aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-07-26 10:24:55 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-07-26 10:24:55 +0200
commitf912da9959267d214bb10a2be8e412af731141ed (patch)
tree48f92d85d02d7ab128d42c966129d6286e8e587c
parent6ccca3ba6245fe4517a37382eed75ade2edbfd6a (diff)
downloadmoa-id-spss-f912da9959267d214bb10a2be8e412af731141ed.tar.gz
moa-id-spss-f912da9959267d214bb10a2be8e412af731141ed.tar.bz2
moa-id-spss-f912da9959267d214bb10a2be8e412af731141ed.zip
refactor MOA metadataprovider to load metadata from file system
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java9
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java22
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java16
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java30
10 files changed, 130 insertions, 9 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
new file mode 100644
index 000000000..d918be463
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+
+/**
+ *
+ * @author tlenz
+ *
+ * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
+ *
+ */
+public interface IPostStartupInitializable {
+
+ /**
+ * This method is called once when MOA-ID-Auth start-up process is fully completed
+ *
+ */
+ public void executeAfterStartup();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 65ea2fd90..3d45e2468 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -127,7 +127,7 @@ public class MOAIDAuthInitializer {
Random.seedRandom();
Logger.debug("Random-number generator is seeded.");
- // Initialize configuration provider
+ // Initialize configuration provider for non-spring managed parts
AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);
//test, if MOA-ID is already configured
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 7e0f48744..35d052acd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -235,6 +235,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return properties.getProperty(key, defaultValue);
}
+
+ public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.concertPropertiesToMap(properties), prefix);
+
+ }
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index e060e18e1..6c2235654 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -39,7 +39,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
@@ -177,12 +176,12 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
+ authConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
- AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
- AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ authConfig.isTrustmanagerrevoationchecking(),
+ authConfig.getRevocationMethodOrder(),
+ authConfig.getBasicMOAIDConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 1a2f0d1d3..50b2c5ece 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -53,7 +53,7 @@ auth.32=Federated authentication FAILED. No configuration for IDP {0}
auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow inbound messages.
auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.
-init.00=MOA ID Authentisierung wurde erfolgreich gestartet
+init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 4df11b35c..07b07d980 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -47,6 +47,16 @@ public interface AuthConfiguration extends ConfigurationProvider{
*/
public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
+ /**
+ * Get a set of configuration values from basic file based MOA-ID configuration that starts with this prefix
+ * <br><br>
+ * <b>Important:</b> The configuration values must be of type String!
+ *
+ * @param prefix Prefix of the configuration key
+ * @return Map<String, String> without prefix, but never null
+ */
+ public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix);
+
public int getTransactionTimeOut();
public int getSSOCreatedTimeOut();
public int getSSOUpdatedTimeOut();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index bc567e5d2..40ef5a23a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -29,6 +29,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Properties;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
@@ -45,6 +46,27 @@ public class KeyValueUtils {
public static final String CSV_DELIMITER = ",";
/**
+ * Convert Java properties into a Map<String, String>
+ * <br><br>
+ * <b>Important:</b> The key/values from properties must be of type String!
+ *
+ * @param properties
+ * @return
+ */
+ public static Map<String, String> concertPropertiesToMap(Properties properties) {
+ return new HashMap<String, String>((Map) properties);
+
+ //INFO Java8 solution ;)
+ // return properties.entrySet().stream().collect(
+// Collectors.toMap(
+// e -> e.getKey().toString(),
+// e -> e.getValue().toString()
+// )
+// );
+
+ }
+
+ /**
* Extract the first child of an input key after a the prefix
*
* @param key Full input key
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 07ba6a89e..b6fd8de8e 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -1,5 +1,8 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Map;
+import java.util.Map.Entry;
+
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
@@ -147,8 +150,19 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
// servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext))
// .addMappingForUrlPatterns(null, false, "/*");
- Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ...");
+ Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialization process ...");
MOAIDAuthInitializer.initialize(rootContext);
+
+
+ //initialize object that implements the IPostStartupInitializeable interface
+ Map<String, IPostStartupInitializable> objForInitialization = rootContext.getBeansOfType(IPostStartupInitializable.class);
+ for (Entry<String, IPostStartupInitializable> el : objForInitialization.entrySet()) {
+ Logger.debug("Starting post start-up initialization of '" + el.getKey() + "' ..." );
+ el.getValue().executeAfterStartup();
+ Logger.info("Post start-up initialization of '" + el.getKey() + "' finished." );
+
+ }
+
Logger.info(MOAIDMessageProvider.getInstance().getMessage(
"init.00", null));
Logger.info("MOA-ID-Auth initialization finished.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 01b202a88..adf6c4979 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -67,6 +67,8 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";
+ public static final String CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".metadata.url";
+
//timeouts and clock skews
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index a0330903b..76cc12e44 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -25,18 +25,20 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.AbstractProtocolEngine;
@Service("eIDASMetadataProvider")
public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider,
- IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider {
+ IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
private Timer timer = null;
@@ -62,6 +64,31 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
lastAccess = new HashMap<String, Date>();
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IPostStartupInitializable#executeAfterStartup()
+ */
+ @Override
+ public void executeAfterStartup() {
+ initializeEidasMetadataFromFileSystem();
+
+ }
+
+ protected void initializeEidasMetadataFromFileSystem() {
+ Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+ if (!metadataToLoad.isEmpty()) {
+ Logger.info("Load static configurated eIDAS metadata ... ");
+ for (String metaatalocation : metadataToLoad.values()) {
+ String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());
+ Logger.info(" Load eIDAS metadata from: " + absMetadataLocation);
+ refreshMetadataProvider(absMetadataLocation);
+
+ }
+
+ Logger.info("Load static configurated eIDAS metadata finished ");
+ }
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
@@ -358,4 +385,5 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
if (observer != null)
observer.onEvent(this);
}
+
}