summaryrefslogtreecommitdiff
path: root/BKUOnline/src/main
diff options
context:
space:
mode:
authormcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-05-05 15:29:01 +0000
committermcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-05-05 15:29:01 +0000
commitb1c8641a63a67e3c64d948f9e8dce5c01e11e2dd (patch)
tree0883f08a408f89f758e9a1be629232e3dd055c3a /BKUOnline/src/main
parent83a9b613836910f7edc370c2fe60fa2268dc4461 (diff)
downloadmocca-b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd.tar.gz
mocca-b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd.tar.bz2
mocca-b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd.zip
Merged feature branch mocca-1.2.13-id@r724 back to trunk.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKUOnline/src/main')
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java63
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java127
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java49
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java327
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java13
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java289
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java128
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java121
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java (renamed from BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java)64
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java96
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java8
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java123
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java225
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java346
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java43
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java154
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java88
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java76
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java81
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java115
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java44
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java357
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java33
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java100
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java49
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java24
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java385
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java7
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java7
-rw-r--r--BKUOnline/src/main/policy/50mocca.policy229
-rw-r--r--BKUOnline/src/main/policy/catalina.policy411
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml84
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/PersonData.xsd57
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd105
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd308
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd147
-rw-r--r--BKUOnline/src/main/resources/commons-logging.properties16
-rw-r--r--BKUOnline/src/main/resources/log4j.properties7
-rw-r--r--BKUOnline/src/main/webapp/IDRequestForm.html71
-rw-r--r--BKUOnline/src/main/webapp/PINManagement.jsp82
-rw-r--r--BKUOnline/src/main/webapp/SLRequestForm.html6
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml288
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml10
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml51
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/web.xml62
-rw-r--r--BKUOnline/src/main/webapp/applet.jsp132
-rw-r--r--BKUOnline/src/main/webapp/img/dec.pngbin0 -> 6311 bytes
-rw-r--r--BKUOnline/src/main/webapp/img/help.pngbin0 -> 303 bytes
-rw-r--r--BKUOnline/src/main/webapp/img/inc.pngbin0 -> 7198 bytes
-rw-r--r--BKUOnline/src/main/webapp/local.jsp63
50 files changed, 4436 insertions, 1235 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
deleted file mode 100644
index 5795478b..00000000
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.online.accesscontroller;
-
-import java.io.IOException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ResourceLoaderAware;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
-import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
-import at.gv.egiz.bku.conf.Configurator;
-
-public class SpringSecurityManager extends SecurityManagerFacade implements
- ResourceLoaderAware {
-
- private ResourceLoader resourceLoader;
-
- private static Log log = LogFactory.getLog(SpringSecurityManager.class);
-
- protected Configurator config;
-
- public void setConfig(Configurator config) {
- this.config = config;
- }
-
- public void init() {
- String noMatch = config.getProperty("AccessController.acceptNoMatch");
- if (noMatch != null) {
- log.debug("Setting allow now match to: " + noMatch);
- setAllowUnmatched(Boolean.getBoolean(noMatch));
- }
- String policy = config.getProperty("AccessController.policyResource");
- log.info("Loading resource: " + policy);
- try {
- Resource res = resourceLoader.getResource(policy);
- init(res.getInputStream());
- } catch (IOException e) {
- log.error(e);
- }
- }
-
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
-}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
deleted file mode 100644
index 6030c1c0..00000000
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.online.conf;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ResourceLoaderAware;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
-import at.gv.egiz.bku.conf.Configurator;
-import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
-import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;
-
-public class SpringConfigurator extends Configurator implements
- ResourceLoaderAware {
-
- private final static Log log = LogFactory.getLog(SpringConfigurator.class);
-
- private ResourceLoader resourceLoader;
-
- public void setResource(Resource resource) {
- log.debug("Loading config from: " + resource);
- if (resource != null) {
- Properties props = new Properties();
- try {
- props.load(resource.getInputStream());
- super.setConfiguration(props);
- } catch (IOException e) {
- log.error("Cannot load config", e);
- }
- } else {
- log.warn("Cannot load properties, resource: " + resource);
- }
- }
-
- public void configureNetwork() {
- super.configureNetwork();
- String appletTimeout = getProperty("AppletTimeout");
- if ((appletTimeout != null)) {
- try {
- long ato = Long.parseLong(appletTimeout);
- log.debug("Setting applet timeout to:"+ato);
- RequestBrokerSTALFactory.setTimeout(ato);
- } catch (NumberFormatException nfe) {
- log.error("Cannot set Applettimeout", nfe);
- }
-
- }
- }
-
- public void configure() {
- super.configure();
- SpringBKUServlet.setConfigurator(this);
- }
-
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
-
- private File getDirectory(String property) {
- if (property != null) {
- Resource certDirRes = resourceLoader.getResource(property);
- File certDir;
- try {
- certDir = certDirRes.getFile();
- } catch (IOException e) {
- log.error("Cannot get cert directory", e);
- throw new SLRuntimeException(e);
- }
- if (!certDir.isDirectory()) {
- log.error("Expecting directory as SSL.certDirectory parameter");
- throw new SLRuntimeException(
- "Expecting directory as SSL.certDirectory parameter");
- }
- return certDir;
- }
- return null;
-
- }
-
- @Override
- protected File getCADir() {
- String caDirectory = getProperty("SSL.caDirectory");
- return getDirectory(caDirectory);
- }
-
- @Override
- protected File getCertDir() {
- String certDirectory = getProperty("SSL.certDirectory");
- return getDirectory(certDirectory);
- }
-
- @Override
- protected InputStream getManifest() {
- Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
- if (r != null) {
- try {
- return r.getInputStream();
- } catch (IOException e) {
- log.error("Cannot read manifest data:", e);
- }
- }
- return null;
- }
-} \ No newline at end of file
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java
new file mode 100644
index 00000000..27dfcd92
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java
@@ -0,0 +1,49 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.spring;
+
+import javax.servlet.ServletContext;
+
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.web.context.ServletContextAware;
+
+public class ServletContextPathFactoryBean implements FactoryBean, ServletContextAware {
+
+ private String contextPath;
+
+ @Override
+ public void setServletContext(ServletContext servletContext) {
+ contextPath = servletContext.getContextPath();
+ }
+
+ @Override
+ public Object getObject() throws Exception {
+ return contextPath;
+ }
+
+ @Override
+ public Class<?> getObjectType() {
+ return String.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java
new file mode 100644
index 00000000..019b8efe
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java
@@ -0,0 +1,327 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.webapp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.Id;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+
+public abstract class AbstractWebRequestHandler extends SpringBKUServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String APPLET_PAGE_P = "appletPage";
+ public static final String APPLET_PAGE_DEFAULT = "applet.jsp";
+
+ public static final String PARAM_APPLET_WIDTH = "appletWidth";
+ public static final String ATTR_APPLET_WIDTH = "appletWidth";
+
+ public static final String PARAM_APPLET_HEIGHT = "appletHeight";
+ public static final String ATTR_APPLET_HEIGHT = "appletHeight";
+
+ public static final String PARAM_APPLET_BACKGROUND = "appletBackground";
+ public static final String ATTR_APPLET_BACKGROUND = "appletBackground";
+
+ public static final String PARAM_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
+ public static final String ATTR_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
+
+ public static final Pattern PATTERM_APPLET_BACKGROUND_COLOR = Pattern.compile("\\#[0-9a-fA-F]{6}");
+ public static final String PARAM_APPLET_GUI_STYLE = "appletGuiStyle";
+ public static final String ATTR_APPLET_GUI_STYLE = "appletGuiStyle";
+
+ public static final String[] VALUES_APPLET_GUI_STYLE = new String[] {"tiny", "simple", "advanced"};
+ public static final String PARAM_APPLET_EXTENSION = "appletExtension";
+ public static final String ATTR_APPLET_EXTENSION = "appletExtension";
+
+ public static final String[] VALUES_APPLET_EXTENSION = new String[] {"pin", "activation"};
+ public static final String PARAM_LOCALE = "locale";
+ public static final String ATTR_LOCALE = "locale";
+
+ public static final Pattern PATTERN_LOCALE = Pattern.compile("[a-zA-Z][a-zA-Z](_[a-zA-Z][a-zA-Z]){0,2}");
+ public static final String REDIRECT_URL_SESSION_ATTRIBUTE = "redirectUrl";
+
+ private final Logger log = LoggerFactory.getLogger(BKURequestHandler.class);
+
+ protected static String getStringFromStream(InputStream is, String encoding)
+ throws IOException {
+ if (is == null) {
+ return null;
+ }
+ if (encoding == null) {
+ encoding = HttpUtil.DEFAULT_CHARSET;
+ }
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ StreamUtil.copyStream(is, os);
+ return new String(os.toByteArray(), encoding);
+ }
+
+ protected abstract String getRequestProtocol(HttpServletRequest req);
+
+ protected HTTPBindingProcessor getBindingProcessor(Id id, HttpServletRequest req, Locale locale) {
+
+ // remove existing binding processor if present
+ getBindingProcessorManager().removeBindingProcessor(id);
+
+ // create new binding processor
+ return (HTTPBindingProcessor) getBindingProcessorManager().createBindingProcessor(getRequestProtocol(req), locale);
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
+ java.io.IOException {
+
+ String msg = (req.getSession(false) == null) ? "New session created."
+ : "Session already established.";
+
+ Id id = IdFactory.getInstance().createId(req.getSession().getId());
+ MDC.put("id", id.toString());
+
+ String acceptLanguage = req.getHeader("Accept-Language");
+ Locale locale = AcceptLanguage.getLocale(acceptLanguage);
+
+ if (log.isInfoEnabled()) {
+ log.info("Recieved request (Accept-Language locale: {}). {}", locale, msg);
+ }
+
+ try {
+
+ HTTPBindingProcessor bindingProcessor = getBindingProcessor(id, req, locale);
+
+ Map<String, String> headerMap = new HashMap<String, String>();
+ for (Enumeration<?> headerName = req.getHeaderNames(); headerName
+ .hasMoreElements();) {
+ String header = (String) headerName.nextElement();
+ if (header != null) {
+ headerMap.put(header, req.getHeader(header));
+ }
+ }
+
+ InputStream inputStream;
+ String charset;
+ if (req.getMethod().equals("POST")) {
+ charset = req.getCharacterEncoding();
+ String contentType = req.getContentType();
+ if (charset != null) {
+ contentType += ";" + charset;
+ }
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
+ inputStream = req.getInputStream();
+ } else {
+ charset = "UTF-8";
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE,
+ InputDecoderFactory.URL_ENCODED);
+ String queryString = req.getQueryString();
+ if (queryString != null) {
+ inputStream = new ByteArrayInputStream(queryString.getBytes(charset));
+ } else {
+ inputStream = new ByteArrayInputStream(new byte[] {});
+ }
+ }
+ bindingProcessor.setHTTPHeaders(headerMap);
+ bindingProcessor.consumeRequestStream(req.getRequestURL().toString(),
+ inputStream);
+
+ req.getInputStream().close();
+ getBindingProcessorManager().process(id, bindingProcessor);
+
+ HttpSession session = req.getSession();
+
+ log.trace("Looking for applet parameters in request.");
+
+ // appletWidth
+ String width = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_WIDTH), charset);
+ if (width != null && !width.isEmpty()) {
+ try {
+ // must be a valid integer
+ session.setAttribute(ATTR_APPLET_WIDTH, Integer.parseInt(width));
+ log.debug("Found parameter " + PARAM_APPLET_WIDTH + "='{}'.", width);
+ } catch (NumberFormatException nfe) {
+ log.warn("Parameter " + PARAM_APPLET_WIDTH
+ + " does not contain a valid value.", nfe);
+ }
+ }
+
+ // appletHeight
+ String height = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_HEIGHT), charset);
+ if (height != null && !height.isEmpty()) {
+ try {
+ // must be a valid integer
+ session.setAttribute(ATTR_APPLET_HEIGHT, Integer.parseInt(height));
+ log.debug("Found parameter " + PARAM_APPLET_HEIGHT + "='{}'.", height);
+ } catch (NumberFormatException nfe) {
+ log.warn("Parameter " + PARAM_APPLET_HEIGHT
+ + " does not contain a valid value.", nfe);
+ }
+ }
+
+ // appletBackground
+ String background = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_BACKGROUND), charset);
+ if (background != null && !background.isEmpty()) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND, background);
+ try {
+ // must be a valid http or https URL
+ URI backgroundURL = new URI(background);
+ if ("http".equals(backgroundURL.getScheme())
+ || "https".equals(backgroundURL.getScheme())) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND, backgroundURL
+ .toASCIIString());
+ log.debug("Found parameter " + PARAM_APPLET_BACKGROUND + "='{}'.",
+ backgroundURL.toASCIIString());
+ } else {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND
+ + "='{}' is not a valid http/https URL.", background);
+ }
+ } catch (URISyntaxException e) {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND
+ + "='{}' is not a valid http/https URL.", background, e);
+ }
+ }
+
+ // appletBackgroundColor
+ String backgroundColor = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_BACKGROUND_COLOR), charset);
+ if (backgroundColor != null && !backgroundColor.isEmpty()) {
+ // must be a valid color definition
+ if (PATTERM_APPLET_BACKGROUND_COLOR.matcher(backgroundColor).matches()) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND_COLOR, backgroundColor);
+ log.debug("Faund parameter " + PARAM_APPLET_BACKGROUND_COLOR
+ + "='{}'.", backgroundColor);
+ } else {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND_COLOR
+ + "='{}' is not a valid color definition "
+ + "(must be of form '#hhhhhh').", backgroundColor);
+ }
+ }
+
+ // appletGuiStyle
+ String guiStyle = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_GUI_STYLE), charset);
+ if (guiStyle != null && !guiStyle.isEmpty()) {
+ // must be one of VALUES_APPLET_GUI_STYLE
+ String style = guiStyle.toLowerCase();
+ if (Arrays.asList(VALUES_APPLET_GUI_STYLE).contains(style)) {
+ session.setAttribute(ATTR_APPLET_GUI_STYLE, style);
+ log.debug("Found parameter " + PARAM_APPLET_GUI_STYLE + "='{}'.", style);
+ } else {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Parameter ").append(PARAM_APPLET_GUI_STYLE).append(
+ "='").append(guiStyle).append("' is not valid (must be one of ")
+ .append(Arrays.toString(VALUES_APPLET_GUI_STYLE)).append(").");
+ log.warn(sb.toString());
+ }
+ }
+
+ // appletExtension
+ String extension = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_EXTENSION), charset);
+ if (extension != null && !extension.isEmpty()) {
+ // must be one of VALUES_APPLET_EXTENSION
+ String ext = extension.toLowerCase();
+ if (Arrays.asList(VALUES_APPLET_EXTENSION).contains(ext)) {
+ session.setAttribute(ATTR_APPLET_EXTENSION, ext);
+ log.debug("Found parameter " + PARAM_APPLET_EXTENSION + "='{}'.", ext);
+ } else {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Parameter ").append(PARAM_APPLET_EXTENSION).append(
+ "='").append(extension).append("' is not valid (must be one of ")
+ .append(Arrays.toString(VALUES_APPLET_EXTENSION)).append(").");
+ log.warn(sb.toString());
+ }
+ }
+
+ // locale
+ String localeFormParam = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_LOCALE), charset);
+ if (localeFormParam != null && !localeFormParam.isEmpty()) {
+ // must be a valid locale
+ if (PATTERN_LOCALE.matcher(localeFormParam).matches()) {
+ locale = new Locale(localeFormParam);
+ log.debug("Override accept-language header locale {} "
+ + "with form param {}.", locale, localeFormParam);
+ } else {
+ log.warn("Parameter " + PARAM_LOCALE
+ + "='{}' is not a valid locale definition.", localeFormParam);
+ }
+ }
+ if (locale != null) {
+ log.debug("Using locale {}.", locale);
+ session.setAttribute(ATTR_LOCALE, locale.toString());
+ }
+
+ beforeAppletPage(req, bindingProcessor);
+
+ String appletPage = getStringFromStream(bindingProcessor
+ .getFormData(APPLET_PAGE_P), charset);
+ if (appletPage == null || appletPage.isEmpty()) {
+ appletPage = APPLET_PAGE_DEFAULT;
+ }
+ log.debug("Sending redirect to UI page '{}'.", appletPage);
+ resp.sendRedirect(appletPage);
+
+ } finally {
+ MDC.remove("id");
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+ doPost(req, resp);
+ }
+
+ /**
+ * Called before the request is forwarded or redirected to the Applet page.
