 --- a/spss/handbook/clients/moa-spss-handbook-clients.iml +++ b/spss/handbook/clients/moa-spss-handbook-clients.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml index 678776d19..07392b36c 100644 --- a/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml +++ b/spss/handbook/clients/referencedData/moa-spss-handbook-referencedData.iml @@ -13,13 +13,14 @@ - - + + + diff --git a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml index 4e0a0fddf..fdffc1a0f 100644 --- a/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml +++ b/spss/handbook/clients/webservice/moa-spss-handbook-webserviceClient.iml @@ -9,7 +9,6 @@ - @@ -44,6 +43,7 @@ + diff --git a/spss/handbook/moa-spss-handbook.iml b/spss/handbook/moa-spss-handbook.iml index deed935ed..0b49fc962 100644 --- a/spss/handbook/moa-spss-handbook.iml +++ b/spss/handbook/moa-spss-handbook.iml @@ -10,13 +10,14 @@ - - + + + diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml index 567359474..6e02e5944 100644 --- a/spss/server/moa-spss.iml +++ b/spss/server/moa-spss.iml @@ -1,13 +1,14 @@ - - + + + diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml index 93d7e676f..d1832bd65 100644 --- a/spss/server/serverlib/moa-spss-lib.iml +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -55,8 +55,6 @@ - - @@ -91,6 +89,7 @@ + diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml index ae8f03a70..0714500d5 100644 --- a/spss/server/serverws/moa-spss-ws.iml +++ b/spss/server/serverws/moa-spss-ws.iml @@ -56,6 +56,7 @@ + diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml index a880f50ab..25d80b1dd 100644 --- a/spss/server/tools/moa-spss-tools.iml +++ b/spss/server/tools/moa-spss-tools.iml @@ -1,8 +1,8 @@ - - + + @@ -17,6 +17,7 @@ + -- cgit v1.2.3 From 5fa4dd6fd8955dd601375f81b992df26757f89e4 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Thu, 6 Mar 2014 20:54:43 +0100 Subject: Change to MOA-SPSS version 1.5.2 --- common/pom.xml | 2 +- pom.xml | 16 ++++++++-------- spss/handbook/clients/api/pom.xml | 4 ++-- spss/handbook/clients/pom.xml | 4 ++-- spss/handbook/clients/referencedData/pom.xml | 4 ++-- spss/handbook/clients/webservice/pom.xml | 4 ++-- spss/handbook/pom.xml | 4 ++-- spss/pom.xml | 4 ++-- spss/server/pom.xml | 4 ++-- spss/server/serverlib/pom.xml | 4 ++-- .../serverws/.settings/org.eclipse.wst.common.component | 5 +---- spss/server/serverws/pom.xml | 4 ++-- spss/server/tools/pom.xml | 4 ++-- 13 files changed, 30 insertions(+), 33 deletions(-) (limited to 'spss/handbook/clients') diff --git a/common/pom.xml b/common/pom.xml index 468ecaf2d..d5d960a6d 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -2,7 +2,7 @@ MOA MOA - 2.0.0 + 1.5.2 4.0.0 moa-common diff --git a/pom.xml b/pom.xml index c297242cd..2ac793aa2 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ MOA MOA pom - 2.0.0 + 1.5.2 MOA @@ -23,7 +23,7 @@ common spss - id + @@ -68,8 +68,8 @@ moa - id/assembly-auth.xml - id/assembly-proxy.xml + spss/assembly.xml spss/assembly-lib.xml @@ -192,15 +192,15 @@ MOA moa-common - 2.0.0 + 1.5.2 compile - + MOA.spss.server moa-spss-lib @@ -210,7 +210,7 @@ MOA moa-common - 2.0.0 + 1.5.2 test-jar test diff --git a/spss/handbook/clients/api/pom.xml b/spss/handbook/clients/api/pom.xml index 442d4fdb7..5a978964b 100644 --- a/spss/handbook/clients/api/pom.xml +++ b/spss/handbook/clients/api/pom.xml @@ -2,14 +2,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 2.0 + 1.5 4.0.0 MOA.spss.handbook moa-spss-handbook-apiClient jar - 2.0 + 1.5 MOA SP/SS Handbook API Client diff --git a/spss/handbook/clients/pom.xml b/spss/handbook/clients/pom.xml index 3b3bfd6b2..5a4ab81c8 100644 --- a/spss/handbook/clients/pom.xml +++ b/spss/handbook/clients/pom.xml @@ -3,14 +3,14 @@ MOA.spss.handbook moa-spss-handbook - 2.0 + 1.5 4.0.0 MOA.spss.handbook.clients moa-spss-handbook-clients pom - 2.0 + 1.5 MOA SP/SS Handbook Clients diff --git a/spss/handbook/clients/referencedData/pom.xml b/spss/handbook/clients/referencedData/pom.xml index 8e0378bd6..9a8a3b68e 100644 --- a/spss/handbook/clients/referencedData/pom.xml +++ b/spss/handbook/clients/referencedData/pom.xml @@ -3,14 +3,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 2.0 + 1.5 4.0.0 MOA.spss.handbook moa-spss-handbook-referencedData war - 2.0 + 1.5 MOA SP/SS Handbook Referenced Data diff --git a/spss/handbook/clients/webservice/pom.xml b/spss/handbook/clients/webservice/pom.xml index bc1859408..4221e6cc1 100644 --- a/spss/handbook/clients/webservice/pom.xml +++ b/spss/handbook/clients/webservice/pom.xml @@ -2,14 +2,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 2.0 + 1.5 4.0.0 MOA.spss.handbook.clients moa-spss-handbook-webserviceClient jar - 2.0 + 1.5 MOA SP/SS Handbook WebService Client diff --git a/spss/handbook/pom.xml b/spss/handbook/pom.xml index 5e476d5c1..9caf5c181 100644 --- a/spss/handbook/pom.xml +++ b/spss/handbook/pom.xml @@ -3,14 +3,14 @@ MOA spss - 2.0.x + 1.5.x 4.0.0 MOA.spss.handbook moa-spss-handbook pom - 2.0 + 1.5 MOA SP/SS Handbook diff --git a/spss/pom.xml b/spss/pom.xml index 799286889..936c800e4 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,14 +3,14 @@ MOA MOA - 2.0.0 + 1.5.2 4.0.0 MOA spss pom - 2.0.x + 1.5.x MOA SP/SS diff --git a/spss/server/pom.xml b/spss/server/pom.xml index b5e1b32c1..a78496017 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -3,14 +3,14 @@ MOA spss - 2.0.x + 1.5.x 4.0.0 MOA.spss moa-spss pom - 2.0.x + 1.5.x MOA SP/SS Server diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 1c756d4d4..2a6fd382f 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -2,14 +2,14 @@ MOA.spss moa-spss - 2.0.x + 1.5.x 4.0.0 MOA.spss.server