diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 13:55:39 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 13:55:39 +0200 |
| commit | 3b26a365d832d4b0664777d2c348606247022564 (patch) | |
| tree | ce9d87c9144d75afad3be5fe4af503f7c4d78b4f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols | |
| parent | 2a073c6727d704271e17d9b682be28410f23aae7 (diff) | |
| download | moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.gz moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.bz2 moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.zip | |
some more stuff
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
41 files changed, 1077 insertions, 765 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java deleted file mode 100644 index 9262e97c2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java +++ /dev/null @@ -1,71 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - -public class BPKAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return BPK_NAME; - } - - public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeBuilderException { - String bpk = authData.getBPK(); - String type = authData.getBPKType(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java deleted file mode 100644 index 783e044f8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ /dev/null @@ -1,55 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.util.MiscUtil; - -public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return EID_SECTOR_FOR_IDENTIFIER_NAME; - } - - public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeBuilderException { - String bpktype = authData.getBPKType(); - - if (MiscUtil.isEmpty(authData.getBPKType())) - throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME); - - return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java index 2f18c78e2..7c2207d1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; public class EIDSignerCertificate implements IPVPAttributeBuilder { @@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder { IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - byte[] signerCertificate = authData.getSignerCertificate(); - if (signerCertificate != null) { - return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, + if (authData instanceof IMOAAuthData) { + byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate(); + if (signerCertificate != null) { + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils.encodeToString(signerCertificate)); - } + } + } else + Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); }catch (Exception e) { Logger.info("Signer certificate BASE64 encoding error"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index e91bc90d6..090cf6b21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { @@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.getEncbPKList() != null && - authData.getEncbPKList().size() > 0) { - String value = authData.getEncbPKList().get(0); - for (int i=1; i<authData.getEncbPKList().size(); i++) - value += ";"+authData.getEncbPKList().get(i); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).getEncbPKList() != null && + ((IMOAAuthData)authData).getEncbPKList().size() > 0) { + String value = ((IMOAAuthData)authData).getEncbPKList().get(0); + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) + value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); - return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, + value); - } + } + + } else + Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java index e1e7440e6..c65199dd6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java @@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder { try { byte[] certEncoded = authData.getGenericData( - MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, + EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, byte[].class); if (certEncoded != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index 007f7403a..171dfe2d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - //only provide full mandate if it is included. - //In case of federation only a short mandate could be include - if (authData.getMandate() != null) { - String fullMandate; - try { - fullMandate = DOMUtils.serializeNode(authData - .getMandate()); - return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, - MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes())); - } catch (TransformerException e) { - Logger.error("Failed to generate Full Mandate", e); - } catch (IOException e) { - Logger.error("Failed to generate Full Mandate", e); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //only provide full mandate if it is included. + //In case of federation only a short mandate could be include + if (((IMOAAuthData)authData).getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData) + .getMandate()); + return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes())); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } } + throw new NoMandateDataAttributeException(); + } - throw new NoMandateDataAttributeException(); - } + } else + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index e41a5ccf1..26ea1823e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - - //get PVP attribute directly, if exists - String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(fullName)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + + //get PVP attribute directly, if exists + String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class); + + if (MiscUtil.isEmpty(fullName)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.info("No corporation mandate"); + throw new NoMandateDataAttributeException(); + + } + fullName = corporation.getFullName(); } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.info("No corporation mandate"); - throw new NoMandateDataAttributeException(); - - } - fullName = corporation.getFullName(); + return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, + fullName); + } - return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, - fullName); - } + } else + Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index e20cf6684..cad8416b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if(authData.isUseMandate()) { - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData)); + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData))); - } + } + } else + Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context"); return null; @@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu } - protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException { + protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException { //get PVP attribute directly, if exists String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 098ecf68f..5fa0a5c48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + if (MiscUtil.isEmpty(sourcePinType)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); - if (MiscUtil.isEmpty(sourcePinType)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.info("No corporate mandate"); - throw new NoMandateDataAttributeException(); - - } - if (corporation.getIdentification().size() == 0) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.info("No corporate mandate"); + throw new NoMandateDataAttributeException(); + + } + if (corporation.getIdentification().size() == 0) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + sourcePinType = corporation.getIdentification().get(0).getType(); } - sourcePinType = corporation.getIdentification().get(0).getType(); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + sourcePinType); } - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - sourcePinType); - } + } else + Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index ebec019ae..9160ef453 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException { //get PVP attribute directly, if exists Pair<String, String> calcResult = null; - - if (authData.isUseMandate()) { - String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - - if (MiscUtil.isEmpty(bpk)) { - //read bPK from mandate if it is not directly included - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - if (id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); - + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - } else { - Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); - calcResult = Pair.newInstance(bpk, null); + if (MiscUtil.isEmpty(bpk)) { + //read bPK from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + if (id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) + calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), + oaParam.getAreaSpecificTargetIdentifier()); + else + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + } else { + Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); + calcResult = Pair.newInstance(bpk, null); + + } } - } + + } else + Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context"); return calcResult; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index 0b8263ffb..e91087484 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException { - if (authData.isUseMandate()) { + if (((IMOAAuthData)authData).isUseMandate()) { //get PVP attribute directly, if exists String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class); if (MiscUtil.isEmpty(birthDayString)) { - //read bPK from mandate if it is not directly included - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } + if (authData instanceof IMOAAuthData) { + //read bPK from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.info("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } - String dateOfBirth = physicalPerson.getDateOfBirth(); - try { - DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); - mandateFormat.setLenient(false); - Date date = mandateFormat.parse(dateOfBirth); - DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); - birthDayString = pvpDateFormat.format(date); + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + mandateFormat.setLenient(false); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + birthDayString = pvpDateFormat.format(date); - } - catch (ParseException e) { - Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e); - throw new InvalidDateFormatAttributeException(); + } + catch (ParseException e) { + Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e); + throw new InvalidDateFormatAttributeException(); - } + } + } else + Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context"); } else { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 38a520298..9261ba063 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if(authData.isUseMandate()) { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //get PVP attribute directly, if exists - String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(familyName)) { - //read mandator familyName from mandate if it is not directly included - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if(physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - - StringBuilder sb = new StringBuilder(); - Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + //get PVP attribute directly, if exists + String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); - while(fNamesit.hasNext()) - sb.append(" " + fNamesit.next().getValue()); - - familyName = sb.toString(); + if (MiscUtil.isEmpty(familyName)) { + //read mandator familyName from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) + sb.append(" " + fNamesit.next().getValue()); + + familyName = sb.toString(); + + } + return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName); } - return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName); - } + } else + Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index be8e761e0..fe952253d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(givenName)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); - StringBuilder sb = new StringBuilder(); - Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); - - while (gNamesit.hasNext()) - sb.append(" " + gNamesit.next()); - - givenName = sb.toString(); + if (MiscUtil.isEmpty(givenName)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while (gNamesit.hasNext()) + sb.append(" " + gNamesit.next()); + + givenName = sb.toString(); + + } + return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName); } - return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName); - } + } else + Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 2890b72d9..3c0a2cc94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - - if(authData.isBaseIDTransferRestrication()) { - throw new AttributePolicyException(this.getName()); - } - - if(id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + + if(authData.isBaseIDTransferRestrication()) { + throw new AttributePolicyException(this.getName()); + } + + if(id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } - return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); - } + } else + Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 6b3ed6768..0d9009778 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - if(id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - - return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); - } + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + if(id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + + } else + Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index d8804d395..3cd9ef3e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { @@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if(authData.isUseMandate()) { - String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); - - if (MiscUtil.isEmpty(profRepName)) { - IMISMandate misMandate = authData.getMISMandate(); - - if(misMandate == null) { - throw new NoMandateDataAttributeException(); - } - - profRepName = misMandate.getTextualDescriptionOfOID(); + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); - //only read textual prof. rep. OID describtion from mandate annotation - // if also OID exists - if (MiscUtil.isEmpty(profRepName) - && MiscUtil.isNotEmpty(misMandate.getProfRep())) { - Element mandate = authData.getMandate(); - if (mandate == null) { + if (MiscUtil.isEmpty(profRepName)) { + IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate(); + + if(misMandate == null) { throw new NoMandateDataAttributeException(); } - Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate()); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - - profRepName = mandateObject.getAnnotation(); + profRepName = misMandate.getTextualDescriptionOfOID(); + + //only read textual prof. rep. OID describtion from mandate annotation + // if also OID exists + if (MiscUtil.isEmpty(profRepName) + && MiscUtil.isNotEmpty(misMandate.getProfRep())) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate()); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + + profRepName = mandateObject.getAnnotation(); + + } } + + if(MiscUtil.isNotEmpty(profRepName)) + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, profRepName); + } - if(MiscUtil.isNotEmpty(profRepName)) - return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, profRepName); - - } + } else + Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 555f92fe0..6cdf64dc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { @@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); - - if (MiscUtil.isEmpty(profRepOID)) { - IMISMandate mandate = authData.getMISMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); + + if (MiscUtil.isEmpty(profRepOID)) { + IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + + profRepOID = mandate.getProfRep(); + } - - profRepOID = mandate.getProfRep(); + + if(MiscUtil.isEmpty(profRepOID)) + return null; + else + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID); } - - if(MiscUtil.isEmpty(profRepOID)) - return null; - else - return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID); - } + } else + Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java index 45cce5852..f609117a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { @@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + + return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, + ((IMOAAuthData)authData).getMandateReferenceValue()); + } + + } else + Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context"); - return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, - authData.getMandateReferenceValue()); - } return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java index 3bc7d5a2d..5471c5a13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java @@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { @@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class); - - if (MiscUtil.isEmpty(mandateType)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class); + + if (MiscUtil.isEmpty(mandateType)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + mandateType = mandateObject.getAnnotation(); } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - mandateType = mandateObject.getAnnotation(); - + return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType); } - - return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType); - } + + } else + Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java index d5c89fc97..88f5bc2f7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); - - if (MiscUtil.isEmpty(mandateType)) { - Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); - return null; + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); + if (MiscUtil.isEmpty(mandateType)) { + Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); + return null; + + } + + return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); } - - return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); - } + + } else + Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index cc48873af..c17f1a4dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger; public class AttributQueryAction implements IAction { @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; - @Autowired private AuthenticationDataBuilder authDataBuilder; + @Autowired private IAuthenticationDataBuilder authDataBuilder; @Autowired private IDPCredentialProvider pvpCredentials; @Autowired private AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; @Autowired(required=true) ApplicationContext springContext; + @Autowired private AttributQueryBuilder attributQueryBuilder; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction { try { //get Single Sign-On information for the Service-Provider // which sends the Attribute-Query request - AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier()); if (moaSession == null) { - Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND."); - throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()}); + Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND."); + throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()}); } InterfederationSessionStore nextIDPInformation = - authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID()); + authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID()); AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest(); @@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction { throw new MOAIDException("pvp2.01", null, e); } catch (MOADatabaseException e) { - Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() + Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier() + " is not found in Database", e); - throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() }); + throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() }); } @@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction { ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) { - authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule()); } //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration @@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction { + " for authentication information."); //load configuration of next IDP - IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); - if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) { + IOAAuthParameters idpLoaded = + authConfig.getServiceProviderConfiguration( + nextIDPInformation.getIdpurlprefix(), + OAAuthParameterDecorator.class); + if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) { Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() + "is not loadable."); throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()}); } - OAAuthParameter idp = (OAAuthParameter) idpLoaded; + IOAAuthParameters idp = idpLoaded; //check if next IDP config allows inbound messages if (!idp.isInboundSSOInterfederationAllowed()) { @@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction { } //check next IDP service area policy. BusinessService IDPs can only request wbPKs - if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) { + if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) { Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() + " is a BusinessService-IDP but requests PublicService attributes."); throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()}); @@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction { * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module * but used in moa-id-lib. This should be refactored!!! */ - AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, + AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes, nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata"); //mark attribute request as used @@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction { } else { Logger.debug("Build authData for AttributQuery from local MOASession."); - IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig); + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq); //add default attributes in case of mandates or STORK is in use List<String> attrList = addDefaultAttributes(reqAttributes, authData); @@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction { //build Set of response attributes List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList); - return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel()); + return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel()); } } catch (MOAIDException e) { throw e; + + } catch (EAAFAuthenticationException e) { + throw new MOAIDException(e.getErrorId(), e.getParams(), e); + + } catch (EAAFConfigurationException e) { + throw new MOAIDException(e.getErrorId(), e.getParams(), e); + } } @@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction { } //add default mandate attributes if it is a authentication with mandates - if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) { + if (authData instanceof IMOAAuthData) + if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) { for (String el : DEFAULTMANDATEATTRIBUTES) { if (!reqAttributeNames.contains(el)) reqAttributeNames.add(el); @@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction { return reqAttributeNames; } + /** + * Get PVP authentication attributes by using a SAML2 AttributeQuery + * + * @param reqQueryAttr List of PVP attributes which are requested + * @param userNameID SAML2 UserNameID of the user for which attributes are requested + * @param idpConfig Configuration of the IDP, which is requested + * @return + * @return PVP attribute DAO, which contains all received information + * @throws MOAIDException + */ + public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr, + String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{ + String idpEnityID = idpConfig.getPublicURLPrefix(); + + try { + Logger.debug("Starting AttributeQuery process ..."); + //collect attributes by using BackChannel communication + String endpoint = idpConfig.getIDPAttributQueryServiceURL(); + if (MiscUtil.isEmpty(endpoint)) { + Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID); + throw new ConfigurationException("config.26", new Object[]{idpEnityID}); + + } + + //build attributQuery request + AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr); + + //build SOAP request + List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); + + if (xmlObjects.size() == 0) { + Logger.error("Receive emptry AttributeQuery response-body."); + throw new AttributQueryException("auth.27", + new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."