+ *
+ * @param req
+ * @param bindingProcessor
+ */
+ protected void beforeAppletPage(HttpServletRequest req,
+ HTTPBindingProcessor bindingProcessor) {
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
index 24938cd5..9e455621 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
@@ -24,8 +24,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* prevent applet caching,
@@ -35,7 +35,9 @@ import org.apache.commons.logging.LogFactory;
*/
public class AppletDispatcher extends HttpServlet {
- protected final static Log log = LogFactory.getLog(AppletDispatcher.class);
+ private static final long serialVersionUID = 1L;
+
+ private final Logger log = LoggerFactory.getLogger(AppletDispatcher.class);
public static final String DISPATCH_CTX = "dispatch/";
public static final String RAND_PREFIX = "__";
@@ -65,10 +67,7 @@ public class AppletDispatcher extends HttpServlet {
uri = archivePattern.matcher(uri).replaceAll(".jar");
// log.trace("removing random suffix " + uri);
- if (log.isTraceEnabled()) {
- log.trace("dispatching request URI " + request.getRequestURI() +
- " to " + uri);
- }
+ log.trace("Dispatching request URI {} to {}.", request.getRequestURI(), uri);
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(uri);
dispatcher.forward(request, response);
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
index 7dfec211..d42f911c 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
@@ -16,302 +16,37 @@
*/
package at.gv.egiz.bku.online.webapp;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.HTTPBindingProcessor;
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.bku.binding.IdFactory;
-import at.gv.egiz.bku.utils.StreamUtil;
-import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+import at.gv.egiz.bku.binding.HTTPBindingProcessorImpl;
/**
* Handles SL requests and instantiates BindingProcessors
*
*/
-public class BKURequestHandler extends SpringBKUServlet {
-
- private static final long serialVersionUID = 1L;
-
- public static final String APPLET_PAGE_P = "appletPage";
- public static final String APPLET_PAGE_DEFAULT = "BKUApplet";
-
- public static final String PARAM_APPLET_WIDTH = "appletWidth";
- public static final String ATTR_APPLET_WIDTH = "appletWidth";
-
- public static final String PARAM_APPLET_HEIGHT = "appletHeight";
- public static final String ATTR_APPLET_HEIGHT = "appletHeight";
+public class BKURequestHandler extends AbstractWebRequestHandler {
- public static final String PARAM_APPLET_BACKGROUND = "appletBackground";
- public static final String ATTR_APPLET_BACKGROUND = "appletBackground";
-
- public static final String PARAM_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
- public static final String ATTR_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
- public static final Pattern PATTERM_APPLET_BACKGROUND_COLOR = Pattern.compile("\\#[0-9a-fA-F]{6}");
-
- public static final String PARAM_APPLET_GUI_STYLE = "appletGuiStyle";
- public static final String ATTR_APPLET_GUI_STYLE = "appletGuiStyle";
- public static final String[] VALUES_APPLET_GUI_STYLE = new String[] {"tiny", "simple", "advanced"};
+ private static final long serialVersionUID = 1L;
- public static final String PARAM_APPLET_EXTENSION = "appletExtension";
- public static final String ATTR_APPLET_EXTENSION = "appletExtension";
- public static final String[] VALUES_APPLET_EXTENSION = new String[] {"pin", "activation"};
+ private final Logger log = LoggerFactory.getLogger(BKURequestHandler.class);
- public static final String PARAM_LOCALE = "locale";
- public static final String ATTR_LOCALE = "locale";
- public static final Pattern PATTERN_LOCALE = Pattern.compile("[a-zA-Z][a-zA-Z](_[a-zA-Z][a-zA-Z]){0,2}");
-
- public final static String REDIRECT_URL_SESSION_ATTRIBUTE = "redirectUrl";
-
- protected Log log = LogFactory.getLog(BKURequestHandler.class);
-
- private static String getStringFromStream(InputStream is, String encoding)
- throws IOException {
- if (is == null) {
- return null;
- }
- if (encoding == null) {
- encoding = HttpUtil.DEFAULT_CHARSET;
- }
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- StreamUtil.copyStream(is, os);
- return new String(os.toByteArray(), encoding);
- }
-
@Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- log.debug("Received SecurityLayer request");
-
- HttpSession session = req.getSession(false);
- if (session != null) {
- log.warn("Already a session with id: " + session.getId()
- + " active, trying to get Bindingprocessor");
- BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(
- IdFactory.getInstance().createId(session.getId()));
- if (bp != null) {
- log.debug("Found binding processor, using this one");
- String appletPage = getStringFromStream(
- ((HTTPBindingProcessor) bp).getFormData(APPLET_PAGE_P),
- req.getCharacterEncoding());
- getDispatcher(appletPage).forward(req, resp);
- return;
- }
- log.debug("Did not find a binding processor, creating new ...");
- }
- session = req.getSession(true);
- if (log.isDebugEnabled()) {
- log.debug("Using session id: " + session.getId());
- }
-
- String acceptLanguage = req.getHeader("Accept-Language");
- Locale locale = AcceptLanguage.getLocale(acceptLanguage);
- log.debug("Accept-Language locale: " + locale);
-
- HTTPBindingProcessor bindingProcessor;
- bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
- .createBindingProcessor(req.getRequestURL().toString(),
- session.getId(), locale);
-
- Map<String, String> headerMap = new HashMap<String, String>();
- for (Enumeration<String> headerName = req.getHeaderNames(); headerName
- .hasMoreElements();) {
- String header = headerName.nextElement();
- if (header != null) {
- headerMap.put(header, req.getHeader(header));
- }
- }
- String charset = req.getCharacterEncoding();
- String contentType = req.getContentType();
- if (charset != null) {
- contentType += ";" + charset;
- }
- headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
- bindingProcessor.setHTTPHeaders(headerMap);
- bindingProcessor.consumeRequestStream(req.getInputStream());
- req.getInputStream().close();
- getBindingProcessorManager().process(bindingProcessor);
-
- log.trace("Trying to find applet parameters in request");
-
- // appletWidth
- String width = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_WIDTH), charset);
- if (width != null) {
- try {
- // must be a valid integer
- session.setAttribute(ATTR_APPLET_WIDTH, Integer.parseInt(width));
- log.trace("Found parameter " + PARAM_APPLET_WIDTH + "='" + width +"'.");
- } catch (NumberFormatException nfe) {
- log.warn("Applet parameter " + PARAM_APPLET_WIDTH +
- " does not contain a valid value.", nfe);
- }
- }
-
- // appletHeight
- String height = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_HEIGHT), charset);
- if (height != null) {
- try {
- // must be a valid integer
- session.setAttribute(ATTR_APPLET_HEIGHT, Integer.parseInt(height));
- log.trace("Found parameter " + PARAM_APPLET_HEIGHT + "='" + height + "'.");
- } catch (NumberFormatException nfe) {
- log.warn("Applet parameter " + PARAM_APPLET_HEIGHT +
- " does not contain a valid value.", nfe);
- }
- }
-
- // appletBackground
- String background = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_BACKGROUND), charset);
- if (background != null) {
- session.setAttribute(ATTR_APPLET_BACKGROUND, background);
- try {
- // must be a valid http or https URL
- URI backgroundURL = new URI(background);
- if ("http".equals(backgroundURL.getScheme())
- || "https".equals(backgroundURL.getScheme())) {
- session.setAttribute(ATTR_APPLET_BACKGROUND, backgroundURL.toASCIIString());
- log.trace("Found parameter " + PARAM_APPLET_BACKGROUND + "='"
- + backgroundURL.toASCIIString() + "'.");
- } else {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='"
- + background + "' is not a valid http/https URL.");
- }
- } catch (URISyntaxException e) {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='"
- + background + "' is not a valid http/https URL.", e);
- }
- }
-
- // appletBackgroundColor
- String backgroundColor = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_BACKGROUND_COLOR), charset);
- if (backgroundColor != null) {
- // must be a valid color definition
- if (PATTERM_APPLET_BACKGROUND_COLOR.matcher(backgroundColor).matches()) {
- session.setAttribute(ATTR_APPLET_BACKGROUND_COLOR, backgroundColor);
- log.trace("Faund parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='"
- + backgroundColor + "'.");
- } else {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='"
- + backgroundColor + "' is not a valid color definition (must be of form '#hhhhhh').");
- }
- }
-
- // appletGuiStyle
- String guiStyle = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_GUI_STYLE), charset);
- if (guiStyle != null) {
- // must be one of VALUES_APPLET_GUI_STYLE
- String style = guiStyle.toLowerCase();
- if (Arrays.asList(VALUES_APPLET_GUI_STYLE).contains(style)) {
- session.setAttribute(ATTR_APPLET_GUI_STYLE, style);
- log.trace("Found parameter " + PARAM_APPLET_GUI_STYLE + "='"
- + style + "'.");
- } else {
- StringBuilder sb = new StringBuilder();
- sb.append("Applet parameter ").append(PARAM_APPLET_GUI_STYLE).append(
- "='").append(guiStyle).append("' is not valid (must be one of ")
- .append(Arrays.toString(VALUES_APPLET_GUI_STYLE)).append(").");
- log.warn(sb);
- }
- }
-
- // appletExtension
- String extension = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_EXTENSION), charset);
- if (extension != null) {
- // must be one of VALUES_APPLET_EXTENSION
- String ext = extension.toLowerCase();
- if (Arrays.asList(VALUES_APPLET_EXTENSION).contains(ext)) {
- session.setAttribute(ATTR_APPLET_EXTENSION, ext);
- log.trace("Found parameter " + PARAM_APPLET_EXTENSION + "='"
- + ext + "'.");
- } else {
- StringBuilder sb = new StringBuilder();
- sb.append("Applet parameter ").append(PARAM_APPLET_EXTENSION).append(
- "='").append(extension).append("' is not valid (must be one of ")
- .append(Arrays.toString(VALUES_APPLET_EXTENSION)).append(").");
- log.warn(sb);
- }
- }
-
- // locale
- String localeFormParam = getStringFromStream(bindingProcessor
- .getFormData(PARAM_LOCALE), charset);
- if (localeFormParam != null) {
- // must be a valid locale
- if (PATTERN_LOCALE.matcher(localeFormParam).matches()) {
- locale = new Locale(localeFormParam);
- log.debug("Overrule accept-language header locale " + locale
- + " with form param " + localeFormParam + ".");
- } else {
- log.warn("Parameter " + PARAM_LOCALE + "='" + localeFormParam
- + "' is not a valid locale definition.");
- }
- }
- if (locale != null) {
- log.debug("Using locale " + locale);
- session.setAttribute(ATTR_LOCALE, locale.toString());
- }
-
+ protected void beforeAppletPage(HttpServletRequest req, HTTPBindingProcessor bindingProcessor) {
// handle server side redirect url after processing
- String redirectUrl = bindingProcessor.getRedirectURL();
+ String redirectUrl = ((HTTPBindingProcessorImpl) bindingProcessor).getRedirectURL();
if ( redirectUrl != null) {
- log.info("Got redirect URL "+redirectUrl+". Deferring browser redirect.");
- session.setAttribute(REDIRECT_URL_SESSION_ATTRIBUTE, redirectUrl);
+ log.info("Got redirect URL '{}'. Deferring browser redirect.", redirectUrl);
+ req.getSession().setAttribute(REDIRECT_URL_SESSION_ATTRIBUTE, redirectUrl);
}
-
- String appletPage = getStringFromStream(bindingProcessor
- .getFormData(APPLET_PAGE_P), charset);
- getDispatcher(appletPage).forward(req, resp);
}
@Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- doPost(req, resp);
- }
-
- private RequestDispatcher getDispatcher(String appletPage) {
- RequestDispatcher dispatcher = null;
- if (appletPage != null) {
- log.trace("requested appletPage " + appletPage);
- dispatcher = getServletContext().getNamedDispatcher(appletPage);
- }
- if (dispatcher == null) {
- log.debug("no appletPage requested or appletPage not configured, using default");
- appletPage = APPLET_PAGE_DEFAULT;
- dispatcher = getServletContext().getNamedDispatcher(appletPage);
- }
-// session.setAttribute(APPLET_PAGE_P, appletPage);
- log.debug("forward to applet " + appletPage);
-
- return dispatcher;
+ protected String getRequestProtocol(HttpServletRequest req) {
+ return "HTTP";
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java
new file mode 100644
index 00000000..8d65c92e
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java
@@ -0,0 +1,128 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.webapp;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.xml.crypto.XSecProvider;
+
+import java.security.Provider;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MoccaContextListener implements ServletContextListener {
+
+ public static final String DISABLE_SECURITY_PROVIDER_REGISTRATION = "disableSecurityProviderRegistration";
+
+ private Logger log = LoggerFactory.getLogger(MoccaContextListener.class);
+
+ private final List<Provider> selfRegisteredProviders = new ArrayList<Provider>();
+
+ @Override
+ public void contextDestroyed(ServletContextEvent sce) {
+ log.info("Deregistering self registered security providers.");
+
+ for (Provider provider : selfRegisteredProviders) {
+ Security.removeProvider(provider.getName());
+ }
+ selfRegisteredProviders.clear();
+
+ }
+
+ @Override
+ public void contextInitialized(ServletContextEvent sce) {
+
+ ServletContext servletContext = sce.getServletContext();
+ if (!Boolean.parseBoolean(servletContext.getInitParameter(DISABLE_SECURITY_PROVIDER_REGISTRATION))) {
+ log.info("Looking for required and registered security providers ...");
+
+ registerProviders();
+
+ if (!selfRegisteredProviders.isEmpty()) {
+ log.warn("Security providers have been registered. "
+ + "This may affect other contexts in the same container!");
+ }
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Registered providers: ");
+ int i = 1;
+ for (Provider prov : Security.getProviders()) {
+ sb.append("\n" + (i++) + ". : " + prov);
+ }
+ log.debug(sb.toString());
+ }
+ }
+
+
+ }
+
+
+ protected void registerProvider(Provider provider, int position) {
+ String name = provider.getName();
+ if (Security.getProvider(name) == null) {
+ // register IAIK provider at first position
+ try {
+ if (position > 0) {
+ position = Security.insertProviderAt(provider, position);
+ } else {
+ position = Security.addProvider(provider);
+ }
+ log.info("Required security Provider {} was not yet registered. "
+ + "Now registered at position {}.", name, position);
+ selfRegisteredProviders.add(provider);
+ } catch (SecurityException e) {
+ log.info("Failed to register required security Provider.", e);
+ }
+ } else {
+ log.info("Required security Provider {} already registered.", name);
+ }
+
+ }
+
+ protected void registerProviders() {
+
+ registerProvider(new IAIK(), 1);
+ registerProvider(new ECCProvider(false), 2);
+
+ final String name = XSecProvider.NAME;
+ if (Security.getProvider(XSecProvider.NAME) == null) {
+ // register XML Security provider
+ try {
+ XSecProvider.addAsProvider(false);
+ log.info("Required security Provider {} was not yet registered. "
+ + "Now registered.", name);
+ selfRegisteredProviders.add(Security.getProvider(name));
+ } catch (SecurityException e) {
+ log.info("Failed to register required security Provider.", e);
+ }
+ } else {
+ log.info("Required security Provider {} already registered.", name);
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
index 5ffe2399..5fd01775 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
@@ -25,13 +25,14 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.HTTPBindingProcessor;
-import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.Id;
import at.gv.egiz.bku.binding.IdFactory;
-import at.gv.egiz.bku.conf.Configurator;
import at.gv.egiz.bku.utils.NullOutputStream;
/**
@@ -40,7 +41,9 @@ import at.gv.egiz.bku.utils.NullOutputStream;
*/
public class ResultServlet extends SpringBKUServlet {
- private final static Log log = LogFactory.getLog(ResultServlet.class);
+ private static final long serialVersionUID = 1L;
+
+ private final Logger log = LoggerFactory.getLogger(ResultServlet.class);
private String encoding = "UTF-8";
private String expiredPage = "./expiredError.jsp";
@@ -51,12 +54,12 @@ public class ResultServlet extends SpringBKUServlet {
private void myInit() {
String enc = getServletContext().getInitParameter("responseEncoding");
if (enc != null) {
- log.debug("Init default encoding to: " + enc);
+ log.trace("Init default encoding to: {}.", enc);
encoding = enc;
}
String expP = getServletConfig().getInitParameter("expiredPage");
if (expP != null) {
- log.debug("Init expired page to: " + expP);
+ log.trace("Init expired page to: {}.", expP);
expiredPage = expP;
}
}
@@ -80,75 +83,65 @@ public class ResultServlet extends SpringBKUServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException {
- String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT);
- if ((version != null) && (!"".equals(version.trim()))) {
- log.debug("setting SignatureLayout header to " + version);
- resp.setHeader(Configurator.SIGNATURE_LAYOUT, version);
- } else {
- log.debug("do not set SignatureLayout header");
- }
-
- if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) {
- resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator
- .getProperty(Configurator.USERAGENT_CONFIG_P));
- } else {
- resp.setHeader(HttpUtil.HTTP_HEADER_SERVER,
- Configurator.USERAGENT_DEFAULT);
- }
HttpSession session = req.getSession(false);
if (session == null) {
resp.sendRedirect(expiredPage);
return;
}
- String sessionId = session.getId();
- if (sessionId == null) {
- resp.sendRedirect(expiredPage);
- return;
- }
- log.debug("Got a result request for session: " + sessionId);
- HTTPBindingProcessor bp = (HTTPBindingProcessor) getBindingProcessorManager()
- .getBindingProcessor(IdFactory.getInstance().createId(sessionId));
- if (bp == null) {
+
+ Id id = IdFactory.getInstance().createId(session.getId());
+
+ HTTPBindingProcessor bp;
+ BindingProcessor bindingProcessor = getBindingProcessorManager().getBindingProcessor(id);
+ if (bindingProcessor instanceof HTTPBindingProcessor) {
+ bp = (HTTPBindingProcessor) bindingProcessor;
+ } else {
session.invalidate();
resp.sendRedirect(expiredPage);
return;
}
- String redirectUrl = (String) session
- .getAttribute(BKURequestHandler.REDIRECT_URL_SESSION_ATTRIBUTE);
- if (redirectUrl == null) {
- redirectUrl = bp.getRedirectURL();
- }
- if (redirectUrl != null) {
- try {
- bp.writeResultTo(new NullOutputStream(), encoding);
- getBindingProcessorManager().removeBindingProcessor(bp.getId());
- } finally {
- log.info("Executing deferred browser redirect to: " + redirectUrl);
- resp.sendRedirect(redirectUrl);
- session.invalidate();
+ MDC.put("id", id.toString());
+
+ try {
+ String redirectUrl = (String) session
+ .getAttribute(AbstractWebRequestHandler.REDIRECT_URL_SESSION_ATTRIBUTE);
+ if (redirectUrl == null) {
+ redirectUrl = bp.getRedirectURL();
}
- return;
- }
-
- log.trace("setting response code: " + bp.getResponseCode());
- resp.setStatus(bp.getResponseCode());
- resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1
- resp.setHeader("Pragma", "no-cache"); // HTTP 1.0
- resp.setDateHeader("Expires", 0);
- for (Iterator<String> it = bp.getResponseHeaders().keySet().iterator(); it
- .hasNext();) {
- String header = it.next();
- if (log.isTraceEnabled()) {
- log.trace("setting response header " + header + ": " + bp.getResponseHeaders().get(header));
+ if (redirectUrl != null) {
+ try {
+ bp.writeResultTo(new NullOutputStream(), encoding);
+ getBindingProcessorManager().removeBindingProcessor(bp.getId());
+ } finally {
+ log.info("Sending deferred redirect, RedirectURL={}.", redirectUrl);
+ resp.sendRedirect(redirectUrl);
+ session.invalidate();
+ }
+ return;
+ }
+
+ log.trace("Setting response code: {}.", bp.getResponseCode());
+ resp.setStatus(bp.getResponseCode());
+ resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1
+ resp.setHeader("Pragma", "no-cache"); // HTTP 1.0
+ resp.setDateHeader("Expires", 0);
+ for (Iterator<String> it = bp.getResponseHeaders().keySet().iterator(); it
+ .hasNext();) {
+ String header = it.next();
+ log.trace("Setting response header {}: {}.", header, bp.getResponseHeaders().get(header));
+ resp.setHeader(header, bp.getResponseHeaders().get(header));
}
- resp.setHeader(header, bp.getResponseHeaders().get(header));
+ resp.setContentType(bp.getResultContentType());
+ resp.setCharacterEncoding(encoding);
+ log.info("Sending result.");
+ bp.writeResultTo(resp.getOutputStream(), encoding);
+ resp.getOutputStream().flush();
+ session.invalidate();
+ getBindingProcessorManager().removeBindingProcessor(bp.getId());
+
+ } finally {
+ MDC.remove("id");
}
- resp.setContentType(bp.getResultContentType());
- resp.setCharacterEncoding(encoding);
- bp.writeResultTo(resp.getOutputStream(), encoding);
- resp.getOutputStream().flush();
- session.invalidate();
- getBindingProcessorManager().removeBindingProcessor(bp.getId());
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java
index 2b56166c..1bec31b6 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java
@@ -14,36 +14,34 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.online.webapp;
-
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionListener;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.binding.BindingProcessorManager;
-import at.gv.egiz.bku.binding.IdFactory;
-
-/**
- * Session listener to trigger the removal of the BindingProcessor
- *
- */
-public class SessionTimeout implements HttpSessionListener {
-
- private static Log log = LogFactory.getLog(SessionTimeout.class);
-
- @Override
- public void sessionCreated(HttpSessionEvent arg0) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void sessionDestroyed(HttpSessionEvent event) {
- BindingProcessorManager manager = (BindingProcessorManager) event.getSession().getServletContext().getAttribute(SpringBKUServlet.BEAN_NAME);
- log.info("Removing session: "+event.getSession().getId());
- manager.removeBindingProcessor(IdFactory.getInstance().createId(event.getSession().getId()));
- }
-
-}
+package at.gv.egiz.bku.online.webapp;
+
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+import at.gv.egiz.bku.binding.IdFactory;
+
+/**
+ * Session listener to trigger the removal of the BindingProcessor
+ *
+ */
+public class SessionListener implements HttpSessionListener {
+
+ private final Logger log = LoggerFactory.getLogger(SessionListener.class);
+
+ @Override
+ public void sessionCreated(HttpSessionEvent event) {
+ }
+
+ @Override
+ public void sessionDestroyed(HttpSessionEvent event) {
+ BindingProcessorManager manager = (BindingProcessorManager) event.getSession().getServletContext().getAttribute(SpringBKUServlet.BEAN_NAME);
+ manager.removeBindingProcessor(IdFactory.getInstance().createId(event.getSession().getId()));
+ log.info("Session {} destroyed.", event.getSession().getId());
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
index 741b5e32..39d7368d 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
@@ -1,48 +1,48 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package at.gv.egiz.bku.online.webapp;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ApplicationEvent;
-import org.springframework.context.ApplicationListener;
-import org.springframework.context.event.ContextClosedEvent;
-
-import at.gv.egiz.bku.binding.BindingProcessorManager;
-
-public class ShutdownHandler implements ApplicationListener {
-
- private static Log log = LogFactory.getLog(ShutdownHandler.class);
-
- private BindingProcessorManager bindingProcessorManager;
-
- public void setBindingProcessorManager(
- BindingProcessorManager bindingProcessorManager) {
- this.bindingProcessorManager = bindingProcessorManager;
- }
-
- @Override
- public void onApplicationEvent(ApplicationEvent event) {
- if (event instanceof ContextClosedEvent) {
- log.info("Shutting down BKU");
- bindingProcessorManager.shutdownNow();
- }
-
- }
-
-}
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.bku.online.webapp;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+
+public class ShutdownHandler implements ApplicationListener {
+
+ private final Logger log = LoggerFactory.getLogger(ShutdownHandler.class);
+
+ private BindingProcessorManager bindingProcessorManager;
+
+ public void setBindingProcessorManager(
+ BindingProcessorManager bindingProcessorManager) {
+ this.bindingProcessorManager = bindingProcessorManager;
+ }
+
+ @Override
+ public void onApplicationEvent(ApplicationEvent event) {
+ if (event instanceof ContextClosedEvent) {
+ log.info("Shutting down MOCCA.");
+ bindingProcessorManager.shutdownNow();
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
index 2c6f522e..6a6f11e8 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
@@ -19,19 +19,15 @@ package at.gv.egiz.bku.online.webapp;
import javax.servlet.http.HttpServlet;
import at.gv.egiz.bku.binding.BindingProcessorManager;
-import at.gv.egiz.bku.conf.Configurator;
public abstract class SpringBKUServlet extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
public final static String BEAN_NAME="bindingProcessorManager";
- protected static Configurator configurator;
-
protected BindingProcessorManager getBindingProcessorManager() {
return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME);
}
- public static void setConfigurator(Configurator conf) {
- configurator = conf;
- }
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
new file mode 100644
index 00000000..897ec227
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
@@ -0,0 +1,123 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.util.Collections;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.binding.AbstractBindingProcessor;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
+import at.gv.egiz.stal.QuitRequest;
+
+public abstract class AbstractCommandSequenceBindingProcessor extends AbstractBindingProcessor {
+
+ protected static Logger log = LoggerFactory.getLogger(AbstractCommandSequenceBindingProcessor.class);
+
+ /**
+ * @return the error
+ */
+ protected Exception getError() {
+ return error;
+ }
+
+ /**
+ * @param error the error to set
+ */
+ protected void setError(Exception error) {
+ this.error = error;
+ }
+
+ private Exception error;
+
+ private SLCommandBrocker commandBrocker = new SLCommandBrocker();
+
+ /**
+ * External processing?
