aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-27 14:00:45 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-27 14:00:45 +0200
commitd8f886a98dd2c3eaec17623c4032395b54b15d62 (patch)
treee6df05b7f8127491b2c0bc966c0394698192d831
parentb3e9fbc02bce967d7303a024c68851d6471b2685 (diff)
downloadmoa-id-spss-d8f886a98dd2c3eaec17623c4032395b54b15d62.tar.gz
moa-id-spss-d8f886a98dd2c3eaec17623c4032395b54b15d62.tar.bz2
moa-id-spss-d8f886a98dd2c3eaec17623c4032395b54b15d62.zip
PVP2 functional OK, STORK only partially tested
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml151
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java263
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
15 files changed, 153 insertions, 407 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 032f06911..d33cae207 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -2,33 +2,29 @@
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
"http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
-<!--
-
- Configuration file for UrlRewriteFilter
- http://www.tuckey.org/urlrewrite/
-
--->
+<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ -->
<urlrewrite>
- <rule>
- <note>
- The rule means that requests to /test/status/ will be redirected to /rewrite-status
- the url will be rewritten.
- </note>
- <from>/test/status/</from>
- <to type="redirect">%{context-path}/rewrite-status</to>
- </rule>
+ <rule>
+ <note>
+ The rule means that requests to /test/status/ will be redirected to
+ /rewrite-status
+ the url will be rewritten.
+ </note>
+ <from>/test/status/</from>
+ <to type="redirect">%{context-path}/rewrite-status</to>
+ </rule>
+
+ <!-- Legacy Rules -->
+ <rule match-type="regex">
+ <from>^/StartAuthentication$</from>
+ <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/StartAuthentication\?(.*)$</from>
+ <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact&amp;$1</to>
+ </rule>
- <!-- Legacy Rules -->
- <rule match-type="regex">
- <from>^/StartAuthentication$</from>
- <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact</to>
- </rule>
- <rule match-type="regex">
- <from>^/StartAuthentication\?(.*)$</from>
- <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact&amp;$1</to>
- </rule>
-
<rule match-type="regex">
<from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from>
<to type="forward">/dispatcher?mod=$1&amp;action=$2</to>
@@ -39,86 +35,37 @@
</rule>
- <outbound-rule>
- <note>
- The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url)
- the url /rewrite-status will be rewritten to /test/status/.
-
- The above rule and this outbound-rule means that end users should never see the
- url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks
- in your pages.
- </note>
- <from>/rewrite-status</from>
- <to>/test/status/</to>
- </outbound-rule>
-
- <outbound-rule>
- <from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&amp;action=([a-zA-Z0-9]+)$</from>
- <to>/auth/$1/$2</to>
- </outbound-rule>
+ <rule match-type="regex">
+ <from>^/pvp2/metadata$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Metadata&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/pvp2/redirect$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Redirect&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/pvp2/post$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/PVP2Soap$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Soap</to>
+ </rule>
<outbound-rule>
- <from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&amp;action=([a-zA-Z0-9]+)&amp;(.*)$</from>
- <to>/auth/$1/$2&amp;$3</to>
+ <note>
+ The outbound-rule specifies that when response.encodeURL is called (if
+ you are using JSTL c:url)
+ the url /rewrite-status will be rewritten to /test/status/.
+
+ The above rule and this outbound-rule means that end users should never
+ see the
+ url /rewrite-status only /test/status/ both in thier location bar and in
+ hyperlinks
+ in your pages.
+ </note>
+ <from>/rewrite-status</from>
+ <to>/test/status/</to>
</outbound-rule>
- <!--
-
- INSTALLATION
-
- in your web.xml add...
-
- <filter>
- <filter-name>UrlRewriteFilter</filter-name>
- <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
- <init-param>
- <param-name>logLevel</param-name>
- <param-value>WARN</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>UrlRewriteFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- EXAMPLES
-
- Redirect one url
- <rule>
- <from>/some/old/page.html</from>
- <to type="redirect">/very/new/page.html</to>
- </rule>
-
- Redirect a directory
- <rule>
- <from>/some/olddir/(.*)</from>
- <to type="redirect">/very/newdir/$1</to>
- </rule>
-
- Clean a url
- <rule>
- <from>/products/([0-9]+)</from>
- <to>/products/index.jsp?product_id=$1</to>
- </rule>
- eg, /products/1234 will be passed on to /products/index.jsp?product_id=1234 without the user noticing.
-
- Browser detection
- <rule>
- <condition name="user-agent">Mozilla/[1-4]</condition>
- <from>/some/page.html</from>
- <to>/some/page-for-old-browsers.html</to>
- </rule>
- eg, will pass the request for /some/page.html on to /some/page-for-old-browsers.html only for older
- browsers whose user agent srtings match Mozilla/1, Mozilla/2, Mozilla/3 or Mozilla/4.