moa-spss-lib jar - 2.0.0 + 1.5.2 MOA SP/SS API diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index ffe4d38a0..463d07fe3 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -2,10 +2,7 @@ - - uses - - + uses diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index b8a04eba4..4372c76d0 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -3,14 +3,14 @@ MOA.spss moa-spss - 2.0.x + 1.5.x 4.0.0 MOA.spss.server moa-spss-ws war - 2.0.0 + 1.5.2 MOA SP/SS WebService diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index 48e0a998c..19d72a380 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -2,14 +2,14 @@ MOA.spss moa-spss - 2.0.x + 1.5.x 4.0.0 MOA.spss.server moa-spss-tools jar - 2.0.0 + 1.5.2 MOA SP/SS Tools -- cgit v1.2.3 From 51a43cf305020f780c52cfe1d70e793be9391f16 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Mon, 17 Mar 2014 21:13:42 +0100 Subject: Update to version 2.0.0 (pom, handbook, etc.) Handbook usage updated (TSL example added) Update TSL handling --- common/pom.xml | 2 +- pom.xml | 12 +- repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar | Bin 0 -> 549794 bytes repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom | 251 +++++++++ spss/handbook/clients/api/pom.xml | 4 +- spss/handbook/clients/pom.xml | 4 +- spss/handbook/clients/referencedData/pom.xml | 4 +- spss/handbook/clients/webservice/pom.xml | 4 +- .../VerifyXMLSignatureRequest.TSL.resp.xml | 50 ++ .../requests/VerifyXMLSignatureRequest.TSL.xml | 6 + spss/handbook/conf/moa-spss/log4j.properties | 2 +- .../conf/moa-spss/sp.minimum_with_tsl.config.xml | 4 +- .../handbook/config/MOA-SPSS-config-1.5.2.xsd | 353 ------------- .../handbook/config/MOA-SPSS-config-2.0.0.xsd | 353 +++++++++++++ spss/handbook/handbook/config/config.html | 2 +- spss/handbook/handbook/index.html | 2 +- spss/handbook/handbook/install/install.html | 6 +- spss/handbook/handbook/intro/intro.html | 2 +- spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf | Bin 555449 -> 0 bytes spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl | 128 ----- spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd | 572 --------------------- spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf | Bin 0 -> 291606 bytes spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl | 128 +++++ spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd | 572 +++++++++++++++++++++ spss/handbook/handbook/usage/usage.html | 64 +++ spss/handbook/pom.xml | 4 +- spss/pom.xml | 4 +- spss/server/history.txt | 6 +- spss/server/pom.xml | 4 +- spss/server/readme.update.txt | 8 +- spss/server/serverlib/pom.xml | 4 +- .../moa/spss/tsl/connector/TSLConnector.java | 1 + .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java | 46 +- .../spss/tsl/utils/TSLImportFromFileContext.java | 343 +++++++----- .../.settings/org.eclipse.wst.common.component | 4 +- spss/server/serverws/pom.xml | 4 +- spss/server/tools/pom.xml | 4 +- 37 files changed, 1699 insertions(+), 1258 deletions(-) create mode 100644 repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar create mode 100644 repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml delete mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd create mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd delete mode 100644 spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf delete mode 100644 spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl delete mode 100644 spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd create mode 100644 spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf create mode 100644 spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl create mode 100644 spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd (limited to 'spss/handbook/clients') diff --git a/common/pom.xml b/common/pom.xml index d5d960a6d..468ecaf2d 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -2,7 +2,7 @@ MOA MOA - 1.5.2 + 2.0.0 4.0.0 moa-common diff --git a/pom.xml b/pom.xml index 395686287..54cf9a2e7 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ MOA MOA pom - 1.5.2 + 2.0.0 MOA @@ -194,7 +194,7 @@ MOA moa-common - 1.5.2 + 2.0.0 compile + + javax.xml.bind + jaxb-api + 2.2.6 + + + com.sun.xml.bind + jaxb-impl + 2.2.6 + + + + + + profile-for-jdk1.5 + + true + (,1.5] + + + 1.5 + jdk${java.version} + + + ${project.artifactId}-${project.version}-${envClassifier} + + + + + javax.xml.bind + jaxb-api + 2.2.4 + + + com.sun.xml.bind + jaxb-impl + 2.2.4-1 + + + + + + + + + iaik + iaik_xsect_eval + 1.1709142 + + + iaik + iaik_ecc_signed + 2.19 + + + iaik + iaik_jce_eval_signed + 3.181 + + + iaik + iaik_pki_module + 1.0 + + + iaik + iaik_javax_crypto + 1.0 + + + iaik + iaik_util + + 0.23 + + + iaik + iaik_jsse + 4.4 + + + iaik + iaik_ssl + 4.4 + + + iaik + w3c_http + 1.0 + + + org.xerial + sqlite-jdbc + 3.7.2 + + + + + javax.activation + activation + 1.1.1 + + + stax + stax-api + 1.0.1 + + + xerces + xercesImpl + 2.7.1 + + + + \ No newline at end of file diff --git a/spss/handbook/clients/api/pom.xml b/spss/handbook/clients/api/pom.xml index 5a978964b..442d4fdb7 100644 --- a/spss/handbook/clients/api/pom.xml +++ b/spss/handbook/clients/api/pom.xml @@ -2,14 +2,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 1.5 + 2.0 4.0.0 MOA.spss.handbook moa-spss-handbook-apiClient jar - 1.5 + 2.0 MOA SP/SS Handbook API Client diff --git a/spss/handbook/clients/pom.xml b/spss/handbook/clients/pom.xml index 5a4ab81c8..3b3bfd6b2 100644 --- a/spss/handbook/clients/pom.xml +++ b/spss/handbook/clients/pom.xml @@ -3,14 +3,14 @@ MOA.spss.handbook moa-spss-handbook - 1.5 + 2.0 4.0.0 MOA.spss.handbook.clients moa-spss-handbook-clients