+ */
+ private boolean external;
+
+ /**
+ * Constructs a new instance of this IdBindingProcessorImpl with
+ * the given ID.
+ */
+ public AbstractCommandSequenceBindingProcessor() {
+ super();
+ }
+
+ /**
+ * @return the external
+ */
+ public boolean isExternal() {
+ return external;
+ }
+
+ /**
+ * @param external the external to set
+ */
+ public void setExternal(boolean external) {
+ this.external = external;
+ }
+
+ protected abstract SLCommand getNextCommand();
+
+ protected abstract void processResult(SLResult result);
+
+ @Override
+ public synchronized void process() {
+
+ try {
+
+ SLCommand command;
+ do {
+ command = getNextCommand();
+ SLCommandContext context = new SLCommandContext(getSTAL(), getUrlDereferencer(), locale);
+ SLResult result = null;
+ if (external) {
+ result = commandBrocker.execute(command, context, 3 * 60 * 1000);
+ } else {
+ if (command != null) {
+ result = command.execute(context);
+ } else {
+ stal.handleRequest(Collections.singletonList(new QuitRequest()));
+ }
+ }
+ if (result != null) {
+ processResult(result);
+ }
+ } while (command != null);
+
+ } catch (InterruptedException e) {
+ setError(new SLException(6000));
+ } catch (Exception e) {
+ log.info("BindingProcessor error.", e);
+ setError(e);
+ }
+
+ }
+
+ public SLCommand setExternalResult(SLResult slResult) throws SLCommandException, InterruptedException {
+ return commandBrocker.nextCommand(slResult, 3 * 60 * 1000);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java
new file mode 100644
index 00000000..b40fd35f
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java
@@ -0,0 +1,225 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Iterator;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.FormParameter;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.binding.InputDecoder;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLMarshallerFactory;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.DomCreateXMLSignatureResultImpl;
+import at.gv.egiz.bku.slcommands.impl.DomErrorResultImpl;
+import at.gv.egiz.bku.slcommands.impl.DomInfoboxReadResultImpl;
+import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl;
+import at.gv.egiz.bku.slcommands.impl.SLCommandImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.utils.DebugInputStream;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.slbinding.SLUnmarshaller;
+
+public class DataURLServerServlet extends SpringBKUServlet {
+
+ private static Logger log = LoggerFactory.getLogger(DataURLServerServlet.class);
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ /* (non-Javadoc)
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String userAgent = req.getHeader("User-Agent");
+ String contentType = req.getContentType();
+ log.debug("Content-Type: " + contentType + " User-Agent: " + userAgent);
+
+ InputDecoder dec = InputDecoderFactory.getDecoder(contentType, req.getInputStream());
+
+ String sessionId = null;
+ Element respElement = null;
+
+ Iterator<FormParameter> formParams = dec.getFormParameterIterator();
+ while(formParams.hasNext()) {
+ FormParameter parameter = formParams.next();
+ String name = parameter.getFormParameterName();
+ if ("SessionID_".equals(name)) {
+ sessionId = StreamUtil.asString(parameter.getFormParameterValue(), "UTF-8");
+ log.debug("SessionID: {}", sessionId);
+ } else if ("ResponseType".equals(name)) {
+ String parameterContentType = parameter.getFormParameterContentType();
+ if (log.isDebugEnabled()) {
+ log.debug("ResponseType: ({}) {}.", parameterContentType, StreamUtil.asString(parameter.getFormParameterValue(), "UTF-8"));
+ }
+ } else if ("XMLResponse".equals(name)) {
+ InputStream inputStream = parameter.getFormParameterValue();
+
+ DebugInputStream di = null;
+ if (log.isDebugEnabled()) {
+ di = new DebugInputStream(inputStream);
+ inputStream = di;
+ }
+
+ SLUnmarshaller slUnmarshaller = new SLUnmarshaller();
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setSchema(slUnmarshaller.getSlSchema());
+ try {
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (ParserConfigurationException e) {
+ log.warn("Failed to enable secure processing.", e);
+ }
+
+ // http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization
+ try {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+ } catch (IllegalArgumentException e) {
+ log.warn("Failed to disable schema normalization " +
+ "(see http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization)", e);
+ }
+
+ DocumentBuilder documentBuilder;
+ try {
+ documentBuilder = dbf.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ log.error("Failed to create parser for Security Layer response." , e);
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ try {
+ Document doc = documentBuilder.parse(inputStream);
+ respElement = doc.getDocumentElement();
+ } catch (SAXException e) {
+ log.info("Failed to parse Security Layer response.", e);
+ // TODO set error and redirect
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ if (di != null) {
+ log.debug("XMLResponse:\n{}", new String(di.getBufferedBytes(), "UTF-8"));
+ }
+
+ }
+
+ }
+
+ SAMLBindingProcessorImpl bindingProcessor = null;
+ if (sessionId != null) {
+ bindingProcessor = getBindingProcessor(sessionId);
+ }
+
+ if (bindingProcessor != null && respElement != null) {
+
+ SLResult slResult = null;
+ if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(respElement.getNamespaceURI())) {
+ if ("NullOperationResponse".equals(respElement.getLocalName())) {
+ slResult = null;
+ } else if ("InfoboxReadResponse".equals(respElement.getLocalName())) {
+ slResult = new DomInfoboxReadResultImpl(respElement);
+ } else if ("CreateXMLSignatureResponse".equals(respElement.getLocalName())) {
+ slResult = new DomCreateXMLSignatureResultImpl(respElement);
+ } else if ("ErrorResponse".equals(respElement.getLocalName())) {
+ slResult = new DomErrorResultImpl(respElement);
+ } else {
+ // TODO: report proper error
+ at.gv.egiz.bku.slexceptions.SLException slException = new at.gv.egiz.bku.slexceptions.SLException(0);
+ slResult = new ErrorResultImpl(slException, null);
+ }
+
+ }
+
+ SLCommand slCommand = null;
+ try {
+ slCommand = bindingProcessor.setExternalResult(slResult);
+ } catch (SLCommandException e) {
+ log.debug(e.getMessage());
+ } catch (InterruptedException e) {
+ // interrupted
+ }
+
+ if (slCommand instanceof SLCommandImpl<?>) {
+ JAXBElement<?> request = ((SLCommandImpl<?>) slCommand).getRequest();
+ Marshaller marshaller = SLMarshallerFactory.getInstance().createMarshaller(false, false);
+ try {
+
+ resp.setCharacterEncoding("UTF-8");
+ resp.setContentType("text/xml");
+
+ marshaller.marshal(request, resp.getOutputStream());
+
+ return;
+
+ } catch (JAXBException e) {
+ log.error("Failed to marshall Security Layer request.", e);
+ }
+
+ }
+
+ }
+
+ resp.sendRedirect("bkuResult");
+
+ }
+
+ protected SAMLBindingProcessorImpl getBindingProcessor(String sessionId) {
+
+ BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(
+ IdFactory.getInstance().createId(sessionId));
+
+ if (bp instanceof SAMLBindingProcessorImpl) {
+ log.debug("Found active BindingProcessor, using this one.");
+ return (SAMLBindingProcessorImpl) bp;
+ }
+
+ return null;
+
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java
new file mode 100644
index 00000000..fd4ef8e7
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java
@@ -0,0 +1,346 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import iaik.xml.crypto.dom.DOMCryptoContext;
+import iaik.xml.crypto.dsig.keyinfo.KeyValueType;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.Manifest;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import oasis.names.tc.saml._1_0.assertion.AnyType;
+import oasis.names.tc.saml._1_0.assertion.AssertionType;
+import oasis.names.tc.saml._1_0.assertion.AttributeStatementType;
+import oasis.names.tc.saml._1_0.assertion.AttributeType;
+import oasis.names.tc.saml._1_0.assertion.StatementAbstractType;
+import oasis.names.tc.saml._1_0.assertion.SubjectConfirmationType;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.bku.utils.StreamUtil;
+
+public class IdLink {
+
+ protected Logger log = LoggerFactory.getLogger(IdLink.class);
+
+ /**
+ * The IdLink is backed by a DOM.
+ */
+ protected Node node;
+
+ /**
+ * The <code>Assertion</code> (root element) of the IdLink.
+ */
+ protected AssertionType assertion;
+
+ /**
+ * The citizen's asserted public keys.
+ */
+ protected List<PublicKey> citizenPublicKeys;
+
+ /**
+ * The XMLSignature.
+ */
+ protected XMLSignature signature;
+
+ /**
+ * The assertion's signer certificate.
+ */
+ protected X509Certificate signerCert;
+
+ /**
+ * Is the assertion's signature manifest valid?
+ */
+ protected Boolean manifestValid;
+
+ /**
+ * Is the assertion's signature valid?
+ */
+ protected Boolean signatureValid;
+
+ /**
+ * The personal identifier
+ */
+ protected IdLinkPersonData personData;
+
+ public IdLink(Element node, AssertionType assertion) throws JAXBException {
+ this.node = node;
+ this.assertion = assertion;
+ }
+
+ public PhysicalPersonType getPhysicalPerson() {
+
+ AttributeStatementType attributeStatement = getAttributeStatement();
+ if (attributeStatement != null) {
+ JAXBElement<?> subjectConfirmation = attributeStatement.getSubject().getContent().get(0);
+ if (subjectConfirmation.getDeclaredType() == SubjectConfirmationType.class) {
+ Object data = ((SubjectConfirmationType) subjectConfirmation.getValue())
+ .getSubjectConfirmationData().getContent().get(0);
+ if (data instanceof JAXBElement<?>
+ && ((JAXBElement<?>) data).getValue() instanceof PhysicalPersonType) {
+ return (PhysicalPersonType) ((JAXBElement<?>) data).getValue();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public AttributeStatementType getAttributeStatement() {
+
+ StatementAbstractType statement =
+ assertion.getStatementOrSubjectStatementOrAuthenticationStatement().get(0);
+
+ if (statement instanceof AttributeStatementType) {
+ return (AttributeStatementType) statement;
+ }
+
+ return null;
+
+ }
+
+ public IdLinkPersonData getPersonData() throws MarshalException {
+ if (personData == null) {
+ try {
+ personData = new IdLinkPersonData(getPhysicalPerson());
+ } catch (ParseException e) {
+ throw new MarshalException(e);
+ }
+ }
+ return personData;
+ }
+
+ public List<PublicKey> getCitizenPublicKeys() throws MarshalException {
+ if (citizenPublicKeys == null) {
+
+ citizenPublicKeys = new ArrayList<PublicKey>();
+
+ AttributeStatementType attributeStatement = getAttributeStatement();
+ if (attributeStatement != null) {
+ List<AttributeType> attributes = attributeStatement.getAttribute();
+ for (AttributeType attribute : attributes) {
+ if ("urn:publicid:gv.at:namespaces:identitylink:1.2".equals(attribute.getAttributeNamespace())
+ && "CitizenPublicKey".equals(attribute.getAttributeName())) {
+ List<AnyType> value = attribute.getAttributeValue();
+ if (value.size() == 1 && value.get(0).getContent().size() == 1) {
+ Object object = value.get(0).getContent().get(0);
+ if (object instanceof Element) {
+ Element element = (Element) object;
+ DOMStructure structure = iaik.xml.crypto.dom.DOMStructure.getInstance(element, new DOMCryptoContext());
+ if (structure instanceof KeyValueType) {
+ citizenPublicKeys.add(((KeyValueType) structure).getPublicKey());
+ }
+ }
+ }
+ }
+ }
+ }
+
+ }
+ return citizenPublicKeys;
+ }
+
+ public XMLSignature getXMLSignature() throws MarshalException {
+ if (signature == null) {
+
+ Node n = node.getLastChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getPreviousSibling();
+ }
+
+ if (n != null
+ && XMLSignature.XMLNS.equals(n.getNamespaceURI())
+ && "Signature".equals(n.getLocalName())) {
+
+ XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance();
+ signature = signatureFactory.unmarshalXMLSignature(new DOMStructure(n));
+ }
+
+
+ }
+ return signature;
+ }
+
+ public X509Certificate getSignerCert() throws MarshalException {
+ if (signerCert == null) {
+
+ if (getXMLSignature() != null) {
+
+ KeyInfo keyInfo = signature.getKeyInfo();
+ if (keyInfo != null) {
+ List<?> content = keyInfo.getContent();
+ for (Object data : content) {
+ if (data instanceof X509Data) {
+ List<?> x509Data = ((X509Data) data).getContent();
+ for (Object object : x509Data) {
+ if (object instanceof X509Certificate) {
+ signerCert = (X509Certificate) object;
+ return signerCert;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return signerCert;
+ }
+
+
+ @SuppressWarnings("unchecked")
+ public boolean verifySignature() throws MarshalException, XMLSignatureException {
+ if (signatureValid == null) {
+ if (getXMLSignature() != null && getSignerCert() != null) {
+
+ DOMValidateContext validateContext = new DOMValidateContext(signerCert.getPublicKey(), node);
+ validateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+ signatureValid = signature.validate(validateContext);
+
+ // logging
+ if (!signatureValid && log.isTraceEnabled()) {
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference reference : references) {
+ if (!Manifest.TYPE.equals(reference.getType())) {
+ if (!reference.validate(validateContext)) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("SignedInfo's reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get SignedInfos's reference digest input", e.toString());
+ }
+ }
+ } else {
+ try {
+ log.trace("Signature canonicalized data:\n{}", StreamUtil.asString(signature
+ .getSignedInfo().getCanonicalizedData(), "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get canonicalized data.", e);
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ }
+ }
+ return signatureValid;
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean verifyManifest() throws MarshalException, XMLSignatureException {
+ if (manifestValid == null) {
+ if (getXMLSignature() != null && getSignerCert() != null) {
+
+ DOMValidateContext validateContext = new DOMValidateContext(signerCert.getPublicKey(), node);
+ if (log.isTraceEnabled()) {
+ // enable reference caching in trace log-level
+ validateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+ }
+ boolean valid = false;
+
+ // validate manifest
+ List<XMLObject> objects = signature.getObjects();
+ for (XMLObject object : objects) {
+ List<?> content = object.getContent();
+ if (content.get(0) instanceof Manifest) {
+ Manifest manifest = (Manifest) content.get(0);
+ List<Reference> references = manifest.getReferences();
+ for (Reference reference : references) {
+
+ valid = reference.validate(validateContext);
+
+ // logging
+ if (!valid && log.isTraceEnabled()) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("Manifest's reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get Manifest's reference digest input", e.toString());
+ }
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ // validate reference to manifest
+ if (valid) {
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference reference : references) {
+ if (Manifest.TYPE.equals(reference.getType())) {
+
+ boolean refValid = reference.validate(validateContext);
+
+ // logging
+ if (!refValid && log.isTraceEnabled()) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("SignedInfo's manifest reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get SignedInfos's manifest reference digest input", e.toString());
+ }
+ }
+ }
+
+ valid &= refValid;
+
+ }
+ }
+ }
+
+ manifestValid = valid;
+
+ }
+
+ }
+ return manifestValid;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java
new file mode 100644
index 00000000..12383861
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java
@@ -0,0 +1,43 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+public class IdLinkException extends Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public IdLinkException() {
+ super();
+ }
+
+ public IdLinkException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public IdLinkException(String message) {
+ super(message);
+ }
+
+ public IdLinkException(Throwable cause) {
+ super(cause);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java
new file mode 100644
index 00000000..90312af3
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java
@@ -0,0 +1,154 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import oasis.names.tc.saml._1_0.assertion.AssertionType;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+public class IdLinkFactory {
+
+ protected static Logger log = LoggerFactory.getLogger(IdLinkFactory.class);
+
+ public static final String[] SCHEMA_FILES = new String[] {
+ "at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd",
+ "at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd",
+ "at/gv/egiz/mocca/id/idlschema/PersonData.xsd",
+ "at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd"};
+
+ private static class InstanceHolder {
+ private static final IdLinkFactory INSTANCE = new IdLinkFactory();
+ }
+
+ public static IdLinkFactory getInstance() {
+ return InstanceHolder.INSTANCE;
+ }
+
+ static {
+// InitDOMStructure.init();
+ }
+
+ private final Schema idlSchema;
+
+ private final JAXBContext jaxbContext;
+
+
+ private IdLinkFactory() {
+
+ try {
+ SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ Source[] sources = new Source[SCHEMA_FILES.length];
+ for (int i = 0; i < SCHEMA_FILES.length; i++) {
+ String schemaFile = SCHEMA_FILES[i];
+ URL schemaURL = cl.getResource(schemaFile);
+ if (schemaURL == null) {
+ throw new RuntimeException("Failed to load schema file " + schemaFile + ".");
+ }
+ log.debug("Schema location: " + schemaURL);
+ sources[i] = new StreamSource(schemaURL.openStream());
+ }
+ idlSchema = schemaFactory.newSchema(sources);
+ } catch (IOException e) {
+ log.error("Failed to load identity link schema.", e);
+ throw new RuntimeException(e);
+ } catch (SAXException e) {
+ log.error("Failed to load identity link schema.", e);
+ throw new RuntimeException(e);
+ }
+
+ StringBuffer packageNames = new StringBuffer();
+ packageNames.append(at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory.class.getPackage().getName());
+ packageNames.append(":");
+ packageNames.append(oasis.names.tc.saml._1_0.assertion.ObjectFactory.class.getPackage().getName());
+
+ try {
+ jaxbContext = JAXBContext.newInstance(packageNames.toString());
+ } catch (JAXBException e) {
+ // we should not get an JAXBException initializing the JAXBContext
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ public IdLink unmarshallIdLink(InputSource source) throws IdLinkException,
+ ParserConfigurationException, SAXException, IOException, JAXBException {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setSchema(idlSchema);
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+
+ // http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization
+ try {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+ } catch (IllegalArgumentException e) {
+ log.warn("Failed to disable schema normalization " +
+ "(see http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization)", e);
+ }
+
+ DocumentBuilder documentBuilder = dbf.newDocumentBuilder();
+ Document doc = documentBuilder.parse(source);
+
+ return unmarshallIdLink(doc.getDocumentElement());
+
+ }
+
+ public IdLink unmarshallIdLink(Element element) throws IdLinkException, JAXBException {
+
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ unmarshaller.setSchema(idlSchema);
+
+ Object object = unmarshaller.unmarshal(element);
+
+ IdLink idLink;
+ if (object instanceof JAXBElement<?>
+ && ((JAXBElement<?>) object).getDeclaredType() == AssertionType.class) {
+ idLink = new IdLink(element, (AssertionType) ((JAXBElement<?>) object).getValue());
+ } else {
+ throw new IllegalArgumentException("Parameter node is not a "
+ + new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion"));
+ }
+
+ return idLink;
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java
new file mode 100644
index 00000000..493b92af
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java
@@ -0,0 +1,88 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class IdLinkKeySelector extends KeySelector {
+
+ private static Logger log = LoggerFactory.getLogger(IdLinkKeySelector.class);
+
+ private IdLink idLink;
+
+ public IdLinkKeySelector(IdLink idLink) {
+ super();
+ if (idLink == null) {
+ throw new NullPointerException("Parameter 'idLink' must not be null.");
+ }
+ this.idLink = idLink;
+ }
+
+ @Override
+ public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose,
+ AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+
+ if (purpose != Purpose.VERIFY) {
+ throw new KeySelectorException("KeySelector does not support purpose "
+ + purpose + ".");
+ }
+
+ try {
+ for (Object ki : keyInfo.getContent()) {
+ if (ki instanceof X509Data) {
+ for (Object xd : ((X509Data) ki).getContent()) {
+ if (xd instanceof X509Certificate) {
+ final PublicKey publicKey = ((X509Certificate) xd).getPublicKey();
+ if (idLink.getCitizenPublicKeys().contains(publicKey)) {
+ log.trace("Found matching key {} in identiy link and KeyInfo.", publicKey);
+ return new KeySelectorResult() {
+ @Override
+ public Key getKey() {
+ return publicKey;
+ }
+ };
+ }
+ }
+ }
+ }
+ }
+ } catch (MarshalException e) {
+ log.info("Failed to get public keys from identity link.", e);
+ throw new KeySelectorException(e);
+ }
+
+ log.info("Did not find matching public keys in the identity link and the KeyInfo.");
