diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-22 11:35:18 +0100 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-22 11:35:18 +0100 | 
| commit | f441b49a4eadb475396217901bbbc49973ca8107 (patch) | |
| tree | 3be9a8ccba8c2d54bda4da7a77144f03f90b6920 | |
| parent | b1235f66ee1e890f9868724f9faedd222541178b (diff) | |
| download | moa-id-spss-f441b49a4eadb475396217901bbbc49973ca8107.tar.gz moa-id-spss-f441b49a4eadb475396217901bbbc49973ca8107.tar.bz2 moa-id-spss-f441b49a4eadb475396217901bbbc49973ca8107.zip | |
add first parts of new federated authentication modul
17 files changed, 824 insertions, 10 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SP/tasks/AbstractAuthnRequestTask.java index 951a04cf6..c8c115f82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SP/tasks/AbstractAuthnRequestTask.java @@ -20,8 +20,7 @@   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file.   */ -package at.gv.egovernment.moa.id.auth.modules.internal.tasks; - +package at.gv.egovernment.moa.id.protocols.pvp2x.SP.tasks;  import java.lang.reflect.InvocationTargetException;  import java.security.NoSuchAlgorithmException; @@ -44,7 +43,6 @@ import org.opensaml.saml2.metadata.SingleSignOnService;  import org.opensaml.saml2.metadata.provider.MetadataProviderException;  import org.opensaml.ws.message.encoder.MessageEncodingException;  import org.opensaml.xml.security.SecurityException; -import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -72,8 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;   * @author tlenz   *   */ -@Service("CreateInterfedeartionRequestTask") -public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { +public abstract class AbstractAuthnRequestTask extends AbstractAuthServletTask {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SP/tasks/AbstractAuthnResponseTask.java index 77aab8ddb..6ce8fab59 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SP/tasks/AbstractAuthnResponseTask.java @@ -20,13 +20,11 @@   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file.   */ -package at.gv.egovernment.moa.id.auth.modules.internal.tasks; +package at.gv.egovernment.moa.id.protocols.pvp2x.SP.tasks;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import org.springframework.stereotype.Service; -  import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;  import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;  import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -35,8 +33,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;   * @author tlenz   *   */ -@Service("ReceiveInterfederationResponseTask") -public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask { +public abstract class AbstractAuthnResponseTask extends AbstractAuthServletTask {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) diff --git a/id/server/modules/moa-id-module-pvp2/.gitignore b/id/server/modules/moa-id-module-pvp2/.gitignore new file mode 100644 index 000000000..b83d22266 --- /dev/null +++ b/id/server/modules/moa-id-module-pvp2/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/id/server/modules/moa-id-module-pvp2/pom.xml b/id/server/modules/moa-id-module-pvp2/pom.xml new file mode 100644 index 000000000..0a71e27ce --- /dev/null +++ b/id/server/modules/moa-id-module-pvp2/pom.xml @@ -0,0 +1,11 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +  <modelVersion>4.0.0</modelVersion> +  <parent> +    <groupId>MOA.id.server.modules</groupId> +    <artifactId>moa-id-modules</artifactId> +    <version>${moa-id-version}</version> +  </parent> +  <artifactId>moa-id-module-pvp2</artifactId> +  <name>PVP2 Module</name> +  <description>PVP2.x authentication modul for MOA-ID-Auth</description> +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml new file mode 100644 index 000000000..7e8ac86af --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -0,0 +1,24 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +  <modelVersion>4.0.0</modelVersion> +  <parent> +    <groupId>MOA.id.server.modules</groupId> +    <artifactId>moa-id-modules</artifactId> +    <version>${moa-id-version}</version> +  </parent> +  <artifactId>moa-id-modules-federated_authentication</artifactId> +  <description>PVP2 ServiceProvider implementation for federated authentication</description> +   +  <name>MOA ID-Module Federated-Authentication</name> + +	<properties> +		<repositoryPath>${basedir}/../../../../repository</repositoryPath> +	</properties> +   +  	<dependencies> +  	  	<dependency> +  					<groupId>MOA.id.server</groupId> +  					<artifactId>moa-id-lib</artifactId> +  			</dependency> +  	</dependencies> +   +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthConstants.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthConstants.java new file mode 100644 index 000000000..97e4c0a20 --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthConstants.java @@ -0,0 +1,47 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth; + +/** + * @author tlenz + * + */ +public class FederatedAuthConstants { + +	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24;  +	 +	public static final String ENDPOINT_POST = "/sp/federated/post"; +	public static final String ENDPOINT_REDIRECT = "/sp/federated/redirect"; +	public static final String ENDPOINT_METADATA = "/sp/federated/metadata"; + +	public static final String CONFIG_PROPS_PREFIX = "modules.federatedAuth.";	 +	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; +	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; +	public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; +	public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; +	public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; +	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; +	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; +	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; +	 +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java new file mode 100644 index 000000000..4a610549d --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class FederatedAuthenticationModuleImpl implements AuthModule { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() +	 */ +	@Override +	public int getPriority() { +		// TODO Auto-generated method stub +		return 0; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) +	 */ +	@Override +	public String selectProcess(ExecutionContext context) { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() +	 */ +	@Override +	public String[] getProcessDefinitions() { +		