diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-05-10 15:50:52 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-05-10 15:50:52 +0200 |
| commit | aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1 (patch) | |
| tree | 0798f107e13d8a8546c1b15c6432e5360a656e92 /id/server/idserverlib/src/main/java/at/gv | |
| parent | 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (diff) | |
| parent | c3e07d7fb87b2d132ffc838e4878b9479da361a7 (diff) | |
| download | moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.gz moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.bz2 moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.zip | |
Update to MOA-SPSS 3.0.0-RC1
Merge branch 'moa-id-3.2_(OPB)' into moa-id_with_moa-sig_and_eccelerate
Conflicts:
id/moa-spss-container/pom.xml
pom.xml
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
184 files changed, 1475 insertions, 4102 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 054543c3e..9d26cc05f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -47,7 +47,12 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201; public static final int AUTHPROTOCOL_SAML1_AUTHNREQUEST = 3300; - + + public static final int AUTHPROCESS_IDP_SLO_REQUESTED = 4400; + public static final int AUTHPROCESS_SLO_STARTED = 4401; + public static final int AUTHPROCESS_SLO_ALL_VALID = 4402; + public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403; + //authentication process information public static final int AUTHPROCESS_START = 4000; public static final int AUTHPROCESS_FINISHED = 4001; @@ -78,9 +83,11 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; - public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; - public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; - public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402; + public static final int AUTHPROCESS_PEPS_SELECTED = 6100; + public static final int AUTHPROCESS_PEPS_REQUESTED = 6101; + public static final int AUTHPROCESS_PEPS_RECEIVED = 6102; + public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103; + public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 17e39f766..4a5cbd55f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -32,10 +32,10 @@ import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -49,6 +49,9 @@ public class MOAReversionLogger { @Autowired protected AuthConfiguration authConfig; + public static final String NAT_PERSON = "nat"; + public static final String JUR_PERSON = "jur"; + private static final List<Integer> defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, @@ -60,6 +63,11 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROTOCOL_TYPE, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, + MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, + MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, + MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_START, MOAIDEventConstants.AUTHPROCESS_FINISHED, MOAIDEventConstants.AUTHPROCESS_BKU_URL, @@ -67,10 +75,36 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, + + MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_SLO_STARTED, + MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID, + MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID, + + MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP, + + MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR, + MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED, + + MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, + MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, + + MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT, + MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_SSO, - MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, - MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, - MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER + MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START, + MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, + MOAIDEventConstants.AUTHPROCESS_SSO_INVALID + + ); public void logEvent(IOAAuthParameters oaConfig, @@ -159,7 +193,7 @@ public class MOAReversionLogger { if (jaxBMandate.getMandator().getCorporateBody() != null) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, - "jur"); + JUR_PERSON); try { String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); @@ -173,7 +207,7 @@ public class MOAReversionLogger { } else { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, - "nat"); + NAT_PERSON); logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, buildPersonInformationHash( jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), @@ -182,7 +216,7 @@ public class MOAReversionLogger { } } } - + /** * @param pendingReq * @param identityLink @@ -209,7 +243,7 @@ public class MOAReversionLogger { return OASpecificEventCodes; } - private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { + public String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { // {"hash":"hashvalue","salt":"testSalt"} // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 8efdf6014..0171f9d90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -41,19 +41,19 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java index 7f6f2c6b3..6d53fd510 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.advancedlogging; import java.util.Date; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.util.MiscUtil; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index a1ba00e02..e0552c337 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -4,15 +4,22 @@ package at.gv.egovernment.moa.id.auth; import java.util.Date; +import java.util.List; +import org.hibernate.HibernateException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Thread cleaning the <code>AuthenticationServer</code> session store @@ -53,11 +60,55 @@ public class AuthenticationSessionCleaner implements Runnable { authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); //clean TransactionStorage - transactionStorage.clean(now, authDataTimeOut); + List<String> entryKeysToClean = transactionStorage.clean(now, authDataTimeOut); + if (entryKeysToClean != null && entryKeysToClean.size() != 0) { + for(String entryKey : entryKeysToClean) { + try { + try { + Object entry = transactionStorage.get(entryKey); + //if entry is an exception --> log it because is could be unhandled + if (entry != null && entry instanceof ExceptionContainer) { + ExceptionContainer exContainer = (ExceptionContainer) entry; + + if (exContainer.getExceptionThrown() != null) { + //add session and transaction ID to log if exists + if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) + TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); + + if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) + TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + + //log exception to technical log + logExceptionToTechnicalLog(exContainer.getExceptionThrown()); + + //remove session and transaction ID from thread + TransactionIDUtils.removeSessionId(); + TransactionIDUtils.removeTransactionId(); + } + } + + } catch (Exception e) { + Logger.info("Transaction info is not loadable. " + + "Key:" + entryKey + + " ErrorMsg:" + e.getMessage()); + + } + + transactionStorage.remove(entryKey); + Logger.info("Remove stored information with ID: " + entryKey + + " after timeout."); + + } catch (HibernateException e){ + Logger.warn("Transaction information with ID=" + entryKey + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } } catch (Exception e) { - Logger.error("Session cleanUp FAILED!" , e); + Logger.error("Session/Transaction cleanUp FAILED!" , e); } @@ -72,6 +123,27 @@ public class AuthenticationSessionCleaner implements Runnable { } } + /** + * Write a Exception to the MOA-ID-Auth internal technical log + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(Throwable loggedException) { + if (!( loggedException instanceof MOAIDException + || loggedException instanceof ProcessExecutionException )) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.warn(loggedException.getMessage(), loggedException); + + } else { + Logger.info(loggedException.getMessage()); + + } + } + } + /** * start the sessionCleaner */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java index 1ce6fa1e9..20f2029cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java @@ -5,8 +5,9 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java deleted file mode 100644 index 27c87ccbf..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ /dev/null @@ -1,194 +0,0 @@ - - - -package at.gv.egovernment.moa.id.auth; - -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import iaik.asn1.ObjectID; - - -/** - * Constants used throughout moa-id-auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDAuthConstants extends MOAIDConstants{ - - /** servlet parameter "Target" */ - public static final String PARAM_TARGET = "Target"; - /** servlet parameter "useMandate" */ - public static final String PARAM_USEMANDATE = "useMandate"; - public static final String PARAM_USEMISMANDATE = "useMISMandate"; - public static final String PARAM_USEELGAMANDATE = "useELGAMandate"; - /** servlet parameter "OA" */ - public static final String PARAM_OA = "OA"; - /** servlet parameter "bkuURI" */ - public static final String PARAM_BKU = "bkuURI"; - public static final String PARAM_MODUL = "MODUL"; - public static final String PARAM_ACTION = "ACTION"; - public static final String PARAM_SSO = "SSO"; - public static final String INTERFEDERATION_IDP = "interIDP"; - public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; - - public static final String PARAM_SLOSTATUS = "status"; - public static final String PARAM_SLORESTART = "restart"; - public static final String SLOSTATUS_SUCCESS = "success"; - public static final String SLOSTATUS_ERROR = "error"; - - /** servlet parameter "sourceID" */ - public static final String PARAM_SOURCEID = "sourceID"; - /** servlet parameter "BKUSelectionTemplate" */ - public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; - /** servlet parameter "CCC (Citizen Country Code)" */ - public static final String PARAM_CCC = "CCC"; - /** servlet parameter "BKUSelectionTemplate" */ - public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; - /** default BKU URL */ - public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; - /** default BKU URL for https connections*/ - public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request"; - /** servlet parameter "returnURI" */ - public static final String PARAM_RETURN = "returnURI"; - /** servlet parameter "Template" */ - public static final String PARAM_TEMPLATE = "Template"; - /** servlet parameter "MOASessionID" */ - public static final String PARAM_SESSIONID = "MOASessionID"; - /** servlet parameter "XMLResponse" */ - public static final String PARAM_XMLRESPONSE = "XMLResponse"; - /** servlet parameter "SAMLArtifact" */ - public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ - public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ - public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */ - public static final String REQ_GET_FOREIGN_ID = "GetForeignID"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */ - public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */ - public static final String GET_MIS_SESSIONID = "GetMISSessionID"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ - public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; - /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ - public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; - /** Logging hierarchy used for controlling debug output of XML structures to files */ - public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_EXPIRES = "Expires"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_PRAGMA = "Pragma"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_PRAGMA = "no-cache"; - /** Header Name for controlling the caching mechanism of the browser */ - public static final String HEADER_CACHE_CONTROL = "Cache-control"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; - /** Header Value for controlling the caching mechanism of the browser */ - public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; - /** - * the identity link signer X509Subject names of those identity link signer certificates - * not including the identity link signer OID. The authorisation for signing the identity - * link must be