+ return null;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java
new file mode 100644
index 00000000..5b6f4453
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java
@@ -0,0 +1,76 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+public class IdLinkPersonData {
+
+ private static final DateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd");
+
+ protected PersonalIdentifier identifier;
+
+ protected String familyName;
+
+ protected String givenName;
+
+ protected Date dateOfBirth;
+
+ public IdLinkPersonData(PhysicalPersonType physicalPerson) throws ParseException {
+ familyName = physicalPerson.getName().getFamilyName().get(0).getValue();
+ givenName = physicalPerson.getName().getGivenName().get(0);
+ dateOfBirth = DATE_FORMAT.parse(physicalPerson.getDateOfBirth());
+ IdentificationType identificationType = physicalPerson.getIdentification().get(0);
+ if (identificationType != null) {
+ identifier = new PersonalIdentifier(identificationType.getType(),
+ identificationType.getValue().getValue());
+ }
+ }
+
+ public String getGivenName() {
+ return givenName;
+ }
+
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ public Date getDateOfBirth() throws ParseException {
+ return dateOfBirth;
+ }
+
+ public PersonalIdentifier getIdentifier() {
+ return identifier;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ @Override
+ public String toString() {
+ return familyName + ", " + givenName + ", " + DATE_FORMAT.format(dateOfBirth);
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java
new file mode 100644
index 00000000..ad108dc2
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java
@@ -0,0 +1,81 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import iaik.utils.Base64OutputStream;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class PersonalIdentifier {
+
+ public static final String PREFIX = "urn:publicid:gv.at:";
+
+ public static final String BASE_ID = PREFIX + "baseid";
+
+
+ protected String type;
+
+ protected String value;
+
+ public PersonalIdentifier(String type, String value) {
+ this.type = type;
+ this.value = value;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ public PersonalIdentifier getDerivedValue(String domainId) {
+
+ if (BASE_ID.equals(type)) {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA");
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Base64OutputStream bos = new Base64OutputStream(os);
+ bos.write(md.digest((value + '+' + domainId).getBytes("ISO-8859-1")));
+ bos.flush();
+ return new PersonalIdentifier(domainId, os.toString("ASCII"));
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return null;
+
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java
new file mode 100644
index 00000000..8737d39c
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java
@@ -0,0 +1,115 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.transform.Templates;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public class QESTemplates {
+
+ private Map<String, Templates> templatesMap = Collections.synchronizedMap(new HashMap<String, Templates>());
+
+ private synchronized Templates getTemplates(String id) {
+
+ Templates templates = templatesMap.get(id);
+ if (templates == null) {
+ templates = loadTemplates(id);
+ templatesMap.put(id, templates);
+ }
+ return templates;
+
+ }
+
+ protected Templates loadTemplates(String id) {
+
+ InputStream xsl = QESTemplates.class.getResourceAsStream("/templates/template.xsl");
+ if (xsl == null) {
+ throw new IllegalArgumentException("Template not found.");
+ }
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ try {
+ return transformerFactory.newTemplates(new StreamSource(xsl));
+ } catch (TransformerConfigurationException e) {
+ throw new SLRuntimeException(e);
+ }
+
+ }
+
+ public String createQESTemplate(String id, Locale locale, IdLink idLink, String url, PersonalIdentifier derivedIdentifier, Date dateTime) {
+
+ Templates templates = getTemplates(id);
+ try {
+ Transformer transformer = templates.newTransformer();
+
+ DateFormat dateFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, locale);
+ DateFormat timeFormat = DateFormat.getTimeInstance(DateFormat.MEDIUM, locale);
+
+ IdLinkPersonData personData = idLink.getPersonData();
+
+ transformer.setParameter("givenName", personData.getGivenName());
+ transformer.setParameter("familyName", personData.getFamilyName());
+ transformer.setParameter("dateOfBirth", dateFormat.format(personData.getDateOfBirth()));
+
+ transformer.setParameter("url", url);
+ transformer.setParameter("identifierType", derivedIdentifier.getType());
+ transformer.setParameter("identifierValue", derivedIdentifier.getValue());
+
+ transformer.setParameter("date", dateFormat.format(dateTime));
+ transformer.setParameter("time", timeFormat.format(dateTime));
+
+
+ StringWriter writer = new StringWriter();
+ transformer.transform(new StreamSource(), new StreamResult(writer));
+
+
+ return writer.toString();
+ } catch (TransformerConfigurationException e) {
+ throw new SLRuntimeException(e);
+ } catch (TransformerException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (MarshalException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (ParseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java
new file mode 100644
index 00000000..9a71b32f
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java
@@ -0,0 +1,44 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.util.Collections;
+import java.util.Set;
+
+import at.gv.egiz.bku.binding.AbstractBindingProcessorFactory;
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.BindingProcessorFactory;
+import at.gv.egiz.bku.utils.binding.Protocol;
+
+public class SAMLBindingProcessorFactory extends AbstractBindingProcessorFactory implements BindingProcessorFactory {
+
+ private Set<Protocol> supportedProtocols = Collections.singleton(Protocol.SAML);
+
+ @Override
+ public Set<Protocol> getSupportedProtocols() {
+ return supportedProtocols;
+ }
+
+ @Override
+ public BindingProcessor createBindingProcessor() {
+ SAMLBindingProcessorImpl bindingProcessor = new SAMLBindingProcessorImpl();
+ configureBindingProcessor(bindingProcessor);
+ return bindingProcessor;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java
new file mode 100644
index 00000000..ce4ac425
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java
@@ -0,0 +1,357 @@
+/*
+ * Copyright 2009 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.mocca.id;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType;
+import at.gv.egiz.bku.binding.FormParameter;
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.InputDecoder;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.slcommands.CreateXMLSignatureResult;
+import at.gv.egiz.bku.slcommands.ErrorResult;
+import at.gv.egiz.bku.slcommands.InfoboxReadResult;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandFactory;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLVersionException;
+
+public class SAMLBindingProcessorImpl extends
+ AbstractCommandSequenceBindingProcessor implements HTTPBindingProcessor {
+
+ private static final Logger log = LoggerFactory
+ .getLogger(SAMLBindingProcessorImpl.class);
+
+ private String requestContentType;
+
+ private String domainIdentifier = "urn:publicid:gv.at:wbpk+FN+468924i";
+
+ private String keyBoxIdentifier = "SecureSignatureKeypair";
+
+ private String url = "www.egiz.gv.at";
+
+ private QESTemplates templates = new QESTemplates();
+
+ private IdLink idLink;
+
+ private Element signature;
+
+ private SLResult errorResponse;
+
+ @Override
+ protected void processResult(SLResult result) {
+ if (result instanceof ErrorResult) {
+ ErrorResult errorResult = (ErrorResult) result;
+ log.info("Got ErrorResponse {}: {}", errorResult.getErrorCode(),
+ errorResult.getInfo());
+ errorResponse = result;
+ return;
+ } else if (result instanceof InfoboxReadResult) {
+ try {
+ processInfoboxReadResult((InfoboxReadResult) result);
+ if (idLink != null) {
+ try {
+ IdLinkPersonData personData = idLink.getPersonData();
+ log.info("Got idLink for {}.", personData);
+ } catch (MarshalException e) {
+ log.info("Failed to unmarshal idLink.");
+ }
+ }
+ } catch (JAXBException e) {
+ log.info("InfoboxReadResult contains unexpected data.", e);
+ errorResponse = result;
+ } catch (IdLinkException e) {
+ log.info("InfoboxReadResult contains invalid identity link.", e);
+ errorResponse = result;
+ }
+ } else if (result instanceof CreateXMLSignatureResult) {
+ signature = ((CreateXMLSignatureResult) result).getContent();
+ log.info("Got signature.");
+ boolean valid = validate(signature) && validate(idLink);
+ log.info("Signature is valid: " + valid);
+ }
+ }
+
+ @Override
+ protected SLCommand getNextCommand() {
+
+ JAXBElement<?> request = null;
+ if (errorResponse == null) {
+ if (idLink == null) {
+ request = createReadInfoboxRequest(domainIdentifier);
+ } else if (signature == null) {
+ request = createXMLSignatureRequest();
+ }
+ }
+
+ if (request != null) {
+ SLCommandFactory commandFactory = SLCommandFactory.getInstance();
+ try {
+ return commandFactory.createSLCommand(request);
+ } catch (SLCommandException e) {
+ log.error("Failed to create SLCommand.", e);
+ setError(e);
+ } catch (SLVersionException e) {
+ log.error("Failed to create SLCommand.", e);
+ setError(e);
+ }
+ }
+
+ return null;
+ }
+
+ protected void processInfoboxReadResult(InfoboxReadResult result)
+ throws JAXBException, IdLinkException {
+
+ Object object = result.getContent();
+ if (object instanceof byte[]) {
+ log.info("InfoboxReadResult contains unexpected binary data.");
+ errorResponse = result;
+ return;
+ } else if (object instanceof List<?>) {
+ JAXBException exception = null;
+ for (Object content : (List<?>) object) {
+ if (content instanceof Element) {
+ try {
+ idLink = IdLinkFactory.getInstance().unmarshallIdLink(
+ (Element) content);
+ return;
+ } catch (JAXBException e) {
+ exception = e;
+ }
+ }
+ }
+ if (exception != null) {
+ throw exception;
+ }
+ }
+
+ }
+
+ @Override
+ public void setHTTPHeaders(Map<String, String> headerMap) {
+ for (String header : headerMap.keySet()) {
+ if (HttpUtil.HTTP_HEADER_CONTENT_TYPE.equalsIgnoreCase(header)) {
+ requestContentType = headerMap.get(header);
+ }
+ }
+ }
+
+ @Override
+ public void consumeRequestStream(String url, InputStream is) {
+ InputDecoder inputDecoder = InputDecoderFactory.getDecoder(
+ requestContentType, is);
+ Iterator<FormParameter> fpi = inputDecoder.getFormParameterIterator();
+ while (fpi.hasNext()) {
+ FormParameter formParameter = fpi.next();
+ if ("BKUUrl".equals(formParameter.getFormParameterName())) {
+ setExternal(true);
+ }
+ }
+ }
+
+ @Override
+ public String getResultContentType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void writeResultTo(OutputStream os, String encoding)
+ throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ protected JAXBElement<InfoboxReadRequestType> createReadInfoboxRequest(
+ String domainIdentifier) {
+
+ ObjectFactory factory = new ObjectFactory();
+
+ InfoboxReadRequestType infoboxReadRequestType = factory
+ .createInfoboxReadRequestType();
+ infoboxReadRequestType.setInfoboxIdentifier("IdentityLink");
+
+ InfoboxReadParamsBinaryFileType infoboxReadParamsBinaryFileType = factory
+ .createInfoboxReadParamsBinaryFileType();
+ infoboxReadParamsBinaryFileType.setContentIsXMLEntity(true);
+ infoboxReadRequestType
+ .setBinaryFileParameters(infoboxReadParamsBinaryFileType);
+
+ if (domainIdentifier != null) {
+ JAXBElement<String> identityLinkDomainIdentifier = factory
+ .createIdentityLinkDomainIdentifier(domainIdentifier);
+ AnyChildrenType anyChildrenType = factory.createAnyChildrenType();
+ anyChildrenType.getAny().add(identityLinkDomainIdentifier);
+
+ infoboxReadRequestType.setBoxSpecificParameters(anyChildrenType);
+ }
+
+ return factory.createInfoboxReadRequest(infoboxReadRequestType);
+
+ }
+
+ protected JAXBElement<CreateXMLSignatureRequestType> createXMLSignatureRequest() {
+
+ ObjectFactory factory = new ObjectFactory();
+
+ CreateXMLSignatureRequestType createXMLSignatureRequest = factory
+ .createCreateXMLSignatureRequestType();
+ createXMLSignatureRequest.setKeyboxIdentifier(keyBoxIdentifier);
+
+ DataObjectInfoType dataObjectInfoType = factory.createDataObjectInfoType();
+ dataObjectInfoType.setStructure("enveloping");
+
+ TransformsInfoType transformsInfoType = factory.createTransformsInfoType();
+ MetaInfoType metaInfoType = factory.createMetaInfoType();
+ metaInfoType.setMimeType("application/xhtml+xml");
+ transformsInfoType.setFinalDataMetaInfo(metaInfoType);
+
+ dataObjectInfoType.getTransformsInfo().add(transformsInfoType);
+
+ Base64XMLLocRefOptRefContentType contentType = factory
+ .createBase64XMLLocRefOptRefContentType();
+
+ PersonalIdentifier identifier;
+ try {
+ identifier = idLink.getPersonData().getIdentifier();
+ } catch (MarshalException e) {
+ setError(e);
+ return null;
+ }
+ if ("urn:publicid:gv.at:baseid".equals(identifier.getType())) {
+ identifier = identifier.getDerivedValue(domainIdentifier);
+ }
+ String template = templates.createQESTemplate("test", locale, idLink, "",
+ identifier, new Date());
+
+ contentType.setBase64Content(template.getBytes(Charset.forName("UTF-8")));
+
+ dataObjectInfoType.setDataObject(contentType);
+
+ createXMLSignatureRequest.getDataObjectInfo().add(dataObjectInfoType);
+
+ return factory.createCreateXMLSignatureRequest(createXMLSignatureRequest);
+
+ }
+
+ protected boolean validate(IdLink idLink) {
+ try {
+ if (domainIdentifier != null && domainIdentifier.startsWith("urn:publicid:gv.at:ccid")) {
+ if (!idLink.verifyManifest()) {
+ log.info("Identity link manifest verification failed.");
+ return false;
+ }
+ }
+ if (idLink.verifySignature()) {
+ return true;
+ }
+ } catch (MarshalException e) {
+ log.info("Identity link signature verification failed.", e);
+ } catch (XMLSignatureException e) {
+ log.info("Identity link signature verification failed.", e);
+ }
+ log.info("Identity link signature verification failed.");
+ return false;
+ }
+
+
+ protected boolean validate(Element signature) {
+
+ Document doc = signature.getOwnerDocument();
+ if (signature != signature.getOwnerDocument().getDocumentElement()) {
+ doc.replaceChild(signature, doc.getDocumentElement());
+ }
+
+ XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
+
+ try {
+ IdLinkKeySelector keySelector = new IdLinkKeySelector(idLink);
+ DOMValidateContext validateContext = new DOMValidateContext(keySelector, signature);
+
+ XMLSignature xmlSignature = xmlSignatureFactory
+ .unmarshalXMLSignature(validateContext);
+
+ return xmlSignature.validate(validateContext);
+ } catch (MarshalException e) {
+ log.info("Failed to unmarshall signature.", e);
+ } catch (XMLSignatureException e) {
+ log.info("Failed to validate signature.", e);
+ }
+ return false;
+ }
+
+ @Override
+ public InputStream getFormData(String parameterName) {
+ if ("appletPage".equals(parameterName)) {
+ String appletPage = (isExternal()) ? "local.jsp" : "applet.jsp";
+ return new ByteArrayInputStream(appletPage.getBytes());
+ }
+ return null;
+ }
+
+ @Override
+ public String getRedirectURL() {
+ return null;
+ }
+
+ @Override
+ public int getResponseCode() {
+ return HttpServletResponse.SC_OK;
+ }
+
+ @Override
+ public Map<String, String> getResponseHeaders() {
+ return Collections.emptyMap();
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java
new file mode 100644
index 00000000..0209ca79
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java
@@ -0,0 +1,33 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egiz.bku.online.webapp.AbstractWebRequestHandler;
+
+public class SAMLRequestHandler extends AbstractWebRequestHandler {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected String getRequestProtocol(HttpServletRequest req) {
+ return "SAML";
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java
new file mode 100644
index 00000000..2e46a220
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java
@@ -0,0 +1,100 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+
+public class SLCommandBrocker {
+
+ private Sync<SLCommand> commandSync = new Sync<SLCommand>();
+
+ private Sync<SLResult> resultSync = new Sync<SLResult>();
+
+ public SLResult execute(SLCommand command, SLCommandContext context, long timeout) throws InterruptedException {
+ try {
+ commandSync.put(command, timeout);
+ if (command != null) {
+ return resultSync.get(timeout);
+ } else {
+ return null;
+ }
+ } catch (SLCommandException e) {
+ return new ErrorResultImpl(e, context.getLocale());
+ }
+ }
+
+ public SLCommand nextCommand(SLResult result, long timeout) throws SLCommandException, InterruptedException {
+ if (result != null) {
+ resultSync.put(result, timeout);
+ }
+ return commandSync.get(timeout);
+ }
+
+ public class Sync<R> {
+
+ private boolean available;
+
+ private R r;
+
+ public synchronized R get(long timeout) throws SLCommandException, InterruptedException {
+
+ long t0 = System.currentTimeMillis();
+ long elapsed = 0;
+
+ while (!available) {
+ wait(timeout - elapsed);
+ elapsed = System.currentTimeMillis() - t0;
+ if (elapsed > timeout) {
+ notifyAll();
+ throw new SLCommandException(6000);
+ }
+ }
+
+ R r = this.r;
+ this.r = null;
+ available = false;
+ notifyAll();
+ return r;
+ }
+
+ public synchronized void put(R r, long timeout) throws SLCommandException, InterruptedException {
+
+ long t0 = System.currentTimeMillis();
+ long elapsed = 0;
+
+ while (available) {
+ wait(timeout - elapsed);
+ elapsed = System.currentTimeMillis() - t0;
+ if (elapsed > timeout) {
+ notifyAll();
+ throw new SLCommandException(6000);
+ }
+ }
+
+ this.r = r;
+ available = true;
+ notifyAll();
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
index 305d8c1c..5940f505 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
@@ -19,27 +19,50 @@ package at.gv.egiz.stal.service.impl;
import java.util.Locale;
+import org.apache.commons.configuration.Configuration;
+
+import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
+import at.gv.egiz.bku.jmx.ComponentMXBean;
+import at.gv.egiz.bku.jmx.ComponentState;
import at.gv.egiz.stal.STAL;
import at.gv.egiz.stal.STALFactory;
/**
*
- * @author clemens
+ * @author clemens, mcentner
*/
-public class RequestBrokerSTALFactory implements STALFactory {
-
- private static long timeout = -1;
+public class RequestBrokerSTALFactory implements STALFactory, ComponentMXBean {
- @Override
- public STAL createSTAL() {
- return new STALRequestBrokerImpl(timeout);
- }
+ public final ConfigurationFacade configurationFacade = new ConfigurationFacade();
+
+ public class ConfigurationFacade implements MoccaConfigurationFacade {
+
+ private Configuration configuration;
+
+ public static final String APPLET_TIMEOUT = "AppletTimeout";
- @Override
- public void setLocale(Locale locale) {
+ public int getAppletTimeout() {
+ return configuration.getInteger(APPLET_TIMEOUT, -1);
}
+
+ }
+
+ public void setConfiguration(Configuration configuration) {
+ configurationFacade.configuration = configuration;
+ }
+
+ @Override
+ public STAL createSTAL() {
+ return new STALRequestBrokerImpl(configurationFacade.getAppletTimeout());
+ }
+
+ @Override
+ public void setLocale(Locale locale) {
+ }
+
+ @Override
+ public ComponentState checkComponentState() {
+ return new ComponentState(true);
+ }
- public static void setTimeout(long millisec) {
- timeout = millisec;
- }
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
index a2447ab7..5705a9f7 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
@@ -34,8 +34,8 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.bind.JAXBElement;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* An instance of STALRequestBroker is shared between a producer thread (SLCommand)
@@ -50,7 +50,7 @@ import org.apache.commons.logging.LogFactory;
*/
public class STALRequestBrokerImpl implements STALRequestBroker {
- private static final Log log = LogFactory.getLog(STALRequestBrokerImpl.class);
+ private final Logger log = LoggerFactory.getLogger(STALRequestBrokerImpl.class);
private ObjectFactory of = new ObjectFactory();
private STALTranslator translator = new STALTranslator();
@@ -173,7 +173,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume response");
responses.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume response, cleanup requests");
+ log.warn("Timeout while waiting to consume response, cleanup requests.");
requests.clear();
hashDataInputs.clear();
return Collections.singletonList((STALResponse) new ErrorResponse(ERR_4500));
@@ -218,7 +218,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume request");
requests.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume request");
+ log.warn("Timeout while waiting to consume request.");
return createSingleQuitRequest();
}
}
@@ -250,11 +250,11 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
}
try {
synchronized (requests) {
- log.trace("received responses, now consume request");
+ log.trace("Received responses, now consume request.");
if (requests.size() != 0) {
requests.clear();
} else {
- log.warn("requests queue is empty, response might have already been produced previously ");
+ log.warn("Requests queue is empty, response might have already been produced previously.");
// return QUIT?
