* use MOADefaultBootstrap to set SHA256 as default security parameter

* SAMLEngine: deaktivate DefaultBootStrap.
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-07 12:46:53 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-07 12:46:53 +0100
commit: 42e2547a52439611b52e6a42c6e1098acff997c6 (patch)
tree: e3a39bd2594a0298bb2aa32b3c99561ee9e7def0
parent: 1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 (diff)
download: moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.tar.gz
moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.tar.bz2
moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.zip
8 files changed, 65 insertions, 31 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 0b30d7d86..dcd478864 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
 
 import java.io.IOException;
+import java.security.Key;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.List;
@@ -55,6 +56,7 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
 import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityHelper;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.criteria.EntityIDCriteria;
 import org.opensaml.xml.security.criteria.UsageCriteria;
@@ -149,6 +151,11 @@ public class DemoApplication extends HttpServlet {
 				
 				Logger.info("PVP2 Assertion is valid");
 				
+				//set assertion
+				org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+				String assertion = DOMUtils.serializeNode(doc);				
+				bean.setAssertion(assertion);
+				
 				if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 			
 					List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -177,7 +184,7 @@ public class DemoApplication extends HttpServlet {
 						encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
 						
 						Decrypter samlDecrypter =
-								  new Decrypter(null, skicr, encryptedKeyResolver);
+								new Decrypter(null, skicr, encryptedKeyResolver);
 						
 						for (EncryptedAssertion encAssertion : encryAssertionList) {							
 							saml2assertions.add(samlDecrypter.decrypt(encAssertion));
@@ -219,10 +226,6 @@ public class DemoApplication extends HttpServlet {
 						}
 					}
 					
-					org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
-					String assertion = DOMUtils.serializeNode(doc);
-					
-					bean.setAssertion(assertion);
 					bean.setDateOfBirth(birthday);
 					bean.setFamilyName(familyName);
 					bean.setGivenName(givenName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a5e92c701..d8d375db2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -265,10 +265,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 						
 			if (domainIdentifier.startsWith(PREFIX_WPBK)) {
 				
-				isbuisness = false;
+				isbuisness = true;
 				
 			} else {
-				isbuisness = true;
+				isbuisness = false;
 				
 			}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 304b63de0..c0f47d781 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
 import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -365,7 +366,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 				
 		//Initialize OpenSAML for STORK
 		Logger.info("Starting initialization of OpenSAML...");
-		DefaultBootstrap.bootstrap();
+		MOADefaultBootstrap.bootstrap();
+		//DefaultBootstrap.bootstrap();
 		Logger.debug("OpenSAML successfully initialized");
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 78fe43daa..7e6d1e2c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -36,6 +36,7 @@ import javax.xml.transform.stream.StreamResult;
 
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
+import org.opensaml.common.impl.SAMLObjectContentReference;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.metadata.ContactPerson;
@@ -45,12 +46,15 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.KeyDescriptor;
 import org.opensaml.saml2.metadata.NameIDFormat;
 import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.ContentReference;
 import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.Signer;
 import org.w3c.dom.Document;
 
@@ -114,13 +118,31 @@ public class MetadataAction implements IAction {
 			Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
 			Signature signature = CredentialProvider
 					.getIDPSignature(metadataSigningCredential);
+						
+			idpEntitiesDescriptor.setSignature(signature);
+			
+//			//set SignatureMethode
+//			signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//			
+//			//set DigestMethode
+//			List<ContentReference> contentList = signature.getContentReferences();
+//			for (ContentReference content : contentList) {
+//				
+//				if (content instanceof SAMLObjectContentReference) {
+//					
+//					SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+//					el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//					
+//				}
+//			}
+			
 			
 //			KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
 //			KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
 //			//KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
 //			signature.setKeyInfo(metadataKeyInfo );
 			
-			idpEntitiesDescriptor.setSignature(signature);
+
 
 			IDPSSODescriptor idpSSODescriptor = SAML2Utils
 					.createSAMLObject(IDPSSODescriptor.class);
@@ -222,7 +244,7 @@ public class MetadataAction implements IAction {
 
 			String metadataXML = sw.toString();
 