checked by using their issuer names. After february 19th 2007 the OID of - * the certificate will be used fo checking the authorisation for signing identity links. - */ - public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = - new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", - "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - - /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ - public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; - /** - * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); - * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 - */ - public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); - - /** the number of the certifcate extension for party representatives */ - public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; - -// /** the number of the certifcate extension for party organ representatives */ -// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; - - /** OW */ - public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; - - /** List of OWs */ - public static final List<ObjectID> OW_LIST = Arrays.asList( - new ObjectID(OW_ORGANWALTER)); - - /**BKU type identifiers to use bkuURI from configuration*/ - public static final String REQ_BKU_TYPE_LOCAL = "local"; - public static final String REQ_BKU_TYPE_ONLINE = "online"; - public static final String REQ_BKU_TYPE_HANDY = "handy"; - public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); - - public static final List<String> LEGACYPARAMETERWHITELIST - = Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID); - - public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; - public final static String EXT_SAML_MANDATE_OID = "OID"; - public final static String EXT_SAML_MANDATE_RAW = "Mandate"; - public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; - public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; - public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; - public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - - public static final String PARAM_APPLET_HEIGTH = "heigth"; - public static final String PARAM_APPLET_WIDTH = "width"; - - public static final Map<String, String> COUNTRYCODE_XX_TO_NAME = - Collections.unmodifiableMap(new HashMap<String, String>() { - private static final long serialVersionUID = 1L; - { - put("AT", "Other Countries");//"Workaround for PEPS Simulator" - put("BE", "België/Belgique"); - //put("CH", "Schweiz"); - put("EE", "Eesti"); - put("ES", "España"); - put("FI", "Suomi"); - put("IS", "Ísland"); - put("IT", "Italia"); - put("LI", "Liechtenstein"); - put("LT", "Lithuania"); - put("LU", "Luxemburg"); - put("PT", "Portugal"); - put("SE", "Sverige"); - put("SI", "Slovenija"); - } - }); - - public static final String COUNTRYCODE_AUSTRIA = "AT"; - - public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; - - public static final String MDC_TRANSACTION_ID = "transactionId"; - public static final String MDC_SESSION_ID = "sessionId"; - - //AuthnRequest IssueInstant validation - public static final int TIME_JITTER = 5; //all 5 minutes time jitter - - public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication"; - public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; - public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection"; - public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; - - //General protocol-request data-store keys - public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; - public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName"; - public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; - - //General MOASession data-store keys - public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 4acce2813..90aa5d3ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -32,11 +32,11 @@ import javax.activation.MailcapCommandMap; import org.springframework.web.context.support.GenericWebApplicationContext; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; @@ -136,6 +136,7 @@ public class MOAIDAuthInitializer { new IaikConfigurator().configure(config); } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + Logger.error("MOA-SP initialization FAILED!", ex.getWrapped()); throw new ConfigurationException("config.10", new Object[] { ex .toString() }, ex); @@ -146,6 +147,11 @@ public class MOAIDAuthInitializer { //ECCProvider.addAsProvider(); Security.insertProviderAt(IAIK.getInstance(), 0); + + ECCelerate eccProvider = ECCelerate.getInstance(); + if (Security.getProvider(eccProvider.getName()) != null) + Security.removeProvider(eccProvider.getName()); + Security.addProvider(new ECCelerate()); if (Logger.isDebugEnabled()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 32fabc3f4..908c7e7b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -47,7 +47,6 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -55,21 +54,22 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -1110,7 +1110,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) { Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID, COUNTRYCODE_AUSTRIA, eIDASOutboundCountry); - Logger.trace("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); + Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); return eIDASID; } else if (oaParam.getBusinessService()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index e763c5355..73fe961eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -50,10 +50,10 @@ import java.text.MessageFormat; import java.util.Calendar; import java.util.List; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 9a2baf873..8334780ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -46,7 +46,7 @@ package at.gv.egovernment.moa.id.auth.builder; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; /** * Builds a DataURL parameter meant for the security layer implementation diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index 8c0de1121..f4f6e82ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -28,13 +28,13 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java deleted file mode 100644 index b95cbbc16..