}
}
@@ -266,7 +266,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to produce response");
responses.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to produce response");
+ log.warn("Timeout while waiting to produce response.");
return createSingleQuitRequest();
}
}
@@ -281,7 +281,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("notifying response consumers");
responses.notify();
} else {
- log.error("Received NextRequest without responses, return QUIT");
+ log.error("Received NextRequest without responses, return QUIT.");
return createSingleQuitRequest();
}
}
@@ -292,11 +292,11 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume request");
requests.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume request");
+ log.warn("Timeout while waiting to consume request.");
return createSingleQuitRequest();
}
}
- log.trace("don't consume request now, but on next response delivery");
+ log.trace("Don't consume request now, but on next response delivery.");
return requests;
}
} catch (InterruptedException ex) {
@@ -309,7 +309,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
@Override
public List<HashDataInput> getHashDataInput() {
synchronized (requests) {
- log.trace("return " + hashDataInputs.size() + " current HashDataInput(s) ");
+ log.trace("Return {} current HashDataInput(s).", hashDataInputs.size());
return hashDataInputs;
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
index c8ab280f..e32dad8f 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
@@ -16,13 +16,30 @@
*/
package at.gv.egiz.stal.service.impl;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.servlet.ServletContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+
+import org.slf4j.MDC;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.buergerkarte.namespaces.cardchannel.service.CommandAPDUType;
import at.buergerkarte.namespaces.cardchannel.service.ScriptType;
import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.BindingProcessorManager;
import at.gv.egiz.bku.binding.Id;
import at.gv.egiz.bku.binding.IdFactory;
-
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.service.GetHashDataInputFault;
import at.gv.egiz.stal.service.STALPortType;
@@ -38,25 +55,8 @@ import at.gv.egiz.stal.service.types.RequestType;
import at.gv.egiz.stal.service.types.ResponseType;
import at.gv.egiz.stal.service.types.SignRequestType;
import at.gv.egiz.stal.service.types.GetHashDataInputType.Reference;
-//import at.gv.egiz.stal.service.types.GetHashDataInputResponseType.Reference;
import com.sun.xml.ws.developer.UsesJAXBContext;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Resource;
-import javax.jws.WebService;
-import javax.servlet.ServletContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.ws.WebServiceContext;
-import javax.xml.ws.handler.MessageContext;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
/**
*
@@ -68,10 +68,10 @@ public class STALServiceImpl implements STALPortType {
public static final String BINDING_PROCESSOR_MANAGER = "bindingProcessorManager";
public static final Id TEST_SESSION_ID = IdFactory.getInstance().createId("TestSession");
- protected static final Log log = LogFactory.getLog(STALServiceImpl.class);
-
+ private final Logger log = LoggerFactory.getLogger(STALServiceImpl.class);
static {
+ Logger log = LoggerFactory.getLogger(STALServiceImpl.class);
if (log.isTraceEnabled()) {
log.trace("enabling webservice communication dump");
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump", "true");
@@ -91,227 +91,242 @@ public class STALServiceImpl implements STALPortType {
public GetNextRequestResponseType connect(String sessId) {
if (sessId == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(sessId);
+ MDC.put("id", sessionId.toString());
- if (log.isDebugEnabled()) {
- log.debug("Received Connect [" + sessionId + "]");
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionNextRequestResponse(null);
- }
-
- GetNextRequestResponseType response = new GetNextRequestResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
-
- List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).connect();
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
-
- if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Returning initial GetNextRequestResponse [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(requestsOut.size());
- sb.append(" requests: ");
- for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
- sb.append(reqOut.getValue().getClass());
- sb.append(' ');
+ try {
+ log.debug("Received Connect.");
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionNextRequestResponse(null);
+ }
+
+ GetNextRequestResponseType response = new GetNextRequestResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+
+ List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).connect();
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder("Returning initial GetNextRequestResponse containing ");
+ sb.append(requestsOut.size());
+ sb.append(" requests: ");
+ for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
+ sb.append(reqOut.getValue().getClass());
+ sb.append(' ');
+ }
+ log.debug(sb.toString());
}
- log.debug(sb.toString());
+ } else {
+ log.error("Failed to get STAL, returning QuitRequest.");
+ QuitRequestType quitT = stalObjFactory.createQuitRequestType();
+ JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
}
- } else {
- log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest");
- QuitRequestType quitT = stalObjFactory.createQuitRequestType();
- JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+ return response;
+
+ } finally {
+ MDC.remove("id");
}
- return response;
}
@Override
public GetNextRequestResponseType getNextRequest(GetNextRequestType request) {
if (request.getSessionId() == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(request.getSessionId());
+ MDC.put("id", sessionId.toString());
- List<JAXBElement<? extends ResponseType>> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();
-// List<ResponseType> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();//getResponse();
+ try {
- if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Received GetNextRequest [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(responsesIn.size());
- sb.append(" responses: ");
- for (JAXBElement<? extends ResponseType> respIn : responsesIn) {
- sb.append(respIn.getValue().getClass());
- sb.append(' ');
- }
- log.debug(sb.toString());
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionNextRequestResponse(responsesIn);
- }
-
- GetNextRequestResponseType response = new GetNextRequestResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
-
- List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+ List<JAXBElement<? extends ResponseType>> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();
if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Returning GetNextRequestResponse [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(requestsOut.size());
- sb.append(" requests: ");
- for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
- sb.append(reqOut.getValue().getClass());
+ StringBuilder sb = new StringBuilder("Received GetNextRequest containing ");
+ sb.append(responsesIn.size());
+ sb.append(" responses: ");
+ for (JAXBElement<? extends ResponseType> respIn : responsesIn) {
+ sb.append(respIn.getValue().getClass());
sb.append(' ');
}
log.debug(sb.toString());
}
- } else {
- log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest");
- QuitRequestType quitT = stalObjFactory.createQuitRequestType();
- JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionNextRequestResponse(responsesIn);
+ }
+
+ GetNextRequestResponseType response = new GetNextRequestResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+
+ List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder("Returning GetNextRequestResponse containing ");
+ sb.append(requestsOut.size());
+ sb.append(" requests: ");
+ for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
+ sb.append(reqOut.getValue().getClass());
+ sb.append(' ');
+ }
+ log.debug(sb.toString());
+ }
+ } else {
+ log.error("Failed to get STAL, returning QuitRequest.");
+ QuitRequestType quitT = stalObjFactory.createQuitRequestType();
+ JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+ }
+ return response;
+
+ } finally {
+ MDC.remove("id");
}
- return response;
}
@Override
public GetHashDataInputResponseType getHashDataInput(GetHashDataInputType request) throws GetHashDataInputFault {
if (request.getSessionId() == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(request.getSessionId());
+ MDC.put("id", sessionId.toString());
- if (log.isDebugEnabled()) {
- log.debug("Received GetHashDataInputRequest for session " + sessionId + " containing " + request.getReference().size() + " reference(s)");
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionHashDataInputResponse(request.getReference());
- }
-
- GetHashDataInputResponseType response = new GetHashDataInputResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
- List<HashDataInput> hashDataInputs = stal.getHashDataInput();
-
- if (hashDataInputs != null) {
-
- Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>();
- for (HashDataInput hdi : hashDataInputs) {
- if (log.isTraceEnabled()) {
- log.trace("Provided HashDataInput for reference " + hdi.getReferenceId());
- }
- hashDataIdMap.put(hdi.getReferenceId(), hdi);
- }
-
- List<GetHashDataInputType.Reference> reqRefs = request.getReference();
- for (GetHashDataInputType.Reference reqRef : reqRefs) {
- String reqRefId = reqRef.getID();
- HashDataInput reqHdi = hashDataIdMap.get(reqRefId);
- if (reqHdi == null) {
- String msg = "Failed to resolve HashDataInput for reference " + reqRefId;
- log.error(msg);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
- }
-
- InputStream hashDataIS = reqHdi.getHashDataInput();
- if (hashDataIS == null) {
- //HashDataInput not cached?
- String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached";
- log.error(msg);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
+ try {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Received GetHashDataInputRequest containing {} reference(s).", request.getReference().size());
+ }
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionHashDataInputResponse(request.getReference());
+ }
+
+ GetHashDataInputResponseType response = new GetHashDataInputResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+ List<HashDataInput> hashDataInputs = stal.getHashDataInput();
+
+ if (hashDataInputs != null) {
+
+ Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>();
+ for (HashDataInput hdi : hashDataInputs) {
+ if (log.isTraceEnabled()) {
+ log.trace("Provided HashDataInput for reference {}.", hdi.getReferenceId());
+ }
+ hashDataIdMap.put(hdi.getReferenceId(), hdi);
}
- ByteArrayOutputStream baos = null;
- try {
- if (log.isDebugEnabled()) {
- log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")");
+
+ List<GetHashDataInputType.Reference> reqRefs = request.getReference();
+ for (GetHashDataInputType.Reference reqRef : reqRefs) {
+ String reqRefId = reqRef.getID();
+ HashDataInput reqHdi = hashDataIdMap.get(reqRefId);
+ if (reqHdi == null) {
+ String msg = "Failed to resolve HashDataInput for reference " + reqRefId;
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- baos = new ByteArrayOutputStream(hashDataIS.available());
- int c;
- while ((c = hashDataIS.read()) != -1) {
- baos.write(c);
+
+ InputStream hashDataIS = reqHdi.getHashDataInput();
+ if (hashDataIS == null) {
+ //HashDataInput not cached?
+ String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached";
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference();
- ref.setID(reqRefId);
- ref.setMimeType(reqHdi.getMimeType());
- ref.setEncoding(reqHdi.getEncoding());
- ref.setFilename(reqHdi.getFilename());
- ref.setValue(baos.toByteArray());
- response.getReference().add(ref);
- } catch (IOException ex) {
- String msg = "Failed to get HashDataInput for reference " + reqRefId;
- log.error(msg, ex);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo, ex);
- } finally {
+ ByteArrayOutputStream baos = null;
try {
- baos.close();
+ if (log.isDebugEnabled()) {
+ Object[] args = {reqRefId, reqHdi.getMimeType(), reqHdi.getEncoding()};
+ log.debug("Resolved HashDataInput {} ({};charset={}).", args);
+ }
+ baos = new ByteArrayOutputStream(hashDataIS.available());
+ int c;
+ while ((c = hashDataIS.read()) != -1) {
+ baos.write(c);
+ }
+ GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference();
+ ref.setID(reqRefId);
+ ref.setMimeType(reqHdi.getMimeType());
+ ref.setEncoding(reqHdi.getEncoding());
+ ref.setFilename(reqHdi.getFilename());
+ ref.setValue(baos.toByteArray());
+ response.getReference().add(ref);
} catch (IOException ex) {
+ String msg = "Failed to get HashDataInput for reference " + reqRefId;
+ log.error(msg, ex);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo, ex);
+ } finally {
+ try {
+ baos.close();
+ } catch (IOException ex) {
+ }
}
}
+ return response;
+ } else {
+ String msg = "Failed to resolve any HashDataInputs.";
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- return response;
} else {
- String msg = "Failed to resolve any HashDataInputs for session " + sessionId;
+ String msg = "Session timeout."; //Failed to get STAL for session " + sessionId;
log.error(msg);
GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
faultInfo.setErrorCode(1);
faultInfo.setErrorMessage(msg);
throw new GetHashDataInputFault(msg, faultInfo);
}
- } else {
- String msg = "Session timeout"; //Failed to get STAL for session " + sessionId;
- log.error(msg + " " + sessionId);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
+
+ } finally {
+ MDC.remove("id");
}
}
private STALRequestBroker getStal(Id sessionId) {
- if (log.isTraceEnabled()) {
- log.trace("resolve STAL for session " + sessionId);
- }
+ log.trace("Resolve STAL for session [{}].", sessionId);
MessageContext mCtx = wsContext.getMessageContext();
ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT);
BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER);
- BindingProcessor bp = bpMgr.getBindingProcessor(sessionId);
- return (bp == null) ? null : (bp.isFinished() ? null : (STALRequestBroker) bp.getSTAL());
+ BindingProcessor bindingProcessor = bpMgr.getBindingProcessor(sessionId);
+ if (bindingProcessor != null) {
+ if (bindingProcessor.getSTAL() instanceof STALRequestBroker) {
+ return (STALRequestBroker) bindingProcessor.getSTAL();
+ }
+ }
+ return null;
}
private GetNextRequestResponseType getTestSessionNextRequestResponse(List<JAXBElement<? extends ResponseType>> responsesIn) {
@@ -359,6 +374,7 @@ public class STALServiceImpl implements STALPortType {
return response;
}
+ @SuppressWarnings("unused")
private void addTestCardChannelRequest(List<JAXBElement<? extends RequestType>> requestList) {
log.info("[TestSession] add CARDCHANNEL request");
ScriptType scriptT = ccObjFactory.createScriptType();
@@ -368,6 +384,7 @@ public class STALServiceImpl implements STALPortType {
requestList.add(ccObjFactory.createScript(scriptT));
}
+ @SuppressWarnings("unused")
private void addTestInfoboxReadRequest(String infoboxIdentifier, List<JAXBElement<? extends RequestType>> requestList) {
log.info("[TestSession] add READ "+ infoboxIdentifier + " request");
InfoboxReadRequestType ibrT = stalObjFactory.createInfoboxReadRequestType();
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
index 9caf950f..300f01d0 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
@@ -23,8 +23,8 @@ import com.sun.xml.ws.developer.JAXBContextFactory;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.JAXBException;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
*
@@ -32,8 +32,9 @@ import org.apache.commons.logging.LogFactory;
*/
public class STALXJAXBContextFactory implements JAXBContextFactory {
- private static final Log log = LogFactory.getLog(STALXJAXBContextFactory.class);
+ private final Logger log = LoggerFactory.getLogger(STALXJAXBContextFactory.class);
+ @SuppressWarnings("unchecked")
@Override
public JAXBRIContext createJAXBContext(SEIModel sei, List<Class> classesToBind, List<TypeReference> typeReferences) throws JAXBException {
if (log.isTraceEnabled()) {
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
index 2f58bb3d..45efc890 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
@@ -6,13 +6,11 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public final class TestSignatureData {
- protected final static Log log = LogFactory.getLog(TestSignatureData.class);
-
public static final String[] ID = new String[] {"signed-data-reference-0-1214921968-27971781-24309", "signed-data-reference-1"};
public static final String ENCODING = "UTF-8";
@@ -22,6 +20,7 @@ public final class TestSignatureData {
HASHDATA_INPUT.put(ID[0], "Ich bin ein einfacher Text. lläöü߀".getBytes(ENCODING));
HASHDATA_INPUT.put(ID[1], "2te referenz".getBytes(ENCODING));
} catch (UnsupportedEncodingException ex) {
+ Logger log = LoggerFactory.getLogger(TestSignatureData.class);
log.error("failed to init signature test data", ex);
}
}
diff --git a/BKUOnline/src/main/policy/50mocca.policy b/BKUOnline/src/main/policy/50mocca.policy
index 2d6bc13d..8cda9eb6 100644
--- a/BKUOnline/src/main/policy/50mocca.policy
+++ b/BKUOnline/src/main/policy/50mocca.policy
@@ -18,8 +18,7 @@
// || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION
// =========================================================================
//
-// (set -Djava.security.debug=access,failure and search for "FAILED")
-//
+// (set -Djava.security.debug=access,failure and search for "denied" (failed))
//
// ========== MOCCA CODE PERMISSIONS =======================================
//
@@ -27,9 +26,11 @@
// with ${catalina.base}/webapps/<mocca_context>
// replace ${catalina.base}/work/Catalina/localhost/bkuonline
// with ${catalina.base}/work/Catalina/localhost/<mocca_context> (the path to the compiled JSPs, excl. package dir: org/apache/jsp/)
-// replace version info in utils-1.2.10.jar and bkucommon-1.2.10.jar
+// replace version info in
+// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.12.jar and
+// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.12.jar
// with current version
-// replace apps.egiz.gv.at
+// replace www.sozialversicherung.gv.at:443
// with <DataURL_host:DataURL_port>
// replace localhost:8080
// with <StylesheetURL_host:StylesheetURL_port>
@@ -40,7 +41,7 @@
//
// replace www.a-trust.at and ksp.ecard.sozialversicherung.gv.at
// with <idLink_template_download_URL>
-// replace ldap.a-trust.at:389 and ocsp.ecard.sozialversicherung.at:80
+// replace ldap.a-trust.at:389, ocsp.a-trust.at:80 and ocsp.ecard.sozialversicherung.at:80
// with <certificate_revocation_authority_endpoint> (OCSP, CRLs)
//
@@ -49,6 +50,8 @@
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/logging.properties", "read";
+ // (for manager webapp)
+ // permission java.lang.RuntimePermission "setContextClassLoader";
};
grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" {
@@ -58,47 +61,25 @@ grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" {
// =========== MOCCA grants
//
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/classes/-" {
- permission java.security.AllPermission;
-// permission java.io.FilePermission "${catalina.base}/logs", "read, write";
-// permission java.io.FilePermission "${catalina.base}/logs/*", "read, write";
-// permission java.io.FilePermission "${catalina.base}/logs/*", "delete";
-// permission java.util.PropertyPermission "com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "write";
-// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write";
-};
-
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/-" {
- // the log4j configuration might want to write logs to ${catalina.base}/logs/bkuonline.log
+grant codeBase "file:${catalina.base}/webapps/bkuonline/-" {
permission java.io.FilePermission "${catalina.base}/logs", "read, write";
permission java.io.FilePermission "${catalina.base}/logs/*", "read, write";
permission java.io.FilePermission "${catalina.base}/logs/*", "delete";
-};
-
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.10.jar" {
- permission java.util.PropertyPermission "*", "read";
- permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
- permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve";
-// permission java.net.SocketPermission "localhost:8080", "connect, resolve";
- permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-};
-
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.10.jar" {
- permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
- permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
- permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
- permission java.io.FilePermission "../conf/secret.xml", "read";
+ // DataURLs
permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve";
+ permission java.net.SocketPermission "www.buergerkarte.at:443", "connect, resolve";
+ permission java.net.SocketPermission "www.sozialversicherung.gv.at:443", "connect, resolve";
+
+ // other resources (crls, persb.xsl, ...)
permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve";
permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
+ permission java.net.SocketPermission "ocsp.a-trust.at:80", "connect, resolve";
permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
// permission java.net.SocketPermission "localhost:8080", "connect, resolve";
- permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
- permission java.net.NetPermission "specifyStreamHandler";
- permission java.util.PropertyPermission "*", "read, write";
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
@@ -111,143 +92,127 @@ grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.
