aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 17:17:18 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 17:17:18 +0200
commit14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71 (patch)
tree499005ff90caebcf2e1227bbcf53cee0d9a73d9d
parent9ade292185a7cd7ebfd0aad27a48324433737bfe (diff)
downloadmoa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.gz
moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.bz2
moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.zip
use MOA SSL SocketFactory for AttributQueryRequests
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java3
3 files changed, 43 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 33c150927..a1a51f6c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,6 +32,7 @@ import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
@@ -61,12 +62,16 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -173,18 +178,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authdata.setBPK(interfIDP.getUserNameID());
} else {
+ //get attributes from interfederated IDP
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
+
//mark attribute request as used
try {
- interfIDP.setAttributesRequested(true);
- MOASessionDBUtils.saveOrUpdate(interfIDP);
+ if (idp.isInterfederationSSOStorageAllowed()) {
+ interfIDP.setAttributesRequested(true);
+ MOASessionDBUtils.saveOrUpdate(interfIDP);
+
+ } else {
+ MOASessionDBUtils.delete(interfIDP);
+ }
} catch (MOADatabaseException e) {
Logger.error("MOASession interfederation information can not stored to database.", e);
}
-
- //get attributes from interfederated IDP
- getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, reqAttributes);
}
} else {
@@ -217,13 +228,14 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
* @param oaParam
* @param protocolRequest
* @param interfIDP
+ * @param idp
* @param reqQueryAttr
* @throws ConfigurationException
*/
private static void getAuthDataFromInterfederation(
AuthenticationData authdata, AuthenticationSession session,
IOAAuthParameters oaParam, IRequest req,
- InterfederationSessionStore interfIDP, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
+ InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
try {
List<Attribute> attributs = null;
@@ -243,9 +255,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
attributs = req.getRequestedAttributes();
}
-
- //collect attributes by using BackChannel communication
- String endpoint = oaParam.getIDPAttributQueryServiceURL();
+
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
if (MiscUtil.isEmpty(endpoint)) {
Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
@@ -265,6 +277,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
soapContext.setOutboundMessage(soapRequest);
HttpClientBuilder clientBuilder = new HttpClientBuilder();
+ if (endpoint.startsWith("https")) {
+ try {
+ SecureProtocolSocketFactory sslprotocolsocketfactory =
+ new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+ clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
//send request to IDP
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index dafaf6279..47c297914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PVPConstants {
+ public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
+
public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 5c8e181a7..f29c0eaef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +339,7 @@ public class MOAMetadataProvider implements MetadataProvider {
if (metadataURL.startsWith("https:")) {
try {
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
+ PVPConstants.SSLSOCKETFACTORYNAME,
AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
null,