pom - 1.5 + 2.0 MOA SP/SS Handbook Clients diff --git a/spss/handbook/clients/referencedData/pom.xml b/spss/handbook/clients/referencedData/pom.xml index 9a8a3b68e..8e0378bd6 100644 --- a/spss/handbook/clients/referencedData/pom.xml +++ b/spss/handbook/clients/referencedData/pom.xml @@ -3,14 +3,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 1.5 + 2.0 4.0.0 MOA.spss.handbook moa-spss-handbook-referencedData war - 1.5 + 2.0 MOA SP/SS Handbook Referenced Data diff --git a/spss/handbook/clients/webservice/pom.xml b/spss/handbook/clients/webservice/pom.xml index 4221e6cc1..bc1859408 100644 --- a/spss/handbook/clients/webservice/pom.xml +++ b/spss/handbook/clients/webservice/pom.xml @@ -2,14 +2,14 @@ MOA.spss.handbook.clients moa-spss-handbook-clients - 1.5 + 2.0 4.0.0 MOA.spss.handbook.clients moa-spss-handbook-webserviceClient jar - 1.5 + 2.0 MOA SP/SS Handbook WebService Client diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml new file mode 100644 index 000000000..8691c4563 --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml @@ -0,0 +1,50 @@ + + + + + T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,CN=Klaus Stranacher,C=AT + + CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT + 685117 + + MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJl +bWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0w +MzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFU +MRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVy +MQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQM +DAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6 +KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqj +ggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1Ud +IwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsG +AQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1p +dW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1 +c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNo +dHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2Jp +bGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYB +BQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1 +c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFU +P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRD +ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA +5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVt +WaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQ +v+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt9 +6VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6k +lPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesa +XtKckFCEtW3r + + + AT + + + + 0 + + + 0 + + + 0 + + diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml new file mode 100644 index 000000000..efdc2a76a --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml @@ -0,0 +1,6 @@ + + +id('signed-data-1-1')/node()ck5CfKRJ6J4x7YusP2LmJXRBo3sFoSgTCXlujYNSFvI=//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedPropertiestwh9pMjAoknEfJ97w9PA8pEnVFrKb/14Mmdl6AhweE8=N5mPWLfwxBrJIVQEAktiZqStkManxG7P8GBE8rw5DCEB2k7OctmvlPLLy+JtQy11OVNU0ISQeJn3BprTxgU/tw==MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0wMzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFUMRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVyMQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQMDAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqjggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1UdIwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsGAQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1pdW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2JpbGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYBBQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVtWaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQv+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt96VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6klPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesaXtKckFCEtW3r2014-03-17T12:08:58ZrUAiWR/xWih+N/Aa7AUvetg2FFU=CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT685117text/plainIch bin ein einfacher Text. +//dsig:Signature +Test-TSLProfil + \ No newline at end of file diff --git a/spss/handbook/conf/moa-spss/log4j.properties b/spss/handbook/conf/moa-spss/log4j.properties index 02b767b87..67bd58309 100644 --- a/spss/handbook/conf/moa-spss/log4j.properties +++ b/spss/handbook/conf/moa-spss/log4j.properties @@ -8,7 +8,7 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFacto # Configure root logger and loggers for moa-spss log4j.rootLogger=info, stdout log4j.logger.moa.spss.server=info, moaspss -log4j.logger.iaik.server=info, moaspss +log4j.logger.iaik.server=warn, moaspss # Configure the 'stdout' appender to write logging output to the console log4j.appender.stdout=org.apache.log4j.ConsoleAppender diff --git a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml index 79345890a..8d7541b73 100644 --- a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml +++ b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml @@ -119,13 +119,13 @@ - + diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd deleted file mode 100644 index 391ef4133..000000000 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd +++ /dev/null @@ -1,353 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd new file mode 100644 index 000000000..391ef4133 --- /dev/null +++ b/spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd @@ -0,0 +1,353 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index f44bd7dc0..3ef04f90c 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -143,7 +143,7 @@