// XMLDSig is moved backwards by XSECT
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "removeProvider.XMLDSig";
+
+ permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
+ //bkucommon,pki
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
+ //jax-ws jaxb
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ //permission java.lang.RuntimePermission "modifyThread";
+ //permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ permission java.net.NetPermission "specifyStreamHandler";
+};
+
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/classes/-" {
+// permission java.util.PropertyPermission "com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "write";
+// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write";
+
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+ permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.12.jar" {
+// permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.12.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ permission java.io.FilePermission "${catalina.base}/temp/*", "read, write";
+// permission java.io.FilePermission "../conf/secret.xml", "read";
permission java.util.PropertyPermission "*", "read, write";
- permission java.security.SecurityPermission "insertProvider.IAIK";
- permission java.security.SecurityPermission "putProviderProperty.IAIK";
- permission java.security.SecurityPermission "removeProvider.IAIK";
- permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
- permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
+ permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_ecc_signed-2.15.jar" {
- permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
- permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" {
+ permission java.util.PropertyPermission "*", "read, write";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_xsect-1.14.jar" {
permission java.util.PropertyPermission "*", "read, write";
- permission java.security.SecurityPermission "insertProvider.IAIK";
- permission java.security.SecurityPermission "putProviderProperty.IAIK";
- permission java.security.SecurityPermission "removeProvider.IAIK";
- permission java.security.SecurityPermission "insertProvider.XSECT";
- permission java.security.SecurityPermission "putProviderProperty.XSECT";
- permission java.security.SecurityPermission "insertProvider.XMLDSig";
- permission java.security.SecurityPermission "removeProvider.XMLDSig";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" {
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
- permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
- permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
- permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
- permission java.net.NetPermission "specifyStreamHandler";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
+ //permission java.net.NetPermission "specifyStreamHandler";
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar" {
permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read";
- permission java.util.PropertyPermission "*", "read";
- permission java.lang.RuntimePermission "getClassLoader";
-};
-
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/serializer-2.7.1.jar" {
- permission java.util.PropertyPermission "*", "read";
- permission java.lang.RuntimePermission "getClassLoader";
+ //permission java.lang.RuntimePermission "getClassLoader";
};
// allow xsl:include from the specified URL
-grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" {
- permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
-};
+//grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" {
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+//};
// allow XSLT document function to reference the specified URL
-grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" {
- permission java.io.FilePermission "../conf/secret.xml", "read";
-};
+//grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" {
+// permission java.io.FilePermission "../conf/secret.xml", "read";
+//};
// use tomcat/jre endorsed xerces instead
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xercesImpl-2.9.1.jar" {
permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read";
// permission java.io.FilePermission "../conf/secret.xml", "read";
// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
- permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-logging-1.1.1.jar" {
- permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
- permission java.util.PropertyPermission "log4j.*", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
- permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/log4j-1.2.12.jar" {
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/log4j.properties", "read";
- // allow log4j to read its own properties
- permission java.util.PropertyPermission "log4j.*", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-core-2.5.5.jar" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "modifyThread";
};
+
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-web-2.5.5.jar" {
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
- permission java.security.SecurityPermission "insertProvider.IAIK";
- permission java.security.SecurityPermission "putProviderProperty.IAIK";
- permission java.security.SecurityPermission "removeProvider.IAIK";
- permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
- permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
- permission java.security.SecurityPermission "insertProvider.XSECT";
- permission java.security.SecurityPermission "putProviderProperty.XSECT";
- permission java.security.SecurityPermission "insertProvider.STAL";
- permission java.security.SecurityPermission "putProviderProperty.STAL";
- permission java.security.SecurityPermission "insertProvider.XMLDSig";
- permission java.security.SecurityPermission "removeProvider.XMLDSig";
permission java.util.PropertyPermission "*", "read, write";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "setFactory";
- permission java.lang.RuntimePermission "getProtectionDomain";
+ //permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
+
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-beans-2.5.5.jar" {
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
- permission java.security.SecurityPermission "insertProvider.IAIK";
- permission java.security.SecurityPermission "putProviderProperty.IAIK";
- permission java.security.SecurityPermission "removeProvider.IAIK";
- permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
- permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
- permission java.security.SecurityPermission "insertProvider.XSECT";
- permission java.security.SecurityPermission "putProviderProperty.XSECT";
- permission java.security.SecurityPermission "insertProvider.STAL";
- permission java.security.SecurityPermission "putProviderProperty.STAL";
- permission java.security.SecurityPermission "insertProvider.XMLDSig";
- permission java.security.SecurityPermission "removeProvider.XMLDSig";
permission java.util.PropertyPermission "*", "read, write";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
@@ -257,19 +222,8 @@ grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-conte
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
- permission java.security.SecurityPermission "insertProvider.IAIK";
- permission java.security.SecurityPermission "putProviderProperty.IAIK";
- permission java.security.SecurityPermission "removeProvider.IAIK";
- permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
- permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
- permission java.security.SecurityPermission "insertProvider.XSECT";
- permission java.security.SecurityPermission "putProviderProperty.XSECT";
- permission java.security.SecurityPermission "insertProvider.STAL";
- permission java.security.SecurityPermission "putProviderProperty.STAL";
- permission java.security.SecurityPermission "insertProvider.XMLDSig";
- permission java.security.SecurityPermission "removeProvider.XMLDSig";
permission java.util.PropertyPermission "*", "read, write";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "getProtectionDomain";
@@ -280,20 +234,21 @@ grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-conte
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxws-rt-2.1.5.jar" {
// need write access to set disableCaptureStackTrace and HttpAdapter.dump
permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write";
- permission java.util.PropertyPermission "com.sun.xml.bind.*", "read";
- permission java.util.PropertyPermission "javax.xml.soap.*", "read";
- permission java.util.PropertyPermission "javax.activation.*", "read";
- permission java.util.PropertyPermission "xml.catalog.*", "read";
- permission java.util.PropertyPermission "user.dir", "read";
- permission java.util.PropertyPermission "user.home", "read";
+ //permission java.util.PropertyPermission "com.sun.xml.bind.*", "read";
+ //permission java.util.PropertyPermission "javax.xml.soap.*", "read";
+ //permission java.util.PropertyPermission "javax.activation.*", "read";
+ //permission java.util.PropertyPermission "xml.catalog.*", "read";
+ //permission java.util.PropertyPermission "user.dir", "read";
+ //permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "${java.home}/lib/jaxm.properties", "read";
permission java.io.FilePermission "${java.home}/lib/mailcap", "read";
permission java.io.FilePermission "${user.home}/.mailcap", "read";
permission java.io.FilePermission "basename", "read";
permission java.io.FilePermission "${catalina.home}/bin/xcatalog", "read";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ permission java.io.FilePermission "${catalina.home}/temp/xcatalog", "read";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
permission java.lang.RuntimePermission "setContextClassLoader";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanPermission "com.sun.xml.ws.*", "registerMBean";
@@ -302,18 +257,16 @@ grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxws-rt-2.1
};
grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxb-impl-2.1.9.jar" {
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
- permission java.util.PropertyPermission "user.dir", "read";
-};
-
-grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-httpclient-3.1.jar" {
- permission java.util.PropertyPermission "*", "read";
+// permission java.lang.RuntimePermission "accessDeclaredMembers";
+// permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
+// permission java.util.PropertyPermission "user.dir", "read";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
};
// ======== NETBEANS
-//grant codeBase "file:${catalina.base}/nblib/-" {
-// permission java.security.AllPermission;
-//}; \ No newline at end of file
+grant codeBase "file:${catalina.base}/nblib/-" {
+ permission java.security.AllPermission;
+}; \ No newline at end of file
diff --git a/BKUOnline/src/main/policy/catalina.policy b/BKUOnline/src/main/policy/catalina.policy
new file mode 100644
index 00000000..2dfb198f
--- /dev/null
+++ b/BKUOnline/src/main/policy/catalina.policy
@@ -0,0 +1,411 @@
+// Copyright 2008 Federal Chancellery Austria and
+// Graz University of Technology
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+// =========================================================================
+// || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION
+// =========================================================================
+//
+// =========================================================================
+// || This file contains all default permissions from $CATALINA_HOME/conf/catalina.policy
+// || and codebase paths to development dirs (for in-place deployment of IDEs)
+// =========================================================================
+//
+// (set -Djava.security.debug=access,failure and search for "denied" (failed))
+// (-Djava.net.preferIPv4Stack=true)
+//
+// ========== MOCCA CODE PERMISSIONS =======================================
+//
+// replace ${catalina.base}/webapps/bkuonline
+// with ${catalina.base}/webapps/<mocca_context>
+// replace ${catalina.base}/work/Catalina/localhost/bkuonline
+// with ${catalina.base}/work/Catalina/localhost/<mocca_context> (the path to the compiled JSPs, excl. package dir: org/apache/jsp/)
+// replace version info in
+// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/BKUViewer-1.2.12.jar" {
+// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.12.jar and
+// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.12.jar
+// with current version
+// replace www.sozialversicherung.gv.at:443
+// with <DataURL_host:DataURL_port>
+// replace localhost:8080
+// with <StylesheetURL_host:StylesheetURL_port>
+// replace www.xslt-stylesheet-include-url.org:80
+// with <XSL_include_URL>
+// replace ../conf/secret.xml
+// with <any_resource_you_would_like_to_grant_XSLTs_document()_function_access_to>
+//
+// replace www.a-trust.at and ksp.ecard.sozialversicherung.gv.at
+// with <idLink_template_download_URL>
+// replace ldap.a-trust.at:389, ocsp.a-trust.at:80 and ocsp.ecard.sozialversicherung.at:80
+// with <certificate_revocation_authority_endpoint> (OCSP, CRLs)
+//
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+ permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+ permission java.lang.RuntimePermission "shutdownHooks";
+ permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+ permission java.util.PropertyPermission "catalina.base", "read";
+ permission java.util.logging.LoggingPermission "control";
+ permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
+ permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+ permission java.lang.RuntimePermission "getClassLoader";
+
+ // added by clemenso (for manager webapp)
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+
+ // To enable per context logging configuration, permit read access to the appropriate file.
+ // Be sure that the logging configuration is secure before enabling such access
+ // eg for the examples web application:
+ // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant {
+ // Required for JNDI lookup of named JDBC DataSource's and
+ // javamail named MimePart DataSource used to send mail
+ permission java.util.PropertyPermission "java.home", "read";
+ permission java.util.PropertyPermission "java.naming.*", "read";
+ permission java.util.PropertyPermission "javax.sql.*", "read";
+
+ // OS Specific properties to allow read access
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+ permission java.util.PropertyPermission "os.arch", "read";
+ permission java.util.PropertyPermission "file.separator", "read";
+ permission java.util.PropertyPermission "path.separator", "read";
+ permission java.util.PropertyPermission "line.separator", "read";
+
+ // JVM properties to allow read access
+ permission java.util.PropertyPermission "java.version", "read";
+ permission java.util.PropertyPermission "java.vendor", "read";
+ permission java.util.PropertyPermission "java.vendor.url", "read";
+ permission java.util.PropertyPermission "java.class.version", "read";
+ permission java.util.PropertyPermission "java.specification.version", "read";
+ permission java.util.PropertyPermission "java.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.specification.name", "read";
+
+ permission java.util.PropertyPermission "java.vm.specification.version", "read";
+ permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.specification.name", "read";
+ permission java.util.PropertyPermission "java.vm.version", "read";
+ permission java.util.PropertyPermission "java.vm.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.name", "read";
+
+ // Required for OpenJMX
+ permission java.lang.RuntimePermission "getAttribute";
+
+ // Allow read of JAXP compliant XML parser debug
+ permission java.util.PropertyPermission "jaxp.debug", "read";
+
+ // Precompiled JSPs need access to this package.
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+
+ // Precompiled JSPs need access to this system property.
+ permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+
+};
+
+
+
+
+
+
+
+
+// =========== container grants required by MOCCA
+//
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/logging.properties", "read";
+ // (for manager webapp)
+ permission java.lang.RuntimePermission "setContextClassLoader";
+};
+
+grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" {
+ permission java.io.FilePermission "/helpfiles/-", "read";
+ permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime";
+};
+
+// =========== MOCCA grants
+//
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/-" {
+ permission java.io.FilePermission "${catalina.base}/logs", "read, write";
+ permission java.io.FilePermission "${catalina.base}/logs/*", "read, write";
+ permission java.io.FilePermission "${catalina.base}/logs/*", "delete";
+
+ // DataURLs
+ permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve";
+ permission java.net.SocketPermission "www.buergerkarte.at:443", "connect, resolve";
+ permission java.net.SocketPermission "www.sozialversicherung.gv.at:443", "connect, resolve";
+
+ // other resources (crls, persb.xsl, ...)
+ permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
+ permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve";
+ permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
+ permission java.net.SocketPermission "ocsp.a-trust.at:80", "connect, resolve";
+ permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
+// permission java.net.SocketPermission "localhost:8080", "connect, resolve";
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+
+ permission java.security.SecurityPermission "insertProvider.IAIK";
+ permission java.security.SecurityPermission "putProviderProperty.IAIK";
+ permission java.security.SecurityPermission "removeProvider.IAIK";
+ permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
+ permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
+ permission java.security.SecurityPermission "insertProvider.XSECT";
+ permission java.security.SecurityPermission "putProviderProperty.XSECT";
+ permission java.security.SecurityPermission "insertProvider.STAL";
+ permission java.security.SecurityPermission "putProviderProperty.STAL";
+ // XMLDSig is moved backwards by XSECT
+ permission java.security.SecurityPermission "insertProvider.XMLDSig";
+ permission java.security.SecurityPermission "removeProvider.XMLDSig";
+
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ //bkucommon,pki
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
+ //jax-ws jaxb
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ //permission java.lang.RuntimePermission "modifyThread";
+ //permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ permission java.net.NetPermission "specifyStreamHandler";
+
+ //jaxb
+ //permission java.io.FilePermission "/WEB-INF/classes/-", "read";
+
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/-" {
+// permission java.util.PropertyPermission "com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "write";
+// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write";
+
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+ permission java.util.PropertyPermission "*", "read, write";
+ permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/utils-1.2.12-pinguin-1-SNAPSHOT.jar" {
+// permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/bkucommon-1.2.12-pinguin-1-SNAPSHOT.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ permission java.io.FilePermission "${catalina.base}/temp/*", "read, write";
+// permission java.io.FilePermission "../conf/secret.xml", "read";
+ permission java.util.PropertyPermission "*", "read, write";
+ permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" {
+ permission java.util.PropertyPermission "*", "read, write";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_xsect-1.14.jar" {
+ permission java.util.PropertyPermission "*", "read, write";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ //permission java.net.NetPermission "specifyStreamHandler";
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar" {
+ permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read";
+ //permission java.lang.RuntimePermission "getClassLoader";
+};
+
+// allow xsl:include from the specified URL
+//grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" {
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+//};
+
+// allow XSLT document function to reference the specified URL
+//grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" {
+// permission java.io.FilePermission "../conf/secret.xml", "read";
+//};
+
+// use tomcat/jre endorsed xerces instead
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xercesImpl-2.9.1.jar" {
+ permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read";
+// permission java.io.FilePermission "../conf/secret.xml", "read";
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/commons-logging-1.1.1.jar" {
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/log4j-1.2.12.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/log4j.properties", "read";
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-core-2.5.5.jar" {
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "modifyThread";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-web-2.5.5.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ permission java.util.PropertyPermission "*", "read, write";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
+ //permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-beans-2.5.5.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ permission java.util.PropertyPermission "*", "read, write";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-context-2.5.5.jar" {
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
+ permission java.util.PropertyPermission "*", "read, write";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "modifyThread";
+ permission java.lang.RuntimePermission "setFactory";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/jaxws-rt-2.1.5.jar" {
+ // need write access to set disableCaptureStackTrace and HttpAdapter.dump
+ permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write";
+ //permission java.util.PropertyPermission "com.sun.xml.bind.*", "read";
+ //permission java.util.PropertyPermission "javax.xml.soap.*", "read";
+ //permission java.util.PropertyPermission "javax.activation.*", "read";
+ //permission java.util.PropertyPermission "xml.catalog.*", "read";
+ //permission java.util.PropertyPermission "user.dir", "read";
+ //permission java.util.PropertyPermission "user.home", "read";
+ permission java.io.FilePermission "${java.home}/lib/jaxm.properties", "read";
+ permission java.io.FilePermission "${java.home}/lib/mailcap", "read";
+ permission java.io.FilePermission "${user.home}/.mailcap", "read";
+ permission java.io.FilePermission "basename", "read";
+ permission java.io.FilePermission "${catalina.home}/bin/xcatalog", "read";
+ permission java.io.FilePermission "${catalina.home}/temp/xcatalog", "read";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
+ //permission java.lang.RuntimePermission "accessDeclaredMembers";
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission javax.management.MBeanServerPermission "createMBeanServer";
+ permission javax.management.MBeanPermission "com.sun.xml.ws.*", "registerMBean";
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+};
+
+grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/jaxb-impl-2.1.9.jar" {
+ //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+// permission java.lang.RuntimePermission "accessDeclaredMembers";
+// permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
+// permission java.util.PropertyPermission "user.dir", "read";
+ permission java.io.FilePermission "/WEB-INF/classes/-", "read";
+};
+
+// ======== NETBEANS
+
+grant codeBase "file:${catalina.base}/nblib/-" {
+ permission java.security.AllPermission;
+}; \ No newline at end of file
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
deleted file mode 100644
index f8d1411c..00000000
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright 2008 Federal Chancellery Austria and Graz University of
- Technology Licensed under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance with the
- License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0 Unless required by
- applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- CONDITIONS OF ANY KIND, either express or implied. See the License for
- the specific language governing permissions and limitations under the
- License.