-			//System.out.println("METADATA: " + metadataXML);
+			System.out.println("METADATA: " + metadataXML);
 
 			httpResp.setContentType("text/xml");
 			httpResp.getOutputStream().write(metadataXML.getBytes());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 0172cce2d..7946c7596 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,8 +22,17 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
 public interface PVPConstants {
 	
+	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+	
+	
 	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
 	public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 5d71b915f..bf82efb79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -33,6 +33,7 @@ import java.util.Properties;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 
+import org.opensaml.Configuration;
 import org.opensaml.saml2.metadata.Company;
 import org.opensaml.saml2.metadata.ContactPerson;
 import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
@@ -45,6 +46,7 @@ import org.opensaml.saml2.metadata.OrganizationName;
 import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.opensaml.xml.security.SecurityConfiguration;
 
 import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -115,7 +117,7 @@ public class PVPConfiguration {
 		 try {
 			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
 			props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-			
+						
 		} catch (ConfigurationException e) {
 			e.printStackTrace();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 21c0d85a1..229158778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
 
 import java.util.ArrayList;
 import java.util.List;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -45,7 +44,6 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.security.MetadataCredentialResolver;
 import org.opensaml.security.MetadataCriteria;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.encryption.EncryptionException;
 import org.opensaml.xml.encryption.EncryptionParameters;
 import org.opensaml.xml.encryption.KeyEncryptionParameters;
@@ -57,6 +55,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
 import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
 import org.opensaml.xml.security.x509.X509Credential;
 
+
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -125,12 +124,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		AssertionConsumerService consumerService = spSSODescriptor
 				.getAssertionConsumerServices().get(idx);
 
-		if (consumerService == null) {
-			//TODO: maybe use default ConsumerService
-			
+		if (consumerService == null) {			
 			throw new InvalidAssertionConsumerServiceException(idx);
 			
 		}
+		
 		String oaURL = consumerService.getLocation();
 
 		//check, if metadata includes an encryption key				
@@ -158,19 +156,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			try {
 				
 				EncryptionParameters dataEncParams = new EncryptionParameters();
-				dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
-			
+				dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+								
 				List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
 				KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
 			
 				keyEncParam.setEncryptionCredential(encryptionCredentials);
-				keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+				keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
 				KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
 						.getKeyInfoGeneratorManager().getDefaultManager()
 						.getFactory(encryptionCredentials);
 				keyEncParam.setKeyInfoGenerator(kigf.newInstance());
 				keyEncParamList.add(keyEncParam);
-			
+											
 				Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
 				//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
 				samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
@@ -178,7 +176,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 				EncryptedAssertion encryptAssertion = null;
 				
 				encryptAssertion = samlEncrypter.encrypt(assertion);
-
+				
 				authResponse.getEncryptedAssertions().add(encryptAssertion);
 				
 				} catch (EncryptionException e1) {
@@ -191,10 +189,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 				authResponse.getAssertions().add(assertion);
 				
 			}
-			
-
-
-		
+					
 		IEncoder binding = null;
 
 		if (consumerService.getBinding().equals(
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
index 48718242b..e993c0e46 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
@@ -143,12 +143,13 @@ public class SAMLEngine {
 
 	LOG.info("SAMLEngine: Initialize OpenSAML");
 
-	try {
-	    DefaultBootstrap.bootstrap();
-	} catch (ConfigurationException e) {
-	    LOG.error("Problem initializing the OpenSAML library.");
-	    throw new STORKSAMLEngineRuntimeException(e);
-	}
+	//TLenz: MOA-ID uses an own Bootstrap
+//	try {
+//	    DefaultBootstrap.bootstrap();
+//	} catch (ConfigurationException e) {
+//	    LOG.error("Problem initializing the OpenSAML library.");
+//	    throw new STORKSAMLEngineRuntimeException(e);
+//	}
 
 	LOG.debug("Read all file configurations. (instances of SAMLEngine)");
 	try {
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-07 12:46:53 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-07 12:46:53 +0100
commit	42e2547a52439611b52e6a42c6e1098acff997c6 (patch)
tree	e3a39bd2594a0298bb2aa32b3c99561ee9e7def0
parent	1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 (diff)
download	moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.tar.gz moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.tar.bz2 moa-id-spss-42e2547a52439611b52e6a42c6e1098acff997c6.zip