-
- Centralised browser detection
- <rule>
- <condition name="user-agent">Mozilla/[1-4]</condition>
- <set type="request" name="browser">moz</set>
- </rule>
- eg, all requests will be checked against the condition and if matched
- request.setAttribute("browser", "moz") will be called.
-
- -->
-
</urlrewrite>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d9f3ef7e8..45f269f0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2872,16 +2872,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("Issuer value: " + issuerValue);
- QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
Logger.debug("QAALevel: " + qaaLevel.getValue());
RequestedAttributes requestedAttributes = null;
- //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes();
+ requestedAttributes = oaParam.getRequestedAttributes();
requestedAttributes.detach();
List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
List<RequestedAttribute> oaReqAttributeList = null;
- //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 8279b28d8..cef9f9ff9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -28,6 +28,7 @@ import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import java.io.IOException;
+import java.io.PrintWriter;
import java.security.GeneralSecurityException;
import java.util.Properties;
@@ -36,6 +37,9 @@ import javax.activation.MailcapCommandMap;
import javax.mail.Session;
import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.logging.impl.SLF4JLog;
+import org.apache.log4j.config.PropertyPrinter;
+
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -158,6 +162,7 @@ public class MOAIDAuthInitializer {
// Initializes IAIKX509TrustManager logging
String log4jConfigURL = System.getProperty("log4j.configuration");
+ Logger.info("Log4J Configuration: " + log4jConfigURL);
if (log4jConfigURL != null) {
IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b86b2ec68..82acd0897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -279,7 +279,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
//Initialize OpenSAML for STORK
- Logger.trace("Starting initialization of OpenSAML...");
+ Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 10dd2cfea..7c174de77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -133,17 +133,17 @@ public class OAAuthParameter extends OAParameter {
/**
* STORK QAA Level, Default = 4
*/
- // private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
/**
* STORK RequestedAttributes for Online Application
* Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
*/
- //private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
-// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
-// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
-// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
-// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
+ private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
/**
@@ -469,33 +469,33 @@ public class OAAuthParameter extends OAParameter {
* Returns the defined STORK QAALevel
* @return STORK QAALevel
*/
- /*public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ public QualityAuthenticationAssuranceLevel getQaaLevel() {
return qaaLevel;
- }*/
+ }
/**
* Sets the STORK QAALevel
* @param qaaLevel
*/
- /*public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
+ public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
this.qaaLevel = qaaLevel;
- }*/
+ }
/**
* Returns the desired STORK Requested Attributes
* @return STORK Requested Attributes
*/
- //public RequestedAttributes getRequestedAttributes() {
- // return requestedAttributes;
- //}
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
/**
* Sets the desired STORK Requested Attributes
* @param requestedAttributes
*/
- //public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
- // this.requestedAttributes = requestedAttributes;
- //}
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
deleted file mode 100644
index e04600b42..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
+++ /dev/null
@@ -1,263 +0,0 @@
-package at.gv.egovernment.moa.id.entrypoints;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulStorage;
-import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.ServletInfo;
-import at.gv.egovernment.moa.id.moduls.ServletType;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class AuthDispatcherServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- public static final String PARAM_TARGET_PATH = "mod";
- public static final String PARAM_TARGET_PROTOCOL = "action";
-/* public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets";
- public static final String PARAM_DISPATCHER_TYPE = "DispatcherType";
- public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH";
- public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH";
- public static String SYSTEM_NEWLINE = System.getProperty("line.separator");
-
- private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new HashMap<String, HashMap<String, HttpServlet>>();
-
- private void registerModule(IModulInfo modulInfo) {
-
- HashMap<String, HttpServlet> tempMap = new HashMap<String, HttpServlet>();
-
- try {
-
- String path = modulInfo.getPath();
-
- if (path == null) {
- throw new Exception(String.format(
- "%s does not return a valid target path!",
- new Object[] { modulInfo.getClass().getName() }));
- }
-
- Logger.debug("Registering: " + modulInfo.getName() + " under "
- + path);
-
- List<ServletInfo> servletInfos = modulInfo.getServlets();
-
- Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator();
-
- while (servletInfoIterator.hasNext()) {
-
- ServletInfo servletInfo = servletInfoIterator.next();
-
- if (servletInfo.getType() == ServletType.AUTH) {
- HttpServlet servlet = servletInfo.getServletInstance();
- String target = servletInfo.getTarget();
-
- if (target == null) {
- throw new Exception(
- String.format(
- "%s does not return a valid target identifier!",
- new Object[] { servlet.getClass()
- .getName() }));
- }
-
- if (tempMap.containsKey(target)) {
- throw new Exception(String.format(
- "%s tried to overwrite %s/%s", new Object[] {
- servlet.getClass().getName(), path,
- target }));
- }
-
- tempMap.put(target, servlet);
- Logger.info("Registered Servlet class: "
- + servlet.getClass().getName() + " OK");
- }
-
- }
-
- // when there was no error we register all servlets into the real
- // endpoint map ...