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/federatedauth/federated.Authentication.process.xml" }; +	} + +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..91d56ebed --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class FederatedAuthenticationSpringResourceProvider implements SpringResourceProvider { + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() +	 */ +	@Override +	public Resource[] getResourcesToLoad() { +		ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_federated_auth.beans.xml", FederatedAuthenticationSpringResourceProvider.class);					 +		 +		return new Resource[] {federationAuthConfig}; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() +	 */ +	@Override +	public String[] getPackagesToScan() { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() +	 */ +	@Override +	public String getName() { +		return "MOA-ID Auth-module 'SSO Interfederation'"; +	} + +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java new file mode 100644 index 000000000..45d76d4fe --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth.builder; + +import java.util.Arrays; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("FederatedAuthMetadataBuilder") +public class FederatedAuthMetadataBuilder extends AbstractPVPMetadataBuilder { + +	@Autowired FederatedAuthCredentialProvider credentialProvider; +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() +	 */ +	@Override +	public int getMetadataValidUntil() { +		return FederatedAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() +	 */ +	@Override +	public boolean buildEntitiesDescriptorAsRootElement() { +		return false; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() +	 */ +	@Override +	public boolean buildIDPSSODescriptor() { +		return false; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() +	 */ +	@Override +	public boolean buildSPSSODescriptor() { +		return true; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() +	 */ +	@Override +	public String getEntityIDPostfix() { +		return FederatedAuthConstants.ENDPOINT_METADATA; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() +	 */ +	@Override +	public String getEntityFriendlyName() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() +	 */ +	@Override +	public List<ContactPerson> getContactPersonInformation() { +		try { +			return PVPConfiguration.getInstance().getIDPContacts(); +			 +		} catch (ConfigurationException e) { +			Logger.warn("Can not load Metadata entry: Contect Person", e); +			return null; +			 +		} +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() +	 */ +	@Override +	public Organization getOrgansiationInformation() { +		try { +			return PVPConfiguration.getInstance().getIDPOrganisation(); +			 +		} catch (ConfigurationException e) { +			Logger.warn("Can not load Metadata entry: Organisation", e); +			return null; +			 +		} +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() +	 */ +	@Override +	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { +		return credentialProvider.getIDPMetaDataSigningCredential(); +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() +	 */ +	@Override +	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { +		return credentialProvider.getIDPAssertionSigningCredential(); +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() +	 */ +	@Override +	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { +		return credentialProvider.getIDPAssertionEncryptionCredential(); +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() +	 */ +	@Override +	public String getIDPWebSSOPostBindingURL() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() +	 */ +	@Override +	public String getIDPWebSSORedirectBindingURL() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() +	 */ +	@Override +	public String getIDPSLOPostBindingURL() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() +	 */ +	@Override +	public String getIDPSLORedirectBindingURL() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() +	 */ +	@Override +	public String getSPAssertionConsumerServicePostBindingURL() { +		return FederatedAuthConstants.ENDPOINT_POST; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() +	 */ +	@Override +	public String getSPAssertionConsumerServiceRedirectBindingURL() { +		return FederatedAuthConstants.ENDPOINT_REDIRECT; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() +	 */ +	@Override +	public String getSPSLOPostBindingURL() { +		return FederatedAuthConstants.ENDPOINT_POST; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() +	 */ +	@Override +	public String getSPSLORedirectBindingURL() { +		return FederatedAuthConstants.ENDPOINT_REDIRECT; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() +	 */ +	@Override +	public String getSPSLOSOAPBindingURL() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() +	 */ +	@Override +	public List<Attribute> getIDPPossibleAttributes() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() +	 */ +	@Override +	public List<String> getIDPPossibleNameITTypes() { +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() +	 */ +	@Override +	public List<RequestedAttribute> getSPRequiredAttributes() { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() +	 */ +	@Override +	public List<String> getSPAllowedNameITTypes() { +		return Arrays.asList(NameIDType.PERSISTENT,  +							 NameIDType.TRANSIENT, +							 NameIDType.UNSPECIFIED); +		 +	} + +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java new file mode 100644 index 000000000..d41a25a10 --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -0,0 +1,89 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.federatedauth.builder.FederatedAuthMetadataBuilder; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class FederatedAuthMetadataController extends AbstractController { +	 +	@Autowired FederatedAuthMetadataBuilder metadatabuilder; +	@Autowired AuthConfiguration authConfig; +	 +	public FederatedAuthMetadataController() { +		super(); +		Logger.debug("Registering servlet " + getClass().getName()  +				+ " with mappings '" + FederatedAuthConstants.ENDPOINT_METADATA  +				+ "'."); +		 +	} +	 +	@RequestMapping(value = "/sp/federated/metadata",  +					method = {RequestMethod.GET}) +	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { +		//check PublicURL prefix +		try { +			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		 +			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		 +				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); +				return; +				 +			} else { +				//build