}); + + } + + Response intfResp; + if (xmlObjects.get(0) instanceof Response) { + intfResp = (Response) xmlObjects.get(0); + + //validate PVP 2.1 response + try { + samlVerificationEngine.verifyIDPResponse(intfResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + + //create assertion attribute extractor from AttributeQuery response + return new AssertionAttributeExtractor(intfResp); + + } catch (Exception e) { + Logger.warn("PVP 2.1 assertion validation FAILED.", e); + throw new AssertionValidationExeption("auth.27", + new Object[]{idpEnityID, e.getMessage()}, e); + } + + } else { + Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); + throw new AttributQueryException("auth.27", + new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"}); + + } + + } catch (SOAPException e) { + throw new BuildException("builder.06", null, e); + + } catch (SecurityException e) { + throw new BuildException("builder.06", null, e); + + } + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index a8adc9ca0..43c860488 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger; @Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { - @Autowired IDPCredentialProvider pvpCredentials; + @Autowired IDPCredentialProvider pvpCredentials; @Autowired AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; @Autowired(required=true) ApplicationContext springContext; @@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction { //set protocol type sloInformation.setProtocolType(req.requestedModule()); - sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix()); + sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier()); return sloInformation; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index baaf8b681..76956b5a8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -30,10 +30,10 @@ import org.springframework.stereotype.Service; import com.google.common.net.MediaType; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -48,7 +48,7 @@ public class MetadataAction implements IAction { - @Autowired private IRevisionLogger revisionsLogger; + @Autowired private IRevisionLogger revisionsLogger; @Autowired private IDPCredentialProvider credentialProvider; @Autowired private PVPMetadataBuilder metadatabuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 038e384f3..591aaa7cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import java.net.MalformedURLException; +import java.net.URL; import java.util.Arrays; import java.util.List; @@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; @@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; @@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; - + @Controller public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo { @@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement public PVP2XProtocol() { super(); - } + } //PVP2.x metadata end-point @RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET}) - public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { - Logger.info("PVP2.1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { +// if (!authConfig.getAllowedProtocols().isPVP21Active()) { +// Logger.info("PVP2.1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!"); +// +// } + //create pendingRequest object PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); pendingReq.initialize(req); @@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { - Logger.info("PVP2.1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { +// if (!authConfig.getAllowedProtocols().isPVP21Active()) { +// Logger.info("PVP2.1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!"); +// +// } PVPTargetConfiguration pendingReq = null; @@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage()); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); @@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage()); } catch (MOAIDException e) { @@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement //PVP2.x IDP Redirect-Binding end-point @RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET}) - public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!"); } PVPTargetConfiguration pendingReq = null; @@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage()); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); @@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage()); } catch (MOAIDException e) { String samlRequest = req.getParameter("SAMLRequest"); @@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement //PVP2.x IDP SOAP-Binding end-point @RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST}) - public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { - Logger.info("PVP2.1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { +// if (!authConfig.getAllowedProtocols().isPVP21Active()) { +// Logger.info("PVP2.1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!"); +// +// } PVPTargetConfiguration pendingReq = null; try { @@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage()); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); @@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (pendingReq != null) revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage()); } catch (MOAIDException e) { //write revision log entries @@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement InboundMessage msg = pendingReq.getRequest(); if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty"); } @@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement throw new MOAIDException("Unsupported PVP21 message", new Object[] {}); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); //switch to session authentication performAuthentication(request, response, pendingReq); @@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); String moaError = null; if(e instanceof NoPassivAuthenticationException) { @@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if(statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); } - moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId()); } else { statusCode.setValue(StatusCode.RESPONDER_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } @@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement * @param response * @param msg * @return + * @throws EAAFException * @throws MOAIDException */ private void preProcessLogOut(HttpServletRequest request, - HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException { + HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException { InboundMessage inMsg = pendingReq.getRequest(); MOARequest msg; @@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); + ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - pendingReq.setOAURL(oaURL); + pendingReq.setSPEntityId(oaURL); pendingReq.setOnlineApplicationConfiguration(oa); pendingReq.setBinding(msg.getRequestBinding()); @@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); - List<String> allowedPublicURLPrefix = - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - boolean isAllowedDestination = false; +// List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes(); +// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - for (String prefix : allowedPublicURLPrefix) { - if (resp.getDestination().startsWith( - prefix)) { - isAllowedDestination = true; - break; - } + boolean isAllowedDestination = false; + try { + isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination()))); + + } catch (MalformedURLException e) { + Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage()); + } + +// for (String prefix : allowedPublicURLPrefix) { +// if (resp.getDestination().startsWith( +// prefix)) { +// isAllowedDestination = true; +// break; +// } +// } if (!isAllowedDestination) { Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); @@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement } else - throw new MOAIDException("Unsupported request", new Object[] {}); + throw new EAAFException("Unsupported request"); pendingReq.setRequest(inMsg); @@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement } - //check if Issuer is an interfederation IDP - // check parameter - if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID())) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID()); + //check if Issuer is an interfederation IDP + IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement //set preProcessed information into pending-request pendingReq.setRequest(moaRequest); - pendingReq.setOAURL(moaRequest.getEntityID()); + pendingReq.setSPEntityId(moaRequest.getEntityID()); pendingReq.setOnlineApplicationConfiguration(oa); pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); @@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement pendingReq.setAction(AttributQueryAction.class.getName()); //add moasession - pendingReq.setInternalSSOSessionIdentifier(session.getSessionID()); + pendingReq.setSSOSessionIdentifier(session.getSSOSessionID()); //write revisionslog entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); @@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement if (authnRequest.getIssueInstant() == null) { Logger.warn("Unsupported request: No IssueInstant Attribute found."); - throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, + "Unsupported request: No IssueInstant Attribute found", pendingReq); } if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); - throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}, + "Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq); } @@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; AuthnRequestValidator.validate(authReq); - String useMandate = request.getParameter(PARAM_USEMANDATE); - if(useMandate != null) { - if(useMandate.equals("true") && attributeConsumer != null) { - if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { - throw new MandateAttributesNotHandleAbleException(); - } - } - } +// String useMandate = request.getParameter(PARAM_USEMANDATE); +// if(useMandate != null) { +// if(useMandate.equals("true") && attributeConsumer != null) { +// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { +// throw new MandateAttributesNotHandleAbleException(); +// } +// } +// } String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); + ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); - pendingReq.setOAURL(oaURL); + pendingReq.setSPEntityId(oaURL); pendingReq.setOnlineApplicationConfiguration(oa); pendingReq.setBinding(consumerService.getBinding()); pendingReq.setRequest(moaRequest); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index 46e5b83f6..67cbafe90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; @Service("PVPAssertionStorage") @@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap { relyingPartyId, issuerId, samlMessage); - - try { + + try { transactionStorage.put(artifact, assertion, -1); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { // TODO Insert Error Handling, if Assertion could not be stored throw new MarshallingException("Assertion are not stored in Database.",e); } @@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap { try { return transactionStorage.get(artifact, SAMLArtifactMapEntry.class); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { // TODO Insert Error Handling, if Assertion could not be read e.printStackTrace(); return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 060a5fcc2..95a2d8715 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -22,31 +22,24 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import javax.servlet.http.HttpServletRequest; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.impl.AuthnRequestImpl; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.logging.Logger; @Component("PVPTargetConfiguration") @Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class PVPTargetConfiguration extends RequestImpl { + @Autowired(required=true) IConfiguration authConfig; + public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse"; public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID"; public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel"; @@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl { private static final long serialVersionUID = 4889919265919638188L; + + InboundMessage request; String binding; String consumerURL; + public void initialize(HttpServletRequest req) throws EAAFException { + super.initialize(req, authConfig); + + } + public InboundMessage getRequest() { return request; } @@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - try { - SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS); - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - - Integer aIdx = null; - if (getRequest() instanceof MOARequest && - ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { - AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); - aIdx = authnRequest.getAttributeConsumingServiceIndex(); - - } else { - Logger.error("MOARequest is NOT of type AuthnRequest"); - } - - int idx = 0; - - AttributeConsumingService attributeConsumingService = null; - - if (aIdx != null) { - idx = aIdx.intValue(); - attributeConsumingService = spSSODescriptor - .getAttributeConsumingServices().get(idx); - - } else { - List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); - for (AttributeConsumingService el : attrConsumingServiceList) { - if (el.isDefault()) - attributeConsumingService = el; - } - } - - for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) - reqAttr.put(attr.getName(), ""); - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - - } catch (NoMetadataInformationException e) { - Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); - return null; - - } - - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// +// Map<String, String> reqAttr = new HashMap<String, String>(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// try { +// SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS); +// if (spSSODescriptor.getAttributeConsumingServices() != null && +// spSSODescriptor.getAttributeConsumingServices().size() > 0) { +// +// Integer aIdx = null; +// if (getRequest() instanceof MOARequest && +// ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { +// AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); +// aIdx = authnRequest.getAttributeConsumingServiceIndex(); +// +// } else { +// Logger.error("MOARequest is NOT of type AuthnRequest"); +// } +// +// int idx = 0; +// +// AttributeConsumingService attributeConsumingService = null; +// +// if (aIdx != null) { +// idx = aIdx.intValue(); +// attributeConsumingService = spSSODescriptor +// .getAttributeConsumingServices().get(idx); +// +// } else { +// List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); +// for (AttributeConsumingService el : attrConsumingServiceList) { +// if (el.isDefault()) +// attributeConsumingService = el; +// } +// } +// +// for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) +// reqAttr.put(attr.getName(), ""); +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// +// } catch (NoMetadataInformationException e) { +// Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); +// return null; +// +// } +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 2d8d0f66f..6b945d692 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder; public class SingleLogOutAction implements IAction { @Autowired private SSOManager ssomanager; - @Autowired private AuthenticationManager authManager; + @Autowired private IAuthenticationManager