1.2 Zentrale Konfigurationsdatei

-

Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-1.5.2.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

+

Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-2.0.0.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3

Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html index 69edc2437..f84920d0a 100644 --- a/spss/handbook/handbook/index.html +++ b/spss/handbook/handbook/index.html @@ -15,7 +15,7 @@

MOA: Serversignatur (SS) und Signaturprüfung (SP)

-

Übersicht zur Dokumentation der Version 1.5.2

+

Übersicht zur Dokumentation der Version 2.0.0

Einführung
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index 3c3414d29..d44ce6514 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -131,7 +131,7 @@
Installation von Apache Tomcat
Installieren Sie Apache Tomcat in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enthält. Verwenden Sie bitte die zu Ihrer Java SE passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als $CATALINA_HOME bezeichnet.
Entpacken der MOA SP/SS Webservice Distribution
-
Entpacken Sie die Datei moa-spss-1.5.2.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
+
Entpacken Sie die Datei moa-spss-2.0.0.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
Installation der Kryptographiebibliotheken von SIC/IAIK

Kopieren Sie alle Dateien aus dem Verzeichnis $MOA_SPSS_INST/ext in das Verzeichnis $JAVA_HOME/jre/lib/ext. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden Unlimited Strength @@ -385,7 +385,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null>

Installation von Java SE
Installieren Sie Java SE in ein beliebiges Verzeichnis. Das Wurzelverzeichnis der Java SE Installation wird im weiteren Verlauf als $JAVA_HOME bezeichnet.
Entpacken der MOA SP/SS Klassenbibliotheks-Distribution
-
Entpacken Sie die Datei moa-spss-1.5.2-lib.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
+
Entpacken Sie die Datei moa-spss-2.0.0-lib.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
Installation der Kryptographiebibliotheken von SIC/IAIK

Kopieren Sie alle Dateien aus dem Verzeichnis $MOA_SPSS_INST/ext in das Verzeichnis $JAVA_HOME/jre/lib/ext. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden Unlimited Strength @@ -403,7 +403,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null> MOA SP/SS -1.5.2  +2.0.0  moa-spss.jar, moa-common.jar MOA IAIK diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html index 286ebb961..138ca61e8 100644 --- a/spss/handbook/handbook/intro/intro.html +++ b/spss/handbook/handbook/intro/intro.html @@ -30,7 +30,7 @@

1 Allgemeines

Die Module Serversignatur (SS) und Signaturprüfung (SP) können von Anwendungen verwendet werden, um elektronische Signaturen zu erstellen bzw. vorliegende elektronische Signaturen zu überprüfen.

-

Die Funktionalität und der Aufbau der Schnittstelle zu den beiden Modulen ist in der Spezifikation MOA SP/SS (V1.5.2) detailliert beschrieben. Da diese Spezifikation auf der Schnittstellenspezifikation des Security-Layers (V 1.2.7) aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich.

+

Die Funktionalität und der Aufbau der Schnittstelle zu den beiden Modulen ist in der Spezifikation MOA SP/SS (V2.0.0) detailliert beschrieben. Da diese Spezifikation auf der Schnittstellenspezifikation des Security-Layers (V 1.2.7) aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich.

2 Modul Serversignatur (SS)

Das Modul Serversignatur (SS) dient zum Erstellen von XML-Signaturen in Anlehnung an die Schnittstellenspezifikation des Security-Layers (V 1.2.7). Eine Signatur kann entweder rein in Software erstellt werden, oder aber unter Zuhilfenahme eines Hardware Security Modules (HSM), das den privaten Schlüssel geschützt enthält und die Signatur berechnet.

Der Zugriff auf einzelne Signaturschlüssel in MOA SS kann basierend auf dem für TLS-Client-Authentisierung verwendeten Zertifikat eingeschränkt werden.

diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf deleted file mode 100644 index 25c0c091e..000000000 Binary files a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf and /dev/null differ diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl deleted file mode 100644 index 7c1b0c438..000000000 --- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd deleted file mode 100644 index 739b12431..000000000 --- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd +++ /dev/null @@ -1,572 +0,0 @@ - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Resultat, falls die Signaturerstellung gescheitert ist - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. - - - - - Profilbezeichner für einen Transformationsweg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. - - - - Der Transformationsparameter explizit angegeben. - - - - - Der Hashwert des Transformationsparameters. - - - - - - - - - - - - - - - - - - - - - - Explizite Angabe des Transformationswegs - - - - - - - Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. - - - - - - - - - - - - - - - - diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf new file mode 100644 index 000000000..6cf538229 Binary files /dev/null and b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf differ diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl new file mode 100644 index 000000000..c8bf32950 --- /dev/null +++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd new file mode 100644 index 000000000..739b12431 --- /dev/null +++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd @@ -0,0 +1,572 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html index dee5a08fd..0bf585d76 100644 --- a/spss/handbook/handbook/usage/usage.html +++ b/spss/handbook/handbook/usage/usage.html @@ -52,6 +52,7 @@
  • Prüfung eines XMLDSIG-Manifests
  • Ergänzungsobjekte
  • Signatur-Manifest des Security-Layers
    • +
  • Prüfung gegen Trustprofil mit TSL Unterstützung
    • @@ -1185,6 +1186,69 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.</doc:Paragraph> </VerifyXMLSignatureResponse>

    Das Element CertificateCheck enthält das Resultat der Zertifikatsprüfung (siehe Einfaches Beispiel).