- if (!tempMap.isEmpty()) {
- endpointMap.put(path, tempMap);
- }
- } catch (Throwable e) {
- Logger.error("Registering Modul class: "
- + modulInfo.getClass().getName() + " FAILED!!", e);
- }
- }
-*/
- @Override
- public void init(ServletConfig config) throws ServletException {
- try {
- super.init(config);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "init.00", null));
- } catch (Exception ex) {
- Logger.fatal(
- MOAIDMessageProvider.getInstance().getMessage("init.02",
- null), ex);
- throw new ServletException(ex);
- }
- Logger.info("Auth dispatcher Servlet initialization");
-/*
- List<IModulInfo> modules = ModulStorage.getAllModules();
- Iterator<IModulInfo> it = modules.iterator();
- while (it.hasNext()) {
- IModulInfo info = it.next();
- String targetClass = info.getClass().getName();
- try {
- registerModule(info);
- } catch (Throwable e) {
- Logger.error("Registering Class " + targetClass + " FAILED!!",
- e);
- }
- }*/
- }
-
- protected void processRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
- try {
- Object pathObject = req.getParameter(PARAM_TARGET_PATH);
- String path = null;
-
- HttpSession session = req.getSession();
-
- if (pathObject != null && (pathObject instanceof String)) {
- path = (String) pathObject;
- }
-
- if (path == null) {
- path = (String) session.getAttribute(PARAM_TARGET_PATH);
- }
-
- Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL);
- String protocol = null;
- if (protocolObject != null && (protocolObject instanceof String)) {
- protocol = (String) protocolObject;
- }
-
- if (protocol == null) {
- protocol = (String) session.getAttribute(PARAM_TARGET_PROTOCOL);
- }
-
- Logger.debug("dispatching to " + path + " protocol " + protocol);
-/*
- if (path != null && protocol != null
- && endpointMap.containsKey(path)) {
-
- IModulInfo info = ModulStorage.getModuleByPath(path);
-
- if (info == null) {
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- Logger.error("Path " + path + " has no module registered");
- return;
- }
-
- IAction action = info.getAction(protocol);
-
- if (action == null) {
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- Logger.error("Action " + protocol + " is not available!");
- return;
- }
-
-
-
- try {
- IRequest configuration = info.preProcess(req, resp, protocol);
-
- if(configuration.forceAuth()) {
- session.setAttribute(PARAM_TARGET_PATH, path);
- session.setAttribute(PARAM_TARGET_PROTOCOL, protocol);
-
- AuthenticationManager.doAuthentication(req, resp,
- configuration);
- return;
- }
-
- if (!AuthenticationManager.isAuthenticated(req, resp)) {
-
- session.setAttribute(PARAM_TARGET_PATH, path);
- session.setAttribute(PARAM_TARGET_PROTOCOL, protocol);
-
- if(configuration.isPassiv()) {
- throw new NoPassivAuthenticationException();
- }
-
- AuthenticationManager.doAuthentication(req, resp,
- configuration);
- return;
- }
-
- HashMap<String, HttpServlet> pathMap = endpointMap.get(path);
- Logger.debug("found path");
- if (pathMap.containsKey(protocol)) {
- Logger.debug("found protocol");
- try {
- HttpServlet servlet = (HttpServlet) pathMap
- .get(protocol);
- String forward = servlet.getClass().getName();
- Logger.info("Forwarding to Servlet: " + forward);
- getServletContext().getNamedDispatcher(forward)
- .forward(req, resp);
- // TODO: disabled SSO
- AuthenticationManager.logout(req, resp);
- return;
- } catch (Throwable e) {
- e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- }
- }
- catch (Throwable e) {
- // Try handle module specific, if not possible rethrow
- if(!info.generateErrorMessage(e, req, resp)) {
- throw e;
- }
- }
- }*/
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- }/* catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- } catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } */catch (Throwable e) {
- e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
-
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- processRequest(req, resp);
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- processRequest(req, resp);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index c3f835edb..36a8d0d6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
+import java.io.PrintWriter;
import java.util.Iterator;
import javax.servlet.RequestDispatcher;
@@ -11,6 +12,10 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.log4j.config.PropertyPrinter;
+
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
@@ -56,6 +61,8 @@ public class DispatcherServlet extends AuthServlet {
protected void processRequest(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
try {
+ Logger.info("REQUEST: " + req.getRequestURI());
+ Logger.info("QUERY : " + req.getQueryString());
String errorid = req.getParameter(ERROR_CODE_PARAM);
if (errorid != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index c5fa53973..e752857dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -64,14 +65,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
- static {
- try {