authManager; @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; @Autowired private SingleLogOutBuilder sloBuilder; @@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction { @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - IAuthData authData) throws MOAIDException { + IAuthData authData) throws EAAFException { PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req; @@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction { MOARequest samlReq = (MOARequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - IAuthenticationSession session = - authenticationSessionStorage.searchMOASessionWithNameIDandOAID( + String ssoSessionId = + authenticationSessionStorage.searchSSOSessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); - if (session == null) { + if (MiscUtil.isEmpty(ssoSessionId)) { Logger.warn("Can not find active SSO session with nameID " + logOutReq.getNameID().getValue() + " and OA " + logOutReq.getIssuer().getValue()); @@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction { } else { try { - session = ssomanager.getInternalMOASession(ssoID); + ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID); - if (session == null) - throw new MOADatabaseException(); + if (MiscUtil.isEmpty(ssoSessionId)) + throw new MOADatabaseException(""); } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction { } } - authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq); - + pvpReq.setSSOSessionIdentifier(ssoSessionId); + ISLOInformationContainer sloInformationContainer + = authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId); + + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null); + } else if (pvpReq.getRequest() instanceof MOAResponse && ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) { Logger.debug("Process Single LogOut response"); @@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction { // AssertionStore element = (AssertionStore) result.get(0); // Object data = SerializationUtils.deserialize(element.getAssertion()); Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId()); - Object o = transactionStorage.getAssertionStore(relayState); + Object o = transactionStorage.getRaw(relayState); if(o==null){ Logger.trace("No entries found."); throw new MOADatabaseException("No sessioninformation found with this ID"); @@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction { // session.saveOrUpdate(element); // tx.commit(); Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId()); - transactionStorage.putAssertionStore(element); + transactionStorage.putRaw(element.getArtifact(), element); //sloContainer could be stored to database storageSuccess = true; - } catch(MOADatabaseException e) { + } catch(EAAFException e) { //tx.rollback(); counter++; @@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction { storageSuccess = true; String redirectURL = null; - if (sloContainer.getSloRequest() != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState()); + IRequest sloReq = sloContainer.getSloRequest(); + if (sloReq != null && sloReq instanceof PVPTargetConfiguration) { + //send SLO response to SLO request issuer + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState()); } else { //print SLO information directly @@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction { } } } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("MOA AssertionDatabase ERROR", e); throw new SLOException("pvp2.19", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index c662a0af5..f3af12a2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Document; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 6beaee92b..07da57d2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -32,15 +32,15 @@ import java.util.ServiceLoader; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; @@ -97,13 +97,13 @@ public class PVPAttributeBuilder { } - public static Attribute buildAttribute(String name, IOAAuthParameters oaParam, - IAuthData authData) throws PVP2Exception, AttributeException { + public static Attribute buildAttribute(String name, ISPConfiguration oaParam, + IAuthData authData) throws PVP2Exception, AttributeBuilderException { if (builders.containsKey(name)) { try { return builders.get(name).build(oaParam, authData, generator); } - catch (AttributeException e) { + catch (AttributeBuilderException e) { if (e instanceof UnavailableAttributeException) { throw e; } else if (e instanceof InvalidDateFormatAttributeException) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index be8c2abdf..a55e873b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder { // use POST binding as default if it exists if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - endpoint = sss; + endpoint = sss; } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && endpoint == null ) @@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder { //encode message binding.encodeRequest(null, httpResp, authReq, - endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq); + endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index d11d57ab8..a1d7f5d3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -23,8 +23,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; +import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; @@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import org.w3c.dom.Document; -import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -98,6 +119,181 @@ public class SingleLogOutBuilder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private IGUIFormBuilder guiBuilder; + @Autowired(required=true) protected IRevisionLogger revisionsLogger; + @Autowired private ITransactionStorage transactionStorage; + + public static final int SLOTIMEOUT = 30 * 1000; //30 sec + + public void toTechnicalLogout(ISLOInformationContainer sloContainer, + HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException { + Logger.trace("Starting Service-Provider logout process ... "); + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); + + //start service provider back channel logout process + Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); + while (nextOAInterator.hasNext()) { + SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); + LogoutRequest sloReq = buildSLORequestMessage(sloDescr); + + try { + Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID()); + List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); + + LogoutResponse sloResp = null; + for (XMLObject el : soapResp) { + if (el instanceof LogoutResponse) + sloResp = (LogoutResponse) el; + } + + if (sloResp == null) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED. NO LogOut response received."); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } else { + samlVerificationEngine.verifySLOResponse(sloResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + + } + + checkStatusCode(sloContainer, sloResp); + + } catch (SOAPException e) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED.", e); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } catch (SecurityException | InvalidProtocolRequestException e) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED.", e); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } + } + + IRequest pendingReq = null; + PVPTargetConfiguration pvpReq = null; + //start service provider front channel logout process + try { + if (sloContainer.hasFrontChannelOA()) { + String relayState = Random.nextRandom(); + + Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); + List<String> sloReqList = new ArrayList<String>(); + for (Entry<String, SLOInformationInterface> el : sloDescr) { + Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID()); + + LogoutRequest sloReq = buildSLORequestMessage(el.getValue()); + try { + sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), + sloReq, httpReq, httpResp, relayState)); + + } catch (Exception e) { + Logger.warn("Failed to build SLO request for OA:" + el.getKey()); + sloContainer.putFailedOA(el.getKey()); + + } + } + + //put