    + +

    2.1.4.6 Prüfung gegen Trustprofil mit TSL Unterstützung

    +
    Request
    +

    VerifyXMLSignatureRequest.TSL.xml ist ein einfacher XML-Request zur Prüfung einer XML-Signatur. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass der dargestellte Request zur bessernen Lesbarkeit eingerückt und gekürzt wurde.

    +
    +<VerifyXMLSignatureRequest xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+  <VerifySignatureInfo>
+    <VerifySignatureEnvironment>
+      <XMLContent>
+        <dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+          [..]
+        </dsig:Signature>
+      </XMLContent>
+    </VerifySignatureEnvironment>
+
    +

    Das Element VerifySignatureEnvironment enthält jenes XML-Dokument, das die zu prüfende XML-Signatur enthält.

    +
    +    <VerifySignatureLocation
+      xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">//dsig:Signature</VerifySignatureLocation>
+  </VerifySignatureInfo>
+
    +

    Das Element VerifySignatureLocation enthält als Text den XPath-Ausdruck zur Selektion der XML-Signatur innerhalb des zu prüfenden XML-Dokuments. Die Auswertung des XPath-Ausdrucks muss genau ein Element dsig:Signature ergeben. Bitte beachten Sie, dass im Kontext des Elements VerifySignatureLocation alle im XPath-Ausdruck verwendeten Namespace-Präfixe bekannt sein müssen (hier das Präfix dsig).

    +
    +  <TrustProfileID>Test-TSLProfil</TrustProfileID>
+</VerifyXMLSignatureRequest>
+
    +

    Das Element TrustProfileID schließlich enthält den Bezeichner des Vertrauensprofils, gegen das die Zertifikatsprüfung von MOA SP durchgeführt wird. In diesem Falle muss für das Vertrauenprofil die TSL Unterstützung aktiviert sein. In der beispielhaften Konfiguration sp.minimum_with_tsl.config.xml ist so eine Vertrauensprofile mit der ID Test-TSLProfil eingerichtet.

    +
    Response
    +

    VerifyXMLSignatureRequest.TSL.resp.xml ist eine typische Response des SP Webservices auf den obigen Request. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass die dargestellte Response zur bessernen Lesbarkeit eingerückt und gekürzt wurde.

    +
    +<VerifyXMLSignatureResponse
+  xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+  xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+  <SignerInfo>
+    <dsig:X509Data>
+      <dsig:X509SubjectName>T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,
+  CN=Klaus Stranacher,C=AT</dsig:X509SubjectName>
+      <dsig:X509IssuerSerial>
+        <dsig:X509IssuerName>CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,
+  O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
+        <dsig:X509SerialNumber>685117</dsig:X509SerialNumber>
+      </dsig:X509IssuerSerial>
+      <dsig:X509Certificate>...</dsig:X509Certificate>              
+        <QualifiedCertificate/>
            <SecureSignatureCreationDevice Source="Certificate"/>
            <IssuerCountryCode>AT</IssuerCountryCode>
        </dsig:X509Data>
+  </SignerInfo>
+
    +

    Die Response enthält zunächst in SignerInfo/dsig:X509Data Informationen über den Signator, die aus dem in der XML-Signatur enthaltenen Signatorzertifikat entnommen sind.

    +

    dsig:X509SubjectName ist immer vorhanden und enthält den Namen des Signators. dsig:X509IssuerSerial ist ebenfalls immer vorhanden und enthält den Namen des Austellers des Signatorzertifikats (dsig:X509IssuerName) sowie die Seriennummer des Zertifikats (dsig:X509SerialNumber). Auch dsig:X509Certificate ist ist immer vorhanden und enthält das Signatorzertifikat in base64 kodierter Form.

    +

    Optional vorhanden ist das inhaltslose Element QualifiedCertificate, und zwar dann, wenn es sich beim Signatorzertifikat um ein qualifiziertes Zertifikat handelt. Optional vorhanden ist das Element SecureSignatureCreationDevice, und zwar dann wenn die Signatur mittels einer sicheren Signaturerstellungseinheit erzeugt wurde. Das Attribut Source, gibt dabei an ob diese Information über die entsprechende TSL (Source=TSL) oder über das Zertifikat ermittelt wurde (Source=Certificate). Das weitere optionale Element IssuerCountryCode gibt dabei den Ländercode des Zertifizierungsdiensteanbieters an, der das Signaturzertifikat ausgestellt hat. Ebenfalls optional vorhanden (nicht in diesem Beispiel) ist schließlich das Element PublicAuthority, und zwar dann, wenn das Signatorzertifikat die österreichspezifische Zertifikatserweiterung Verwaltungseigenschaft aufweist. Ist in dieser Zertifikatserweiterung das Verwaltungskennzeichen mitkodiert, wird dieses Kennzeichen als Textinhalt des optionalen Elements PublicAuthority/Code geliefert.