- -->
-<AccessControl>
- <Chains>
- <!--
- The input chain defines filters that are applied before command
- execution
- -->
- <Chain Id="InputChain">
- <Rules>
- <!-- there is no command implemented that requires input filtering -->
- <Rule Id="InputChain-AllowAll">
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>confirm</UserInteraction>
- </Rule>
- </Rules>
- </Chain>
-
- <!--
- The output chain defines filters that are applied after command
- execution
- -->
- <Chain Id="OutputChain">
- <Rules>
- <Rule Id="OutputChain-Egov">
- <AuthClass>certifiedGovAgency</AuthClass>
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>confirm</UserInteraction>
- </Rule>
- <Rule Id="OutputChain-Command">
- <AuthClass>anonymous</AuthClass>
- <Action>
- <ChainRef>Command</ChainRef>
- </Action>
- </Rule>
- </Rules>
- </Chain>
- <Chain Id="Command">
- <Rules>
- <Rule Id="cmd-rule-1">
- <AuthClass>certified</AuthClass>
- <Command Name="Infobox.*">
- <Param Name="InfoboxIdentifier">IdentityLink</Param>
- <Param Name="PersonIdentifier">derived</Param>
- </Command>
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>confirm</UserInteraction>
- </Rule>
- <Rule Id="cmd-rule-2">
- <AuthClass>anonymous</AuthClass>
- <Command Name="Infobox.*">
- <Param Name="InfoboxIdentifier">IdentityLink</Param>
- </Command>
- <Action>
- <RuleAction>deny</RuleAction>
- </Action>
- <UserInteraction>info</UserInteraction>
- </Rule>
- <Rule Id="cmd-rule-3">
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- </Rule>
- </Rules>
- </Chain>
- </Chains>
-</AccessControl>
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/PersonData.xsd b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/PersonData.xsd
new file mode 100644
index 00000000..3d59a2b1
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/PersonData.xsd
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- NOTE: This is not the official person data schema! -->
+<!-- This is a special version of the person data schema to validate identity links. -->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+ xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.0">
+ <xs:element name="Person" type="AbstractPersonType"/>
+ <xs:complexType name="AbstractPersonType" abstract="true">
+ <xs:sequence>
+ <xs:element name="Identification" type="IdentificationType" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="PhysicalPerson" type="PhysicalPersonType"/>
+ <xs:complexType name="PhysicalPersonType">
+ <xs:complexContent>
+ <xs:extension base="AbstractPersonType">
+ <xs:sequence>
+ <xs:element name="Name" type="PersonNameType"/>
+ <xs:element name="DateOfBirth" type="DateOfBirthType"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="IdentificationType">
+ <xs:sequence>
+ <xs:element name="Value" type="xs:string"/>
+ <xs:element name="Type" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:simpleType name="DateOfBirthType">
+ <xs:union memberTypes="xs:date xs:gYearMonth xs:gYear"/>
+ </xs:simpleType>
+ <xs:complexType name="PersonNameType">
+ <xs:sequence>
+ <xs:element name="GivenName" type="xs:string"/>
+ <xs:element name="FamilyName">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="primary" default="undefined">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="true"/>
+ <xs:enumeration value="false"/>
+ <xs:enumeration value="undefined"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="prefix" type="xs:string"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema> \ No newline at end of file
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd
new file mode 100644
index 00000000..5518db2f
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+ <import namespace="http://www.w3.org/2001/04/xmldsig-more#" schemaLocation="xmldsig-more.xsd"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:AttributeStatement"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="MajorVersion" type="integer" use="required" fixed="1"/>
+ <attribute name="MinorVersion" type="integer" use="required" fixed="0"/>
+ <attribute name="AssertionID" type="saml:IDType" use="required"/>
+ <attribute name="Issuer" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <simpleType name="IDType">
+ <restriction base="string"/>
+ </simpleType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType1">
+ <sequence>
+ <element ref="saml:Attribute" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="SubjectStatementAbstractType1" abstract="true">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <element ref="saml:NameIdentifier"/>
+ <element ref="saml:SubjectConfirmation"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation"/>
+ </choice>
+ </complexType>
+ <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+ <complexType name="NameIdentifierType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <element ref="saml:ConfirmationMethod"/>
+ <element ref="saml:SubjectConfirmationData"/>
+ </sequence>
+ </complexType>
+ <element name="SubjectConfirmationData">
+ <complexType>
+ <sequence>
+ <element ref="pr:Person"/>
+ </sequence>
+ </complexType>
+ </element>
+ <element name="ConfirmationMethod">
+ <simpleType>
+ <restriction base="anyURI">
+ <enumeration value="urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"/>
+ </restriction>
+ </simpleType>
+ </element>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <complexContent>
+ <extension base="saml:AttributeDesignatorType">
+ <sequence>
+ <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="AttributeDesignatorType">
+ <attribute name="AttributeName" type="string" use="required" fixed="CitizenPublicKey"/>
+ <attribute name="AttributeNamespace" type="anyURI" use="required" fixed="urn:publicid:gv.at:namespaces:identitylink:1.2"/>
+ </complexType>
+ <element name="AttributeValue">
+ <complexType>
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <element ref="ecdsa:ECDSAKeyValue"/>
+ </choice>
+ </complexType>
+ </element>
+</schema>
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd
new file mode 100644
index 00000000..8422fdfa
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd
@@ -0,0 +1,308 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd
new file mode 100644
index 00000000..52856ae6
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+ <xs:schema
+ targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"
+ xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified" attributeFormDefault="unqualified"
+ version="0.2">
+
+ <!--ECDSA key value root element-->
+
+ <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
+ <xs:complexType name="ECDSAKeyValueType">
+ <xs:sequence>
+ <xs:element name="DomainParameters"
+ type="ecdsa:DomainParamsType" minOccurs="0"/>
+ <xs:element name="PublicKey" type="ecdsa:ECPointType"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <!--EC domain parameters-->
+
+ <xs:complexType name="DomainParamsType">
+ <xs:choice>
+ <xs:element name="ExplicitParams"
+ type="ecdsa:ExplicitParamsType"/>
+ <xs:element name="NamedCurve">
+ <xs:complexType>
+ <xs:attribute name="URN" type="xs:anyURI" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ <xs:complexType name="FieldParamsType" abstract="true"/>
+
+ <xs:complexType name="PrimeFieldParamsType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldParamsType">
+ <xs:sequence>
+ <xs:element name="P" type="xs:positiveInteger"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="CharTwoFieldParamsType" abstract="true">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldParamsType">
+ <xs:sequence>
+ <xs:element name="M" type="xs:positiveInteger"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="OddCharExtensionFieldParamsType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldParamsType">
+ <xs:sequence>
+ <xs:element name="M" type="xs:positiveInteger"/>
+ <xs:element name="W" type="xs:positiveInteger"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="TnBFieldParamsType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:CharTwoFieldParamsType">
+ <xs:sequence>
+ <xs:element name="K" type="xs:positiveInteger"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="PnBFieldParamsType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:CharTwoFieldParamsType">
+ <xs:sequence>
+ <xs:element name="K1" type="xs:positiveInteger"/>
+ <xs:element name="K2" type="xs:positiveInteger"/>
+ <xs:element name="K3" type="xs:positiveInteger"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="ExplicitParamsType">
+ <xs:sequence>
+ <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
+ <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
+ <xs:element name="BasePointParams"
+ type="ecdsa:BasePointParamsType"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="CurveParamsType">
+ <xs:sequence>
+ <xs:element name="A" type="ecdsa:FieldElemType"/>
+ <xs:element name="B" type="ecdsa:FieldElemType"/>
+ <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="BasePointParamsType">
+ <xs:sequence>
+ <xs:element name="BasePoint" type="ecdsa:ECPointType"/>
+ <xs:element name="Order" type="xs:positiveInteger"/>
+ <xs:element name="Cofactor" type="xs:positiveInteger"
+ minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <!--EC point-->
+
+ <xs:complexType name="ECPointType">
+ <xs:sequence minOccurs="0">
+ <xs:element name="X" type="ecdsa:FieldElemType"/>
+ <xs:element name="Y" type="ecdsa:FieldElemType"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <!--Field element-->
+
+ <xs:complexType name="FieldElemType" abstract="true"/>
+ <xs:complexType name="PrimeFieldElemType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldElemType">
+ <xs:attribute name="Value" type="xs:nonNegativeInteger"
+ use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="CharTwoFieldElemType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldElemType">
+ <xs:attribute name="Value" type="xs:hexBinary"
+ use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="OddCharExtensionFieldElemType">
+ <xs:complexContent>
+ <xs:extension base="ecdsa:FieldElemType">
+ <xs:attribute name="Value" type="xs:nonNegativeInteger"
+ use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:schema> \ No newline at end of file
diff --git a/BKUOnline/src/main/resources/commons-logging.properties b/BKUOnline/src/main/resources/commons-logging.properties
deleted file mode 100644
index 0d497b1b..00000000
--- a/BKUOnline/src/main/resources/commons-logging.properties
+++ /dev/null
@@ -1,16 +0,0 @@
-# Copyright 2008 Federal Chancellery Austria and
-# Graz University of Technology
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
diff --git a/BKUOnline/src/main/resources/log4j.properties b/BKUOnline/src/main/resources/log4j.properties
index d4a03fe7..e3012f35 100644
--- a/BKUOnline/src/main/resources/log4j.properties
+++ b/BKUOnline/src/main/resources/log4j.properties
@@ -14,9 +14,10 @@
# limitations under the License.
-#log4j.rootLogger=DEBUG, STDOUT, file
-log4j.rootLogger=INFO, file
+log4j.rootLogger=INFO, STDOUT, file
+#log4j.rootLogger=DEBUG, file
#log4j.logger.at.gv=TRACE
+log4j.logger.org.springframework=INFO
# STDOUT appender
@@ -24,7 +25,7 @@ log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender
log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout
#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
-log4j.appender.STDOUT.layout.ConversionPattern=%-5p | %t | %c %x - %m%n
+log4j.appender.STDOUT.layout.ConversionPattern=...%-0.6X{id} %-5p | %t | %c - %m%n
# FILE appender
log4j.appender.file=org.apache.log4j.RollingFileAppender
diff --git a/BKUOnline/src/main/webapp/IDRequestForm.html b/BKUOnline/src/main/webapp/IDRequestForm.html
new file mode 100644
index 00000000..2682df4d
--- /dev/null
+++ b/BKUOnline/src/main/webapp/IDRequestForm.html
@@ -0,0 +1,71 @@
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+ <head>
+ <title>ID Request Form</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon">
+ <style type="text/css" media="all">@import "css/main.css";</style>
+ <style type="text/css">
+ fieldset {
+ padding: 1em;
+ margin: 1em;
+ font: 80%/ 1 sans-serif;
+ background-color: #F2EFE9;
+ padding-left: 5em;
+ }
+
+ fieldset.submit {
+ float: none;
+ width: auto;
+ border: 0 none #FFF;
+ padding-left: 14em;
+ border-style: none;
+ background-color: transparent;
+ }
+
+ label {
+ float: left;
+ width: 8em;
+ margin-right: 0.5em;
+ padding-top: 0.2em;
+ text-align: right;
+ font-weight: bold;
+ color: #000;
+ padding-top: 0.2em;
+ }
+
+ legend {
+ border: 1px solid;
+ padding: 2px 6px
+ }
+ </style>
+ </head>
+<body>
+<h1>ID Request Form</h1>
+<form action="./moccaid" method="post"
+ enctype="application/x-www-form-urlencoded" name="idform">
+<fieldset><legend>ID Request</legend>
+<p><label for="BKUUrl">BKUUrl</label><input
+ value="http://localhost:3495/http-security-layer-request" /></p>
+</fieldset>
+<fieldset class="submit"><input type="submit" class="submit"/></fieldset>
+</form>
+
+</body>
+</html>
diff --git a/BKUOnline/src/main/webapp/PINManagement.jsp b/BKUOnline/src/main/webapp/PINManagement.jsp
index 3555f99e..d5f71862 100644
--- a/BKUOnline/src/main/webapp/PINManagement.jsp
+++ b/BKUOnline/src/main/webapp/PINManagement.jsp
@@ -49,11 +49,43 @@
}
String backgroundImg = request.getParameter("appletBackground");
%>
- <body id="appletpage" style="width:<%=width%>" onFocus="focusToApplet()">
+ <body id="appletpage" style="width:<%=width%>">
+
+ <div id="container" style="float: left; width: <%= width %>">
+
+
+ <form name="increaseform" action="javascript:increaseSize()" method="get">
+
+ <!-- increase font size image -->
+ <input type="image" src="img/inc.png" alt="Text vergrößern" width="13px" height="18px" style="float: left;" id="increase_image"/>
+
+ </form>
+
+
+ <form name="decreaseform" action="javascript:decreaseSize()" method="get">
+
+ <!-- decrease font size image -->
+ <input type="image" src="img/dec.png" alt="Text verkleinern" width="13px" height="18px" style="float: left;" id="decrease_image"/>
+
+ </form>
+
+ <form name="helpform" action="help/index.html" method="get" target="_new"
+ onsubmit="this.action=document.moccaapplet.getHelpURL(); this.submit(); return false;">
+
+ <!-- invisible input -->
+ <input type="image" src="img/help.png" alt=" " width="0px" height="0px" style="float: left;" onFocus="focusToApplet()"/>
+
+ <!-- help image -->
+ <input type="image" src="img/help.png" alt="Hilfe" width="13px" height="18px" style="float: right;" id="helpimage"/>
+
+
+ </form>
+
<script>
// avoid selection of applet before it is completely loaded
- var allowSelectionByJS = false;
+ // TODO: Is this necessary?
+ var allowSelectionByJS = true;
if (!deployJava.versionCheck('1.6.0_04+')) {
document
@@ -81,6 +113,8 @@
deployJava.runApplet(attributes, parameters, version);
}
</script>
+
+ </div>
</body>
<script>
@@ -90,7 +124,6 @@
//alert('try to set focus to applet');
if (document != null && document.moccaapplet != null && allowSelectionByJS) {
- //alert('set focus to applet.');
document.moccaapplet.getFocusFromBrowser();
return true;
}
@@ -101,10 +134,49 @@
// put focus to window
// focus can be assigned to an arbitrary focusable field on the embedding website as well
- self.focus();
+ document.getElementById("helpimage").focus();
}
-
+
+ function increaseSize() {
+
+ var appwidth = document.moccaapplet.width;
+ var appheight = document.moccaapplet.height;
+
+ document.moccaapplet.width = (appwidth * 1.2);
+ document.moccaapplet.height = (appheight * 1.2);
+
+ document.getElementById("container").style.width = (appwidth * 1.2);
+
+ // TODO: This does not work, seems that width and height attributes cannot be read
+ // and set from input of type image
+ var image_width = document.getElementById("increase_image").width;
+ var image_height = document.getElementById("increase_image").height;
+
+
+ document.getElementById("helpimage").width = (image_width * 1.2);
+ document.getElementById("helpimage").height = (image_height * 1.2);
+
+ document.getElementById("increase_image").width = (image_width * 1.2);
+ document.getElementById("increase_image").height = (image_height * 1.2);
+
+ document.getElementById("decrease_image").width = (image_width * 1.2);
+ document.getElementById("decrease_image").height = (image_height * 1.2);
+
+
+ }
+
+ function decreaseSize() {
+
+ var appwidth = document.moccaapplet.width;
+ var appheight = document.moccaapplet.height;
+
+ document.moccaapplet.width = (appwidth * 0.8333333333333);
+ document.moccaapplet.height = (appheight * 0.8333333333333);
+
+ document.getElementById("container").style.width = (appwidth * 0.8333333333333);
+ }
+
</script>
</html>
diff --git a/BKUOnline/src/main/webapp/SLRequestForm.html b/BKUOnline/src/main/webapp/SLRequestForm.html
index 2de652a7..2a372d83 100644
--- a/BKUOnline/src/main/webapp/SLRequestForm.html
+++ b/BKUOnline/src/main/webapp/SLRequestForm.html
@@ -73,7 +73,7 @@
<body>
<h1>Security-Layer v1.2 Request Formular</h1>
<p>
- <form action="./http-security-layer-request" method="Post"
+ <form action="./http-security-layer-request" method="Get"
enctype="application/x-www-form-urlencoded" name="slform">
<!--input name="locale" value="es_MX" type="hidden" /-->
<fieldset><legend>Enter XML Request</legend>
@@ -186,8 +186,8 @@
<p>
<label for="appletPage">Applet Page</label>
- <input type="radio" name="appletPage" value="BKUApplet" checked="checked">Default
- <input type="radio" name="appletPage" value="BKUAppletAlternative">Alternative
+ <input type="radio" name="applet.jsp" value="BKUApplet" checked="checked">Default
+ <input type="radio" name="applet.jsp" value="BKUAppletAlternative">Alternative
</p>
<!--
<p>
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index 0324030e..ab8be2b6 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -12,106 +12,252 @@
License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
- <bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
- scope="singleton" />
+ <!-- configuration -->
+ <bean id="configurationResource"
+ class="org.springframework.web.context.support.ServletContextParameterFactoryBean">
+ <property name="initParamName" value="configurationResource" />
+ </bean>
+
+ <bean id="configuration" class="at.gv.egiz.bku.spring.ConfigurationFactoryBean">
+ <property name="configurationResource" ref="configurationResource" />
+ </bean>
+
+ <bean id="sslPKIProfile" class="at.gv.egiz.bku.spring.PKIProfileFactoryBean">
+ <property name="configuration" ref="configuration"/>
+ <property name="trustProfileId" value="SSL"/>
+ </bean>
+
+ <bean id="sslSocketFactory" class="at.gv.egiz.bku.spring.SSLSocketFactoryBean">
+ <property name="configuration" ref="configuration"/>
+ <property name="pkiProfile" ref="sslPKIProfile"/>
+ </bean>
+
+ <bean id="hostnameVerifier" class="at.gv.egiz.bku.spring.ConfigurableHostnameVerifier">
+ <property name="configuration" ref="configuration"/>
+ </bean>
- <bean id="accessController"
- class="at.gv.egiz.bku.online.accesscontroller.SpringSecurityManager"
- scope="singleton" init-method="init">
- <property name="config" ref="configurator" />
+ <bean id="urlDereferencer" class="at.gv.egiz.bku.utils.urldereferencer.URLDereferencerImpl"
+ factory-method="getInstance">
+ <property name="SSLSocketFactory" ref="sslSocketFactory"/>
+ <property name="hostnameVerifier" ref="hostnameVerifier"/>
+ </bean>
+
+ <!-- security manager for the command invoker -->
+ <bean id="securityManager" class="at.gv.egiz.bku.spring.SecurityManagerFactoryBean">
+ <property name="configuration" ref="configuration" />
</bean>
- <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
- <property name="securityManager" ref="accessController" />
+ <!-- command invoker -->
+ <bean id="slCommandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+ <property name="securityManager" ref="securityManager" />
+ </bean>
+
+ <!-- Security Layer command factory -->
+
+ <bean id="abstractCommandFactory" class="at.gv.egiz.bku.slcommands.AbstractSLCommandFactory"
+ abstract="true">
+ <property name="configuration" ref="configuration"/>
+ </bean>
+
+ <bean id="certificatesInfoboxFactory"
+ class="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxFactory" />
+ <bean id="identityLinkInfoboxFactory"
+ class="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxFactory">
+ <property name="identityLinkTransformer">
+ <bean class="at.gv.egiz.idlink.IdentityLinkTransformer">
+ <property name="urlDereferencer" ref="urlDereferencer"/>
+ </bean>
+ </property>
+ </bean>
+ <bean id="cardChannelInfoboxFactory"
+ class="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxFactory" />
+ <bean id="svPersonendatenInfoboxFactory"
+ class="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxFactory" />
+
+ <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory">
+ <property name="infoboxFactories">
+ <map>
+ <entry key="Certificates" value-ref="certificatesInfoboxFactory" />
+ <entry key="IdentityLink" value-ref="identityLinkInfoboxFactory" />
+ <entry key="CardChannel" value-ref="cardChannelInfoboxFactory" />
+ <entry key="SV-Personendaten" value-ref="svPersonendatenInfoboxFactory" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="nullOperationCommandFactory"
+ class="at.gv.egiz.bku.slcommands.impl.NullOperationCommandFactory"
+ parent="abstractCommandFactory" />
+ <bean id="nullOperationRequest" class="javax.xml.namespace.QName">
+ <constructor-arg
+ value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+ <constructor-arg value="NullOperationRequest" />
+ </bean>
+ <bean id="infoboxReadCommandFactory"
+ class="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandFactory"
+ parent="abstractCommandFactory">
+ <property name="infoboxFactory" ref="infoboxFactory" />
+ </bean>
+ <bean id="infoboxReadRequest" class="javax.xml.namespace.QName">
+ <constructor-arg
+ value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+ <constructor-arg value="InfoboxReadRequest" />
+ </bean>
+ <bean id="infoboxUpdateCommandFactory"
+ class="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandFactory"
+ parent="abstractCommandFactory">
+ <property name="infoboxFactory" ref="infoboxFactory" />
+ </bean>
+ <bean id="infoboxUpdateRequest" class="javax.xml.namespace.QName">
+ <constructor-arg
+ value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+ <constructor-arg value="InfoboxUpdateRequest" />
+ </bean>
+ <bean id="createXMLSignatureCommandFactory"
+ class="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandFactory"
+ parent="abstractCommandFactory" />
+ <bean id="createXMLSignatureRequest" class="javax.xml.namespace.QName">
+ <constructor-arg
+ value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+ <constructor-arg value="CreateXMLSignatureRequest" />
+ </bean>
+ <bean id="getStatusCommandFactory" class="at.gv.egiz.bku.slcommands.impl.GetStatusCommandFactory"
+ parent="abstractCommandFactory" />
+ <bean id="getStatusRequest" class="javax.xml.namespace.QName">
+ <constructor-arg
+ value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+ <constructor-arg value="GetStatusRequest" />
</bean>
<bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
factory-method="getInstance">
- <property name="commandImpl">
+ <property name="concreteFactories">
<map>
- <entry
- key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:NullOperationRequest"
- value="at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl" />
- <entry
- key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest"
- value="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl" />
- <entry
- key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxUpdateRequest"
- value="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandImpl" />
- <entry
- key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest"
- value="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl" />
- <entry
- key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:GetStatusRequest"
- value="at.gv.egiz.bku.slcommands.impl.GetStatusCommandImpl" />
+ <entry key-ref="nullOperationRequest" value-ref="nullOperationCommandFactory" />
+ <entry key-ref="infoboxReadRequest" value-ref="infoboxReadCommandFactory" />
+ <entry key-ref="infoboxUpdateRequest" value-ref="infoboxUpdateCommandFactory" />
+ <entry key-ref="createXMLSignatureRequest" value-ref="createXMLSignatureCommandFactory" />
+ <entry key-ref="getStatusRequest" value-ref="getStatusCommandFactory" />
</map>
</property>
+ <!--
+ The following properties may be used to introduce additional XML
+ schemas and binding classes to the command factory.