SLO process-information into transaction storage + transactionStorage.put(relayState, sloContainer, -1); + + if (MiscUtil.isEmpty(authUrl)) + authUrl = sloContainer.getSloRequest().getAuthURL(); + + String timeOutURL = authUrl + + "/idpSingleLogout" + + "?restart=" + relayState; + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); + config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); + config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); + + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + + } else { + pendingReq = sloContainer.getSloRequest(); + if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) { + //send SLO response to SLO request issuer + pvpReq = (PVPTargetConfiguration)pendingReq; + SingleLogoutService sloService = getResponseSLODescriptor(pvpReq); + LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq); + + } else { + //print SLO information directly + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + if (sloContainer.getSloFailedOAs() == null || + sloContainer.getSloFailedOAs().size() == 0) { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); + config.putCustomParameter("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); + + } else { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameterWithOutEscaption("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + } + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + } + + } + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + if (pvpReq != null) { + SingleLogoutService sloService = getResponseSLODescriptor(pvpReq); + LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq); + + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + + }else { + //print SLO information directly + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameterWithOutEscaption("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + try { + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + } catch (GUIBuildException e1) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + + } + + } + + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { @@ -221,7 +417,7 @@ public class SingleLogOutBuilder { } - public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException { + public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException { LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); SecureRandomIdentifierGenerator gen; @@ -237,17 +433,17 @@ public class SingleLogOutBuilder { DateTime now = new DateTime(); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL())); + issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL())); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); sloReq.setNotOnOrAfter(now.plusMinutes(5)); - sloReq.setDestination(sloInfo.getServiceURL()); + sloReq.setDestination(sloDescr.getServiceURL()); NameID nameID = SAML2Utils.createSAMLObject(NameID.class); - nameID.setFormat(sloInfo.getUserNameIDFormat()); - nameID.setValue(sloInfo.getUserNameIdentifier()); + nameID.setFormat(sloDescr.getUserNameIDFormat()); + nameID.setValue(sloDescr.getUserNameIdentifier()); sloReq.setNameID(nameID ); //sign message @@ -435,9 +631,9 @@ public class SingleLogOutBuilder { public void parseActiveOAs(SLOInformationContainer container, List<OASessionStore> dbOAs, String removeOAID) { if (container.getActiveBackChannelOAs() == null) - container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (container.getActiveFrontChannalOAs() == null) - container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (dbOAs != null) { @@ -491,9 +687,9 @@ public class SingleLogOutBuilder { public void parseActiveIDPs(SLOInformationContainer container, List<InterfederationSessionStore> dbIDPs, String removeIDP) { if (container.getActiveBackChannelOAs() == null) - container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (container.getActiveFrontChannalOAs() == null) - container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (dbIDPs != null) { for (InterfederationSessionStore el : dbIDPs) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 40c85945f..056e2bba0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; import at.gv.egovernment.moa.logging.Logger; @@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants { * @param issuerEntityID EnitiyID, which should be used for this IDP response * @param attrQuery AttributeQuery request from Service-Provider * @param attrList List of PVP response attributes - * @param now Current time + * @param now Current time * @param validTo ValidTo time of the assertion * @param qaaLevel QAA level of the authentication * @param sessionIndex SAML2 SessionIndex, which should be included * @@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } else { - boolean stork_qaa_1_4_found = false; + boolean eIDAS_qaa_found = false; List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext .getAuthnContextClassRefs(); - if (reqAuthnContextClassRefIt.size() == 0) { - - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_1_4); + if (reqAuthnContextClassRefIt.size() == 0) { + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH); } else { for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) { + Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... "); + qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim()); + + } + + if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) { if (authData.isForeigner()) { - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_PREFIX + oaParam.getQaaLevel()); + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence()); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } else { - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), qaa_uri.trim()); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } break; @@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants { } } - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } + if (!eIDAS_qaa_found) + throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH); + } @@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants { //build nameID and nameID Format from moasession //TODO: nameID generation - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData && + ((IMOAAuthData)authData).isUseMandate()) { String bpktype = null; String bpk = null; - Element mandate = authData.getMandate(); + Element mandate = ((IMOAAuthData)authData).getMandate(); if(mandate != null) { Logger.debug("Read mandator bPK|baseID from full-mandate ... "); Mandate mandateObject = MandateBuilder.buildMandate(mandate); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java index e462b277e..6ccacd6c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java @@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 64f5c7d73..81eca3765 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -157,7 +158,7 @@ public class PVPConfiguration { try { Logger.trace("Load metadata signing certificate for online application " + entityID); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID); if (oaParam == null) { Logger.info("Online Application with ID " + entityID + " not found!"); return null; @@ -186,6 +187,11 @@ public class PVPConfiguration { } catch (IOException e) { Logger.warn("Metadata signer certificate is not decodeable.", e); return null; + + } catch (EAAFConfigurationException e) { + Logger.error("Configuration is not accessable.", e); + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java index b1e7df014..c82e6bdf1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java @@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException { public NameIDFormatNotSupportedException(String nameIDFormat) { - super("pvp2.12", new Object[] {nameIDFormat}); + super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported"); statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 86284a2f4..7d43732a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.auth.IDestroyableObject; import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain; @@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider // private static MOAMetadataProvider instance = null; MetadataProvider internalProvider = null; - private Timer timer = null; + private Timer timer = null; private static Object mutex = new Object(); //private Map<String, Date> lastAccess = null; @@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider Logger.trace("Check consistence of PVP2X metadata"); addAndRemoveMetadataProvider(); - } catch (ConfigurationException e) { + } catch (ConfigurationException | EAAFConfigurationException e) { Logger.error("Access to MOA-ID configuration FAILED.", e); } @@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider //reload metadata provider - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(entityID); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID); if (oaParam != null) { String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); if (MiscUtil.isNotEmpty(metadataURL)) { @@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); if (MiscUtil.isNotEmpty(certBase64)) { byte[] cert = Base64Utils.decode(certBase64, false); - String oaFriendlyName = oaParam.getFriendlyName(); + String oaFriendlyName = oaParam.getUniqueIdentifier(); if (timer == null) timer = new Timer(true); @@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider } catch (ConfigurationException e) { Logger.warn("Refresh PVP2X metadata for onlineApplication: " + entityID + " FAILED.", e); + + } catch (EAAFConfigurationException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); } return false; @@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider } - private void addAndRemoveMetadataProvider() throws ConfigurationException { + private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException { if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { Logger.info("Reload MOAMetaDataProvider."); @@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(oaKeyPair.getValue()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider * This method is deprecated because OA metadata should be loaded dynamically * if the corresponding OA is requested. */ - private void loadAllPVPMetadataFromKonfiguration() { + private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException { ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); Logger.info("Loading metadata"); Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); @@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(oaKeyPair.getValue()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - String oaFriendlyName = oaParam.getFriendlyName(); + String oaFriendlyName = oaParam.getUniqueIdentifier(); MetadataProvider httpProvider = null; try { @@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider } - private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException { + private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException { PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); filterChain.getFilters().add( @@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, false))); - if (oaParam.isInderfederationIDP()) { + + + if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) { Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction())); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java index 6c2235654..c87b7515f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; import java.io.File; +import java.net.MalformedURLException; import java.util.Timer; import javax.net.ssl.SSLHandshakeException; @@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{ @Autowired + //protected IConfiguration authConfig; protected AuthConfiguration authConfig; /** @@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{ return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool); else { - String absoluteMetadataLocation = FileUtils.makeAbsoluteURL( - metadataLocation, - authConfig.getRootConfigFileDir()); - - if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) { - File metadataFile = new File(absoluteMetadataLocation); - if (metadataFile.exists()) - return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool); + String absoluteMetadataLocation; + try { + absoluteMetadataLocation = FileUtils.makeAbsoluteURL( + metadataLocation, + authConfig.getConfigurationRootDirectory().toURL().toString()); - else { - Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist"); - return null; - } + if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) { + File metadataFile = new File(absoluteMetadataLocation); + if (metadataFile.exists()) + return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool); + + else { + Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist"); + return null; + } + + } - } + + } catch (MalformedURLException e) { + Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e); + + } + } Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java index af9ba0180..dd94e0093 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java @@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider { * Get KeyStore * * @return URL to the keyStore + * @throws ConfigurationException */ - public abstract String getKeyStoreFilePath(); + public abstract String getKeyStoreFilePath() throws ConfigurationException; /** * Get keyStore password diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 381289824..ebaef348c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); + return FileUtils.makeAbsoluteURL( - props.getProperty(IDP_JAVAKEYSTORE), - authConfig.getRootConfigFileDir()); - + props.getProperty(IDP_JAVAKEYSTORE), + authConfig.getRootConfigFileDir()); } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 528d8cbb6..d89d04664 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; @@ -52,8 +53,8 @@ public class EntityVerifier { public static byte[] fetchSavedCredential(String entityID) { // List<OnlineApplication> oaList = ConfigurationDBRead // .getAllActiveOnlineApplications(); - try { - IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + try { + ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID); if (oa == null) { Logger.debug("No OnlineApplication with EntityID: " + entityID); @@ -67,7 +68,7 @@ public class EntityVerifier { } - } catch (ConfigurationException e) { + } catch (ConfigurationException | EAAFConfigurationException e) { Logger.error("Access MOA-ID configuration FAILED.", e); } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 870c70efe..50bc7fb68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -62,7 +62,7 @@ public class SAMLVerificationEngine { public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { try { - if (msg instanceof MOARequest && + if (msg instanceof MOARequest && ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); @@ -112,10 +112,10 @@ public class SAMLVerificationEngine { } catch (ValidationException e) { Logger.warn("Signature is not conform to SAML signature profile", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile"); } catch (SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme"); } @@ -126,11 +126,11 @@ public class SAMLVerificationEngine { try { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response"); } } catch (org.opensaml.xml.security.SecurityException e) { Logger.warn("PVP2x message signature validation FAILED.", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response"); } } @@ -142,10 +142,10 @@ public class SAMLVerificationEngine { } catch (ValidationException e) { Logger.warn("Signature is not conform to SAML signature profile", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request"); } catch (SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request"); } @@ -156,11 +156,11 @@ public class SAMLVerificationEngine { try { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request"); } } catch (org.opensaml.xml.security.SecurityException e) { Logger.warn("PVP2x message signature validation FAILED.", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request"); } } |