    +
    +  <SignatureCheck>
+    <Code>0</Code>
+  </SignatureCheck>
+
    +

    Anschließend an SignerInfo enthält die Response mit SignatureCheck/Code das Resultat der kryptographischen Prüfung der Signatur. In unserem Beispiel ist dort der Wert 0 enthalten, d. h. die Signatur konnte erfolgreich validiert werden. Für eine Übersicht der möglichen Kodes siehe Security-Layer Spezifikation.

    +
    +  <CertificateCheck>
+    <Code>0</Code>
+  </CertificateCheck>
+
    +

    Abschließend enthält die Response mit CertificateCheck/Code das Resultat der Prüfung des Signatorzertifikats. Zunächst prüft MOA SP, ob ausgehend vom Signatorzertifikat eine Zertifikatskette zu einem im zugehörigen Vertrauensprofil konfigurierten sog. Trust Anchor gebildet werden kann. Gelingt dies, wird die Gültigkeit jedes Zertifikats dieser Kette überprüft. In unserem Beispiel enthält Code den Wert 0, d. h. MOA SP konnte die Kette bilden, und alle Zertifikate der Kette sind gültig. Für eine Übersicht der möglichen Kodes siehe Security-Layer Spezifikation.

    + +

    2.2 Webservice-Clients

    Abschnitt 2.1 bespricht eine Reihe von typischen XML-Requests, die über die Webservice-Schnittstelle an MOA SP/SS gesendet werden können, um entweder Signaturen zu erstellen (MOA SS) oder Signaturen zu prüfen (MOA SP). Dieser Abschnitt zeigt die Verwendung des prototypischen Webservice-Clients, der mit dieser Dokumentation zu MOA SP/SS ausgeliefert wird.