metadata +				String xmlMetadata = metadatabuilder.buildPVPMetadata(authURL); +				 +				//write response +				resp.setContentType("text/xml"); +				resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8")); +				resp.getOutputStream().close(); + +			} +			 +		} catch (Exception e) { +			Logger.warn("Build federated-authentication PVP metadata FAILED.", e); +			handleErrorNoRedirect(e, req, resp, false); +			 +		} +		 +	} +		 +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java new file mode 100644 index 000000000..431ed5ef1 --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; +import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class FederatedAuthSignalController extends AbstractProcessEngineSignalController { + +	public FederatedAuthSignalController() { +		super(); +		Logger.debug("Registering servlet " + getClass().getName()  +				+ " with mappings '" + FederatedAuthConstants.ENDPOINT_POST  +				+ "' and '" + FederatedAuthConstants.ENDPOINT_REDIRECT + "'."); +		 +	} +	 +	@RequestMapping(value = {	"/sp/federated/post",  +			 					"/sp/federated/redirect" +							},  +					method = {RequestMethod.POST, RequestMethod.GET}) +	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { +		signalProcessManagement(req, resp); +		 +	} +	 +	public String getPendingRequestId(HttpServletRequest request) { +		return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); +		 +	} +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java new file mode 100644 index 000000000..1168250ad --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -0,0 +1,123 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * @author tlenz + * + */ +@Service("FederatedAuthCredentialProvider") +public class FederatedAuthCredentialProvider extends AbstractCredentialProvider { + +	@Autowired AuthConfiguration authConfig; +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() +	 */ +	@Override +	public String getKeyStoreFilePath() { +		return FileUtils.makeAbsoluteURL( +					authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE),  +					authConfig.getRootConfigFileDir()); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() +	 */ +	@Override +	public String getKeyStorePassword() { +		return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() +	 */ +	@Override +	public String getMetadataKeyAlias() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() +	 */ +	@Override +	public String getMetadataKeyPassword() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() +	 */ +	@Override +	public String getSignatureKeyAlias() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() +	 */ +	@Override +	public String getSignatureKeyPassword() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() +	 */ +	@Override +	public String getEncryptionKeyAlias() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() +	 */ +	@Override +	public String getEncryptionKeyPassword() { +		return authConfig.getBasicMOAIDConfiguration( +				FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() +	 */ +	@Override +	public String getFriendlyName() { +		return "FederatedAuth-SP"; +	} + +} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..28e4ae944 --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/federatedauth/federated.Authentication.process.xml b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/federatedauth/federated.Authentication.process.xml new file mode 100644 index 000000000..4ff64e76d --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/federatedauth/federated.Authentication.process.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + +	<pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" /> +	<pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" async="true" /> +	<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> +	<pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + +	<pd:StartEvent id="start" />	 +	<pd:Transition from="start" to="createAuthnRequest" />	 +	<pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> +	<pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> +	<pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />		 +	<pd:Transition from="finalizeAuthentication"    to="end" />	 +	<pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/moaid_federated_auth.beans.xml b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/moaid_federated_auth.beans.xml new file mode 100644 index 000000000..3c3dd5b23 --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/resources/moaid_federated_auth.beans.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" +	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +	xmlns:context="http://www.springframework.org/schema/context" +	xmlns:tx="http://www.springframework.org/schema/tx" +	xmlns:aop="http://www.springframework.org/schema/aop" +	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> +  + +							 +<!-- Authentication Process Tasks --> + +	<bean id="FederatedAuthCredentialProvider" +	      class="at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider"/> + +	<bean	id="FederatedAuthMetadataController" +				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthMetadataController"/> +				 +	<bean	id="FederatedAuthModule" +				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthenticationModuleImpl"/>				 +	 +	<bean	id="FederatedAuthSignalController" +				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthSignalController"/> +				 +	<bean	id="FederatedAuthMetadataBuilder" +				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.builder.FederatedAuthMetadataBuilder"/> +																								 +</beans>
\ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 6ba8ad30f..f35869077 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -26,6 +26,7 @@  		<module>moa-id-modul-citizencard_authentication</module>  		<module>moa-id-module-eIDAS</module>  		<!-- <module>moa-id-module-pvp2</module> --> +		<module>moa-id-modules-federated_authentication</module>  	</modules>  	<dependencies> @@ -475,6 +475,17 @@  				<artifactId>moa-id-module-eIDAS</artifactId>  				<version>${moa-id-version}</version>  			</dependency> +			<dependency> +				<groupId>MOA.id.server.modules</groupId> +				<artifactId>moa-id-module-pvp2</artifactId> +				<version>${moa-id-version}</version> +			</dependency>  + +			<dependency> +				<groupId>MOA.id.server.modules</groupId> +				<artifactId>moa-id-modules-federated_authentication</artifactId> +				<version>${moa-id-version}</version> +			</dependency>               <dependency> | 