+ -->
+ <!--
+ If property jaxbContextPackageNames is not set the default JAXBContext
+ is created with the package names given below.
+ -->
+ <!--
+ <property name="jaxbContextPackageNames">
+ <list>
+ <value>at.buergerkarte.namespaces.securitylayer._1</value>
+ <value>org.w3._2000._09.xmldsig_</value>
+ <value>at.buergerkarte.namespaces.cardchannel</value>
+ <value>at.buergerkarte.namespaces.securitylayer._20020225_</value>
+ <value>at.buergerkarte.namespaces.securitylayer._20020831_</value>
+ </list>
+ </property>
+ -->
+ <!--
+ If property schemaUrls is not set the default schema is created from
+ the URLs listed below.
+ -->
+ <!--
+ <property name="schemaUrls">
+ <list>
+ <value>classpath:at/gv/egiz/bku/slschema/xml.xsd</value>
+ <value>classpath:at/gv/egiz/bku/slschema/xmldsig-core-schema.xsd</value>
+ <value>classpath:at/gv/egiz/bku/slschema/Core-1.2.xsd</value>
+ <value>classpath:at/gv/egiz/bku/slschema/Core.20020225.xsd</value>
+ <value>classpath:at/gv/egiz/bku/slschema/Core.20020831.xsd</value>
+ </list>
+ </property>
+ -->
</bean>
- <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory"
- factory-method="getInstance">
- <property name="infoboxImpl">
- <map>
- <entry
- key="Certificates"
- value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" />
- <entry
- key="IdentityLink"
- value="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxImpl" />
- <entry
- key="CardChannel"
- value="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxImpl" />
- <entry
- key="SV-Personendaten"
- value="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxImpl" />
- </map>
- </property>
+ <!-- STAL factory -->
+ <bean id="stalFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
+ scope="singleton">
+ <property name="configuration" ref="configuration" />
+ </bean>
+
+ <!-- binding processor factories -->
+ <bean id="httpBindingProcessorFactory" class="at.gv.egiz.bku.binding.HTTPBindingProcessorFactory">
+ <property name="configuration" ref="configuration" />
+ <property name="urlDereferencer" ref="urlDereferencer" />
+ <property name="sslSocketFactory" ref="sslSocketFactory" />
+ <property name="hostnameVerifier" ref="hostnameVerifier" />
+ <property name="slCommandFactory" ref="slCommandFactory" />
+ </bean>
+ <bean id="samlBindingProcessorFactory" class="at.gv.egiz.mocca.id.SAMLBindingProcessorFactory">
+ <property name="configuration" ref="configuration" />
+ <property name="slCommandFactory" ref="slCommandFactory" />
+ <property name="urlDereferencer" ref="urlDereferencer" />
</bean>
+ <!-- binding processor manager -->
<bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
scope="singleton">
- <constructor-arg ref="STALFactory"></constructor-arg>
- <constructor-arg ref="commandInvoker"></constructor-arg>
- <constructor-arg ref="configuration"></constructor-arg>
+ <property name="stalFactory" ref="stalFactory" />
+ <property name="slCommandInvoker" ref="slCommandInvoker" />
+ <property name="factories">
+ <list>
+ <ref bean="httpBindingProcessorFactory"/>
+ <ref bean="samlBindingProcessorFactory"/>
+ </list>
+ </property>
</bean>
- <!-- TODO DataURL bean with configuration injected -->
-
- <bean
+ <bean id="attributeExporter"
class="org.springframework.web.context.support.ServletContextAttributeExporter">
<property name="attributes">
<map>
- <entry key="bindingProcessorManager">
- <ref bean="bindingProcessorManager" />
- </entry>
+ <entry key="bindingProcessorManager" value-ref="bindingProcessorManager"/>
</map>
</property>
</bean>
- <!-- Configure Configuration -->
- <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
-
-
- <bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
- init-method="configure" scope="singleton">
- <property name="resource"
- value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties" />
- <property name="certValidator" ref="certValidator"></property>
- </bean>
-
<!-- Shutdown Event handler -->
- <bean id="shutdown" class="at.gv.egiz.bku.online.webapp.ShutdownHandler">
- <property name="bindingProcessorManager" ref="bindingProcessorManager"></property>
+ <bean id="shutdownHandler" class="at.gv.egiz.bku.online.webapp.ShutdownHandler">
+ <property name="bindingProcessorManager" ref="bindingProcessorManager" />
</bean>
+
+ <!-- JMX -->
+ <bean
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="properties">
+ <map>
+ <entry key="contextPath">
+ <bean class="at.gv.egiz.bku.online.spring.ServletContextPathFactoryBean"/>
+ </entry>
+ </map>
+ </property>
+ </bean>
- <!-- Begin MOCCA Configuration [REFACTORED]
- | Configuration beans (no conf properties file) should be injected directly
- | to module configurators (at.gv.egiz.bku.X.conf.Configuration).
- | Currently, only configuration items are considered.
- |-->
- <import resource="mocca-conf.xml"/>
+ <bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean">
+ <property name="locateExistingServerIfPossible" value="true" />
+ </bean>
+
+ <bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
+ <property name="server" ref="mbeanServer"/>
+ <property name="beans">
+ <map>
+ <entry
+ key="at.gv.egiz.mocca:type=bindingProcessorManager,contextPath=${contextPath},name=HTTP"
+ value-ref="bindingProcessorManager" />
+ <entry
+ key="at.gv.egiz.mocca:type=stalFactory,contextPath=${contextPath},name=RequestBrocker"
+ value-ref="stalFactory" />
+ <entry
+ key="at.gv.egiz.mocca:type=slCommandInvoker,contextPath=${contextPath},name=CommandInvoker"
+ value-ref="slCommandInvoker" />
+ </map>
+ </property>
+ </bean>
+
</beans> \ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml b/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml
new file mode 100644
index 00000000..20d27bb0
--- /dev/null
+++ b/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MoccaConfiguration version="1.0">
+ <DataURLConnection>
+ <!--
+ The maximum number of consecutive Security Layer requests received
+ from DataURL server before execution is aborted.
+ -->
+ <MaxHops>50</MaxHops>
+ </DataURLConnection>
+</MoccaConfiguration> \ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml b/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml
deleted file mode 100644
index 5c96dc58..00000000
--- a/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright 2008 Federal Chancellery Austria and
- Graz University of Technology
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<!--
- | User configuration file. (defaultConf.properties is migrated to this file)
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
-
- <!-- BKU Common (ie. main) Configuration -->
- <bean id="configuration" class="at.gv.egiz.bku.conf.Configuration">
- <property name="maxDataUrlHops" value="50"/>
-
- <!-- TODO refactor DataURL and inject this bkuCommonConfig to DataURL -->
- <!-- TODO inject bkuCommonConfig to SpringBKUServlet and SpringSecurityManager
- | and replace SpringConfigurator -->
- <!-- used to construct the User-Agent HTTP header
- <property name="implementationName" value="MOCCA"/>
- <property name="implementationVersion" value="1.0"/-->
- </bean>
-
- <!--
- | ReaderFactory configuration not available in Applet
- |
- <bean id="smccConfiguration" class="at.gv.egiz.smcc.conf.SMCCConfiguration">
- <property name="disablePinpad" value="true"/>
- </bean>
-
- <bean id="readerFactory" class="at.gv.egiz.smcc.reader.ReaderFactory">
- <property name="configuration" ref="smccConfiguration"/>
- </bean>
- |-->
-
-</beans>
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 41cd400f..13ed30ee 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -15,19 +15,23 @@
<web-app id="bkuonline" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>http-security-layer-request</display-name>
- <!-- Begin Spring Config -->
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/applicationContext.xml</param-value>
- </context-param>
<listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ <listener-class>at.gv.egiz.bku.online.webapp.MoccaContextListener</listener-class>
</listener>
+
+ <!-- Begin Spring Config -->
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+ <context-param>
+ <param-name>configurationResource</param-name>
+ <param-value></param-value>
+ </context-param>
<!-- End Spring Config -->
<!-- Begin BKU Config -->
<listener>
- <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class>
+ <listener-class>at.gv.egiz.bku.online.webapp.SessionListener</listener-class>
</listener>
<listener>
<listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>
@@ -37,6 +41,14 @@
<servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class>
</servlet>
<servlet>
+ <servlet-name>SAMLServlet</servlet-name>
+ <servlet-class>at.gv.egiz.mocca.id.SAMLRequestHandler</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>DataURLServlet</servlet-name>
+ <servlet-class>at.gv.egiz.mocca.id.DataURLServerServlet</servlet-class>
+ </servlet>
+ <servlet>
<servlet-name>ResultServlet</servlet-name>
<servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class>
<init-param>
@@ -45,31 +57,39 @@
</init-param>
<init-param>
<param-name>expiredPage</param-name>
- <!-- FIXME -->
<param-value>expired.html</param-value>
</init-param>
</servlet>
- <servlet>
- <servlet-name>BKUApplet</servlet-name>
- <jsp-file>/applet.jsp</jsp-file>
- </servlet>
- <servlet>
- <servlet-name>STALService</servlet-name>
- <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>BKUServlet</servlet-name>
- <url-pattern>/http-security-layer-request</url-pattern>
- </servlet-mapping>
+ <servlet>
+ <servlet-name>STALService</servlet-name>
+ <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>BKUServlet</servlet-name>
+ <url-pattern>/http-security-layer-request</url-pattern>
+ </servlet-mapping>
<servlet-mapping>
<servlet-name>BKUServlet</servlet-name>
<url-pattern>/https-security-layer-request</url-pattern>
</servlet-mapping>
<servlet-mapping>
+ <servlet-name>DataURLServlet</servlet-name>
+ <url-pattern>/DataURLServer</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
<servlet-name>ResultServlet</servlet-name>
<url-pattern>/bkuResult</url-pattern>
</servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>SAMLServlet</servlet-name>
+ <url-pattern>/moccaid</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>DataURLServlet</servlet-name>
+ <url-pattern>/DataURLServer</url-pattern>
+ </servlet-mapping>
+
<!--
| Configure alternative applet pages that may be requested
diff --git a/BKUOnline/src/main/webapp/applet.jsp b/BKUOnline/src/main/webapp/applet.jsp
index 582bee7e..3b284496 100644
--- a/BKUOnline/src/main/webapp/applet.jsp
+++ b/BKUOnline/src/main/webapp/applet.jsp
@@ -79,14 +79,50 @@
%>
<body id="appletpage" style="width:<%=width%>px">
+
+
+ <div id="container" style="float: left; width: <%= width %>">
+
+ <form name="increaseform" action="javascript:increaseSize()" method="get">
+
+ <!-- increase font size image -->
+ <input type="image" src="img/inc.png" alt="Text vergrößern" width="13px" height="18px" style="float: left;" id="increase_image"/>
+
+ </form>
+
+
+ <form name="decreaseform" action="javascript:decreaseSize()" method="get">
+
+ <!-- decrease font size image -->
+ <input type="image" src="img/dec.png" alt="Text verkleinern" width="13px" height="18px" style="float: left;" id="decrease_image"/>
+
+ </form>
+
+
+
+ <form name="helpform" action="help/index.html" method="get" target="_new"
+ onsubmit="this.action=document.moccaapplet.getHelpURL(); this.submit(); return false;">
+
+ <!-- invisible input -->
+ <input type="image" src="img/help.png" alt=" " width="0px" height="0px" style="float: left;" onFocus="focusToApplet()"/>
+
+ <!-- help image -->
+ <input type="image" src="img/help.png" alt="Hilfe" width="13px" height="18px" style="float: right;" id="helpimage"/>
+
+
+ </form>
+
+
+
<script type="text/javascript">
+
if (!deployJava.versionCheck('1.6.0_04+')) {
- document.write('<p>Diese Anwendung benötigt Version 6 Update 4 oder höher der <a href="" onclick="deployJava.installLatestJRE();">Java&trade; Laufzeitumgebung</a>.</p>');
+ document.write('<p>Diese Anwendung benötigt Version 6 Update 4 oder höher der <a href="" onclick="deployJava.installLatestJRE();">Java&trade; Laufzeitumgebung</a>.</p>');
} else {
var attributes = {
codebase :'<%=codebase%>',
code : '<%=appletClass%>',
- archive : '<%=appletArchive +".jar, commons-logging.jar, iaik_jce_me4se.jar"%>',
+ archive : '<%=appletArchive +".jar"%>',
width : <%=width%>,
height :<%=height%>,
name : 'moccaapplet',
@@ -106,6 +142,98 @@
};
deployJava.runApplet(attributes, parameters, '1.6.0_04');
}
+
</script>
+
+
+
+ </div>
+
</body>
+
+ <script>
+
+
+
+ function focusToBrowser() {
+
+ // put focus to window
+ // focus can be assigned to any focusable field on the embedding website
+
+ //alert("Put focus to browser..");
+ //self.focus();
+ document.getElementById("helpimage").focus();
+
+ }
+
+ function focusToApplet() {
+
+ //alert('try to set focus to applet');
+ if (document != null && document.moccaapplet != null) {
+
+ //alert('set focus to applet.');
+ document.moccaapplet.getFocusFromBrowser();
+ return true;
+ }
+ }
+
+
+ function increaseSize() {
+
+ var appwidth = document.moccaapplet.width;
+ var appheight = document.moccaapplet.height;
+
+ document.moccaapplet.width = (appwidth * 1.2);
+ document.moccaapplet.height = (appheight * 1.2);
+
+ document.getElementById("container").style.width = (appwidth * 1.2);
+
+ // TODO: This does not work in firefox, seems that width and height attributes cannot be read
+ // and set from input of type image
+ var image_width = document.getElementById("increase_image").width;
+ var image_height = document.getElementById("increase_image").height;
+
+
+ document.getElementById("helpimage").width = (image_width * 1.2);
+ document.getElementById("helpimage").height = (image_height * 1.2);
+
+ document.getElementById("increase_image").width = (image_width * 1.2);
+ document.getElementById("increase_image").height = (image_height * 1.2);
+
+ document.getElementById("decrease_image").width = (image_width * 1.2);
+ document.getElementById("decrease_image").height = (image_height * 1.2);
+
+
+ }
+
+ function decreaseSize() {
+
+ var appwidth = document.moccaapplet.width;
+ var appheight = document.moccaapplet.height;
+
+ document.moccaapplet.width = (appwidth * 0.8333333333333);
+ document.moccaapplet.height = (appheight * 0.8333333333333);
+
+ document.getElementById("container").style.width = (appwidth * 0.8333333333333);
+
+ // TODO: This does not work in firefox, seems that width and height attributes cannot be read
+ // and set from input of type image
+ var image_width = document.getElementById("increase_image").width;
+ var image_height = document.getElementById("increase_image").height;
+
+
+ document.getElementById("helpimage").width = (image_width * 0.8333333333333);
+ document.getElementById("helpimage").height = (image_height * 0.8333333333333);
+
+ document.getElementById("increase_image").width = (image_width * 0.8333333333333);
+ document.getElementById("increase_image").height = (image_height * 0.8333333333333);
+
+ document.getElementById("decrease_image").width = (image_width * 0.8333333333333);
+ document.getElementById("decrease_image").height = (image_height * 0.8333333333333);
+
+
+ }
+
+ </script>
+
</html>
diff --git a/BKUOnline/src/main/webapp/img/dec.png b/BKUOnline/src/main/webapp/img/dec.png
new file mode 100644
index 00000000..87693cf4
--- /dev/null
+++ b/BKUOnline/src/main/webapp/img/dec.png
Binary files differ
diff --git a/BKUOnline/src/main/webapp/img/help.png b/BKUOnline/src/main/webapp/img/help.png
new file mode 100644
index 00000000..5d6da3bf
--- /dev/null
+++ b/BKUOnline/src/main/webapp/img/help.png
Binary files differ
diff --git a/BKUOnline/src/main/webapp/img/inc.png b/BKUOnline/src/main/webapp/img/inc.png
new file mode 100644
index 00000000..26e58b80
--- /dev/null
+++ b/BKUOnline/src/main/webapp/img/inc.png
Binary files differ
diff --git a/BKUOnline/src/main/webapp/local.jsp b/BKUOnline/src/main/webapp/local.jsp
new file mode 100644
index 00000000..48d62674
--- /dev/null
+++ b/BKUOnline/src/main/webapp/local.jsp
@@ -0,0 +1,63 @@
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+ pageEncoding="UTF-8"
+ import="at.gv.egiz.bku.online.webapp.AppletDispatcher,org.apache.commons.lang.RandomStringUtils,org.apache.commons.lang.StringEscapeUtils" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <title>MOCCA</title>
+ <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon">
+ <style type="text/css" media="all">@import "css/applet.css";</style>
+
+ <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
+ <META HTTP-EQUIV="EXPIRES" CONTENT="Mon, 22 Jul 2002 11:12:01 GMT">
+ <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
+ </head>
+ <%
+ int width = session.getAttribute("appletWidth") == null ? 190
+ : (Integer) session.getAttribute("appletWidth");
+ int height = session.getAttribute("appletHeight") == null ? 130
+ : (Integer) session.getAttribute("appletHeight");
+ String backgroundImg = StringEscapeUtils.escapeJavaScript(session
+ .getAttribute("appletBackground") == null ? "../img/chip32.png"
+ : (String) session.getAttribute("appletBackground"));
+ String backgroundColor = StringEscapeUtils
+ .escapeJavaScript((String) session
+ .getAttribute("appletBackgroundColor"));
+
+ String sessionId = StringEscapeUtils.escapeJavaScript(session.getId());
+
+ String dataURL = request.getRequestURL().toString();
+ dataURL = dataURL.substring(0, dataURL.lastIndexOf('/')) + "/DataURLServer";
+ %>
+ <body id="appletpage" style="width:<%=width%>px;height:<%=height%>px">
+ <div style="width:<%=width%>px;height:<%=height%>px">
+ <form action="http://127.0.0.1:3495/http-security-layer-request" method="post" enctype="application/x-www-form-urlencoded">
+ <input name="SessionID_" value="<%=sessionId%>" type="hidden"/>
+ <input name="DataURL" value="<%=dataURL%>" id="DataURL" type="hidden"/>
+ <input name="XMLRequest" value="<NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>" type="hidden"/>
+ <p>Anfrage wird an lokale BKU gesendet</p>
+ <div style="text-align: center;">
+ <input type="submit" style="vertical-align: middle"/>
+ </div>
+ </form>
+ </div>
+ </body>
+</html>