update eIDAS http(s) endpoints

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-01-13 14:04:58 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-01-13 14:04:58 +0100
commit: 28884c5d5ee4685aaf88309b1b6b340b65ffbe86 (patch)
tree: f13f11f01f67b8f0bbf799966eaee0f1347e4746
parent: ced2df85fa74ea2db9949b18e075e20af6168df0 (diff)
download: moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.tar.gz
moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.tar.bz2
moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.zip
4 files changed, 36 insertions, 22 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 9f347b4ee..1c20a81bf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -45,20 +45,30 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
-	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
-	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";	
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
-			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";	
+	public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
 	
-	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
+	//timeouts and clock skews
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
+	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
 	
+	//eIDAS attribute names
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
 	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
 	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+		
+	//http endpoint descriptions
+	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 556947572..49f0451cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,30 +22,19 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
-import java.io.ByteArrayInputStream;
-
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.util.xml.SimpleNamespaceContext;
-import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
  *
  */
-@WebServlet(urlPatterns = { "/eidas/post",  "/eidas/redirect"}, loadOnStartup = 1)
+@WebServlet(urlPatterns = { "/eidas/sp/post",  "/eidas/sp/redirect"}, loadOnStartup = 1)
 public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 
 	private static final long serialVersionUID = 8215688005533754459L;
@@ -53,7 +42,7 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 	public eIDASSignalServlet() {
 		super();
 		Logger.debug("Registering servlet " + getClass().getName() + 
-				" with mappings '/eidas/post' and '/eidas/redirect'.");
+				" with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 57588287d..963fe70c1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -142,7 +142,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
+			
 			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			//TODO: only for development and reverse proxy 
+			authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..cd30f2bec 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
@@ -49,15 +52,23 @@ public class EidasMetaDataServlet extends HttpServlet {
      */
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         try {
-            logger.info("EidasMetaDataServlet GET");
+            logger.debug("EidasMetaDataServlet GET");
             
-            String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
-            String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+            AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+            String pubURLPrefix = config.getPublicURLPrefix();
+            
+            
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            
+            //TODO: only for development and reverse proxy 
+            metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
+            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
-            logger.debug(metaData);
+            logger.trace(metaData);
 
-            response.setContentType("text/html");
+            response.setContentType("text/xml");
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-01-13 14:04:58 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-01-13 14:04:58 +0100
commit	28884c5d5ee4685aaf88309b1b6b340b65ffbe86 (patch)
tree	f13f11f01f67b8f0bbf799966eaee0f1347e4746
parent	ced2df85fa74ea2db9949b18e075e20af6168df0 (diff)
download	moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.tar.gz moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.tar.bz2 moa-id-spss-28884c5d5ee4685aaf88309b1b6b340b65ffbe86.zip