- DefaultBootstrap.bootstrap();
- } catch (ConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
+ static {
servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
ServletType.AUTH));
servletList.add(new ServletInfo(PVPProcessor.class, POST,
@@ -172,7 +166,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
attributeIdx = aIdx.intValue();
}
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
new file mode 100644
index 000000000..513939e5d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -0,0 +1,12 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+
+public class MOAURICompare implements URIComparator {
+
+ public boolean compare(String uri1, String uri2) {
+ // TODO: implement proper equalizer for rewritten URLS
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 97e7ef80c..6e826005d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -16,6 +16,7 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -24,8 +25,10 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
public class PostBinding implements IDecoder, IEncoder {
@@ -83,9 +86,16 @@ public class PostBinding implements IDecoder, IEncoder {
BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
+ decode.setURIComparator(new MOAURICompare());
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+
+ try {
+ messageContext.setMetadataProvider(new MOAMetadataProvider());
+ } catch (MetadataProviderException e) {
+ Logger.error("Failed to get Metadata Provider");
+ throw new SecurityException("Failed to get Metadata Provider");
+ }
+
decode.decode(messageContext);
RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index c0cf6ac63..4e7b08b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -76,6 +76,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
+ decode.setURIComparator(new MOAURICompare());
BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 11e9cb860..c8059b2f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -8,8 +8,6 @@ import java.util.List;
import java.util.Properties;
import java.util.Set;
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.filefilter.DirectoryFileFilter;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
@@ -38,6 +36,10 @@ public class PVPConfiguration {
return instance;
}
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
public static final String IDP_KEYALIAS = "idp.ks.alias";
@@ -54,9 +56,7 @@ public class PVPConfiguration {
public static final String IDP_ORG_DISPNAME = "idp.org.dispname";
public static final String IDP_ORG_URL = "idp.org.url";
- public static final String IDP_POST_SSO_SERVICE = "idp.sso.post";
- public static final String IDP_REDIRECT_SSO_SERVICE = "idp.sso.redirect";
- public static final String IDP_SOAP_RESOLVE_SERVICE = "idp.resolve.soap";
+ public static final String IDP_PUBLIC_URL = "idp.public.url";
public static final String IDP_TRUST_STORE = "idp.truststore";
public static final String SP_TARGET_PREFIX = "sp.target.";
@@ -88,17 +88,27 @@ public class PVPConfiguration {
e.printStackTrace();
}
}
+
+ public String getIDPPublicPath() {
+ String publicPath = props.getProperty(IDP_PUBLIC_URL);
+ if(publicPath != null) {
+ if(publicPath.endsWith("/")) {
+ publicPath = publicPath.substring(0, publicPath.length()-2);
+ }
+ }
+ return publicPath;
+ }
public String getIDPSSOPostService() {
- return props.getProperty(IDP_POST_SSO_SERVICE);
+ return getIDPPublicPath() + PVP2_POST;
}
public String getIDPSSORedirectService() {
- return props.getProperty(IDP_REDIRECT_SSO_SERVICE);
+ return getIDPPublicPath() + PVP2_REDIRECT;
}
-
- public String getIDPResolveSOAPService() {
- return props.getProperty(IDP_SOAP_RESOLVE_SERVICE);
+
+ public String getIDPSSOMetadataService() {
+ return getIDPPublicPath() + PVP2_METADATA;
}
public String getIDPKeyStoreFilename() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
new file mode 100644
index 000000000..c45820cfb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoMetadataInformationException extends PVP2Exception {
+
+ public NoMetadataInformationException() {
+ super("pvp2.15", null);
+ this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4608068445208032193L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 7bb5b052f..d6ac121b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -19,6 +19,8 @@ import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.w3c.dom.Document;
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
public class SAML2Utils {
public static <T> T createSAMLObject(final Class<T> clazz) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 369cbd5b6..c757e7f8b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -200,4 +200,5 @@ pvp2.10=Attribut {0} nicht verfuegbar
pvp2.11=Binding {0} wird nicht unterstuetzt
pvp2.12=NameID Format {0} wird nicht unterstuetzt
pvp2.13=Interner Server Fehler
-pvp2.14=SAML Anfrage verweigert \ No newline at end of file
+pvp2.14=SAML Anfrage verweigert
+pvp2.15=Keine Metadateninformation gefunden \ No newline at end of file