    2.2.1 Übersicht

    diff --git a/spss/handbook/pom.xml b/spss/handbook/pom.xml index 9caf5c181..5e476d5c1 100644 --- a/spss/handbook/pom.xml +++ b/spss/handbook/pom.xml @@ -3,14 +3,14 @@ MOA spss - 1.5.x + 2.0.x 4.0.0 MOA.spss.handbook moa-spss-handbook pom - 1.5 + 2.0 MOA SP/SS Handbook diff --git a/spss/pom.xml b/spss/pom.xml index 936c800e4..799286889 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,14 +3,14 @@ MOA MOA - 1.5.2 + 2.0.0 4.0.0 MOA spss pom - 1.5.x + 2.0.x MOA SP/SS diff --git a/spss/server/history.txt b/spss/server/history.txt index d2ea71698..651524419 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,5 +1,5 @@ ############## -1.5.2 +2.0.0 ############## - Signaturerstellung: @@ -12,7 +12,7 @@ - Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren. - Libraries aktualisiert bzw. hinzugefuegt: iaik-moa: Version 1.5 - iaik-tsl Version 1.0.0 + iaik-tsl Version 1.0 ############## 1.5.1 @@ -20,7 +20,7 @@ - Sicherheitsupdates - Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen - - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufloesen externer Referenzen aktiviert wird + - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird - Update der Standard Trustprofile und Standard Konfigurationen - Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt - Libraries aktualisiert: diff --git a/spss/server/pom.xml b/spss/server/pom.xml index a78496017..b5e1b32c1 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -3,14 +3,14 @@ MOA spss - 1.5.x + 2.0.x 4.0.0 MOA.spss moa-spss pom - 1.5.x + 2.0.x MOA SP/SS Server diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index 4f40604bb..07d100272 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -1,11 +1,11 @@ ====================================================================== - Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2 + Update einer bestehenden MOA-SPSS-Installation auf Version 2.0.0 ====================================================================== Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version -1.5.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine +2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine vorangestellte Neuinstallation, waehrend Variante B direkt eine bestehende Installation aktualisiert. @@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei -moa-spss-1.5.2.zip entpackt haben. +moa-spss-2.0.0.zip entpackt haben. ================= Update Variante A @@ -53,7 +53,7 @@ Update Variante B 1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses Ihrer MOA-SPSS-Installation. -2.) Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST. +2.) Entpacken Sie die Datei "moa-spss-2.0.0.zip" in das Verzeichnis MOA_SPSS_INST. 3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 5a2f001d4..88d3fb90d 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -2,14 +2,14 @@ MOA.spss moa-spss - 1.5.x + 2.0.x 4.0.0 MOA.spss.server moa-spss-lib jar - 1.5.2 + 2.0.0 MOA SP/SS API diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 07da0a998..3a004a81d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.connector; import iaik.asn1.ObjectID; + import iaik.util._; import iaik.util.logging._l; import iaik.utils.RFC2253NameParser; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 5456701c0..e06abe44d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask { public void run() { try { + Logger.info("Start TSL Update"); update(); + Logger.info("Finished TSL Update"); } catch (TSLEngineDiedException e) { MessageProvider msg = MessageProvider.getInstance(); Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e); @@ -172,33 +174,33 @@ public class TSLUpdaterTimerTask extends TimerTask { // convert ArrayList to X509Certificate[] if (tsl_certs == null) { - Logger.error("No certificates from TSL imported."); - throw new TSLSearchException("No certificates from TSL imported."); + Logger.warn("No certificates from TSL imported."); + //throw new TSLSearchException("No certificates from TSL imported."); } + else { - X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()]; - Iterator itcert = tsl_certs.iterator(); - i = 0; - File f = null; - while(itcert.hasNext()) { - f = (File)itcert.next(); - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = new X509Certificate(fis); - addCertificatesTSL[i] = cert; + X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()]; + Iterator itcert = tsl_certs.iterator(); + i = 0; + File f = null; + while(itcert.hasNext()) { + f = (File)itcert.next(); + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = new X509Certificate(fis); + addCertificatesTSL[i] = cert; - i++; - fis.close(); - } + i++; + fis.close(); + } - Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates.")); - storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid); - storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid); + Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates.")); + storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid); + storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid); - Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates.")); - storeUpdater.addCertificatesToTrustStores(addCertificates, tid); - storeUpdater.addCertificatesToCertStores(addCertificates, tid); - - + Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates.")); + storeUpdater.addCertificatesToTrustStores(addCertificates, tid); + storeUpdater.addCertificatesToCertStores(addCertificates, tid); + } } } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index f0dbd779e..492d10eda 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import iaik.util.logging._l; + import iaik.util.logging.Log.MultiThreadLoggingGroup; import iaik.utils.RFC2253NameParserException; import iaik.utils.Util; @@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException; import iaik.xml.crypto.tsl.TSLThreadContext; import iaik.xml.crypto.tsl.ValidationFixupFilter; import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup; +import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup; import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup; import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption; import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup; @@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF trustAnchorsWrongOnEuTsl_; public TSLImportFromFileContext( - Countries expectedTerritory, - URL url, - Number otherTslPointerId, - String workingdirectory, - boolean sqlMultithreaded, - boolean throwExceptions, - boolean logExceptions, - boolean throwWarnings, - boolean logWarnings, - boolean nullRedundancies, - String baseuri, - Map > trustAnchorsWrongOnEuTsl, - TSLThreadContext parentContext) { - super( - expectedTerritory, - url, - otherTslPointerId, - workingdirectory, - sqlMultithreaded, - throwExceptions, - logExceptions, - throwWarnings, - logWarnings, - nullRedundancies, - parentContext); - baseuri_ = baseuri; - trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl; - } - - public List getErrorsAndWarnings() { - List errorsAndWarnings = new ArrayList(); - errorsAndWarnings.addAll(this.fatals_); - errorsAndWarnings.addAll(this.faildTransactions_); - errorsAndWarnings.addAll(this.warnings_); - - return errorsAndWarnings; - } - + Countries expectedTerritory, + URL url, + Number otherTslPointerId, + String workingdirectory, + boolean sqlMultithreaded, + boolean throwExceptions, + boolean logExceptions, + boolean throwWarnings, + boolean logWarnings, + boolean nullRedundancies, + String baseuri, + Map > trustAnchorsWrongOnEuTsl, + TSLThreadContext parentContext) { + super( + expectedTerritory, + url, + otherTslPointerId, + workingdirectory, + sqlMultithreaded, + throwExceptions, + logExceptions, + throwWarnings, + logWarnings, + nullRedundancies, + parentContext); + baseuri_ = baseuri; + trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl; + } /* (non-Javadoc) * @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI() */ @@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF public String getbaseURI() { return this.baseuri_; } - + + + + //@Override - protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) { - return super.wrapException(t, l, m); - } + protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) { + return super.wrapException(t, l, m); + } @Override - public synchronized void throwException(Throwable e) { + public + synchronized void throwException(Throwable e) { if (e instanceof TSLValidationException) { // we do not throw dom validation errors for testing // and just collect them wrapException(e); - } else if (e instanceof TSLVerificationException) { + + boolean corrected = false; // we do not throw verification errors for testing // and just collect them - if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE - .getClass().getName(), "true")) - && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) { - - //TSL with no signature are ignored!!!! - l.warn("TSL IS NOT SIGNED! " - + this.expectedTerritory_.name() + " TSL ignored."); - } - - if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE - .getClass().getName(), "true")) - && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) { - ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); - } - - if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE - .getClass().getName(), "true")) - && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) { - ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); - } - - if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE - .getClass().getName(), "true")) - && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) { - ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); - } - - if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE - .getClass().getName(), "true")) - && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) { - ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); - } +// // NEVER DO THIS! unless you want to import TSLs without signatures. +// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE +// .getClass().getName(), "true")) +// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) { +// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); +// } +// +// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE +// .getClass().getName(), "true")) +// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) { +// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); +// } - wrapException(e); +// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE +// .getClass().getName(), "true")) +// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) { +// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); +// +// corrected = true; +// } +// +// +// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE +// .getClass().getName(), "true")) +// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) { +// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); +// +// corrected = true; +// } +// +// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE +// .getClass().getName(), "true")) +// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) { +// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED); +// +// corrected = true; +// } +// +// if (corrected) +// wrapException(e); +// else +// super.throwException(e); + + super.throwException(e); } else if (e instanceof FileNotFoundException) { // we do not stop and continue processing wrapException(e); - } else if (e instanceof IllegalArgumentException) { // we do not stop and continue processing wrapException(e); - } else { // all other errors are treated as per default super.throwException(e); @@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if( e instanceof FixedSaxLevelValidationExcption && enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){ - - - wrapException(e, ((LocatorAspect) e).getLocator(), new FixedValidationMitigation("Performed SAX Level Fixup.")); @@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) { DOMError domError = (DOMError) parameters[0]; - l.info(""+domError.getRelatedData()); + _l.warn(""+domError.getRelatedData()); // domError.getRelatedData().getClass().getField("") @@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } }); return mitigatedResult; + } } @@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } } - l.error("Ignoring download error using old: " + parameters[0], null); + _l.err("Ignoring download error using old: " + parameters[0], null); wrapException(e); return parameters[1]; } +// if ( +// expectedTerritory_ == Countries.PL &&( +// (e.getCause() instanceof java.io.EOFException || +// e.getCause() instanceof iaik.security.ssl.SSLException) && +// parameters[0] instanceof URL && +// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https") +// )){ +// File f = null; +// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); +// TLS.register("TLSv1"); +// try { +// f = (File) enclosingMethod.invoke(thisObject, parameters); +// } catch (IllegalAccessException e1) { +// wrapException(e1); +// } catch (InvocationTargetException e1) { +// wrapException(e1); +// } +// +// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null); +// TLS.register(); +// +// if (f != null){ +// wrapException(e, null, new Mitigation() { +// @Override +// public String getReport() { +// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true"; +// } +// }); +// return f; +// } +// } + if ( e instanceof TSLSecurityException && enclosingMethod.getDeclaringClass().equals(TSLContext.class) && @@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF wrapException(e1); } wrapException(e, getLocator(), - new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){ - @Override - public String getReport() { - return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " + - "the EU TSL and allow the certificate " + - parameters[1]; - } - }); + new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){ + @Override + public String getReport() { + return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " + + "the EU TSL and allow the certificate " + + parameters[1]; + } + }); return null; } X509Certificate crt = (X509Certificate)parameters[1]; @@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } } -// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE! -// //ugly hack to accept a certificate which uses a crazy X509SubjectName!! -// if ( expectedTerritory_ == Countries.DK && -// e instanceof KeySelectorException && -// parameters[0] instanceof X509DataImpl){ -// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+ -// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) { -// -// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0]; -// -// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling(); -// Node child1 = x509DataImpl.getNode().getFirstChild(); -// -// x509DataImpl.getNode().removeChild(child); -// x509DataImpl.getNode().removeChild(child1); -// -// -// parameters[0] = (X509Data) x509DataImpl -// -// Object mitigatedResult = null; -// try { -// -// mitigatedResult = enclosingMethod.invoke(thisObject, parameters); -// } catch (IllegalAccessException e1) { -// wrapException(e1); -// } catch (InvocationTargetException e1) { -// wrapException(e1); -// } -// -// if (mitigatedResult != null){ -// wrapException(e, null, new Mitigation(null) { -// @Override -// public String getReport() { -// return "Deleted wrong X509SubjectName from XMLDSIG Signature."; -// } -// }); -// return mitigatedResult; -// } -// } -// } - + if ( expectedTerritory_ == Countries.DK && + e instanceof KeySelectorException && + parameters[0] instanceof X509DataImpl){ + if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+ + "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) { + + X509DataImpl x509DataImpl = (X509DataImpl) parameters[0]; + + ListIterator li = x509DataImpl.getContent().listIterator(); + li.next(); + String sn = (String) li.next(); + + _l.err(sn, null); + + System.exit(1); + + Object mitigatedResult = null; + try { + + mitigatedResult = enclosingMethod.invoke(thisObject, parameters); + } catch (IllegalAccessException e1) { + wrapException(e1); + } catch (InvocationTargetException e1) { + wrapException(e1); + } + + if (mitigatedResult != null){ + wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() { + @Override + public String getReport() { + return "Deleted wrong X509SubjectName from XMLDSIG Signature."; + } + }); + return mitigatedResult; + + } + } + } + } else { if (e instanceof MitigatedTSLSecurityException){ @@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF // and collect them wrapException(e); return null; - } else if (e instanceof FixedSaxLevelValidationExcption) { // we allow to mitigate Sax Level Fixup for testing // and collect them @@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if(expectedTerritory_ == Countries.EL){ //fix the whitespace in Greece TSL status = status.trim(); - } + } + if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) { + status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length()); + } + return super.compressStatus(status); } @@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) { + if (expectedTerritory_ == Countries.AT){ + if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){ + return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this); + } + } + + if (expectedTerritory_ == Countries.CZ){ + if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){ + return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this); + } + } + + if (expectedTerritory_ == Countries.FR){ + if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){ + return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this); + } + } + + if (expectedTerritory_ == Countries.NO){ + if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){ + return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this); + } + } + + if (expectedTerritory_ == Countries.SK){ + if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){ + return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this); + } + } + + if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){ if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){ return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this); @@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage(); - l.info(msg); + _l.info(msg); return( msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") && msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique") @@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override protected long howLongWaitForThreads() { // TODO Auto-generated method stub - return 10000; + return 100000; } @Override @@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) { parentContext_.print("<" + ncName + " state=\"" + currentThread.getState() + "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "\n"); + + ncName + ">" + _.LB); parentContext_.flushLog(); log.setLength(0); } diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index 5efe131f3..ffe4d38a0 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -2,10 +2,10 @@ - + uses - + uses diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index a99a573c1..2a7467146 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -3,14 +3,14 @@ MOA.spss moa-spss - 1.5.x + 2.0.x 4.0.0 MOA.spss.server moa-spss-ws war - 1.5.2 + 2.0.0 MOA SP/SS WebService diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index 19d72a380..48e0a998c 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -2,14 +2,14 @@ MOA.spss moa-spss - 1.5.x + 2.0.x 4.0.0 MOA.spss.server moa-spss-tools jar - 1.5.2 + 2.0.0 MOA SP/SS Tools -- cgit v1.2.3