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.net.URI; - -import org.apache.commons.io.IOUtils; - -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.util.FormBuildUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class GUILayoutBuilder { - private static final String CSS_LAYOUTTEMPLATE = "css_template.css"; - private static final String JS_LAYOUTTEMPLATE = "javascript_tempalte.js"; - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - - private static String CONTEXTPATH = "#CONTEXTPATH#"; - private static String MOASESSIONID = "#SESSIONID#"; - private static String AUTH_URL = "#AUTH_URL#"; - private static String BKU_ONLINE = "#ONLINE#"; - private static String BKU_HANDY = "#HANDY#"; - private static String BKU_LOCAL = "#LOCAL#"; - - - public static String buildCSS(IRequest pendingReq, String authURL) { - return buildForm(pendingReq, authURL, CSS_LAYOUTTEMPLATE); - - } - - public static String buildJS(IRequest pendingReq, String authURL) { - return buildForm(pendingReq, authURL, JS_LAYOUTTEMPLATE); - - } - - - - private static String getTemplate(String templateName) { - String pathLocation; - InputStream input = null; - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + templateName; - - try { - File file = new File(new URI(pathLocation)); - input = new FileInputStream(file); - - } catch (FileNotFoundException e) { - Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - pathLocation = "resources/templates/" + templateName; - input = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - - } - - return getTemplate(input); - - } catch (Exception e) { - return null; - - } finally { - try { - if (input != null) - input.close(); - - } catch (IOException e) { - Logger.warn("SendAssertionTemplate inputstream can not be closed.", e); - - } - } - } - - private static String getTemplate(InputStream input) { - String template = null; - try { - - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - template = writer.toString(); - - } catch (Exception e) { - Logger.error("Failed to read template", e); - - } - return template; - } - - private static String buildForm(IRequest pendingReq, String authURL, String templateName) { - //load default GUI-Layout template template - String value = getTemplate(templateName); - - if (pendingReq != null) { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - if(value != null) { - //only for BKU-Selection step and JavaScript generation - value = value.replace(AUTH_URL, LoginFormBuilder.SERVLET); - - value = value.replace(CONTEXTPATH, pendingReq.getAuthURL()); - value = value.replace(MOASESSIONID, pendingReq.getRequestID()); - - value = value.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU); - value = value.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU); - value = value.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU); - - - value = FormBuildUtils.customiceLayoutBKUSelection(value, - oaParam.isShowMandateCheckBox(), - oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten(), - oaParam.isShowStorkLogin()); - } - - } else { - value = FormBuildUtils.defaultLayoutBKUSelection(value); - value = value.replace(CONTEXTPATH, authURL); - - } - - return value; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java deleted file mode 100644 index e1aa41ce2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ /dev/null @@ -1,171 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.net.URI; - -import org.apache.commons.io.IOUtils; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.util.FormBuildUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class LoginFormBuilder { - - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; - - private static String AUTH_URL = "#AUTH_URL#"; - private static String OANAME = "#OAName#"; - private static String BKU_ONLINE = "#ONLINE#"; - private static String BKU_HANDY = "#HANDY#"; - private static String BKU_LOCAL = "#LOCAL#"; - public static String CONTEXTPATH = "#CONTEXTPATH#"; - private static String MOASESSIONID = "#SESSIONID#"; - private static String PEPSLIST = "#PEPSLIST#"; - - public static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; - - private static String getTemplate() { - String pathLocation =""; - InputStream input = null; - - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; - File file = new File(new URI(pathLocation)); - input = new FileInputStream(file); - - } catch (ConfigurationException e) { - Logger.warn("MOA-ID configuration can not be loaded."); - - } catch (Exception e) { - - } - - return getTemplate(input); - - } - - public static String getTemplate(InputStream input) { - - String template = null; - - try { - if (input == null) { - - Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - - String pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; - input = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - - } - - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - template = writer.toString(); - template = template.replace(AUTH_URL, SERVLET); - template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU); - template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU); - template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU); - - } catch (Exception e) { - Logger.error("Failed to read template", e); - - } finally { - try { - input.close(); - - } catch (IOException e) { - Logger.warn("SendAssertionTemplate inputstream can not be closed.", e); - } - } - return template; - } - - public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) { - - String value = null; - - byte[] oatemplate = oaParam.getBKUSelectionTemplate(); - // OA specific template requires a size of 8 bits minimum - if (oatemplate != null && oatemplate.length > 7) { - InputStream is = new ByteArrayInputStream(oatemplate); - value = getTemplate(is); - - } else { - //load default BKU-selection template - value = getTemplate(); - - } - - if(value != null) { - value = value.replace(OANAME, oaParam.getFriendlyName()); - value = value.replace(CONTEXTPATH, contextpath); - value = value.replace(MOASESSIONID, moaSessionID); - - if (oaParam.isShowStorkLogin()) { - String pepslist = ""; - try { - for (CPEPS current : oaParam.getPepsList()) { - String countryName = null; - if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()))) - countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()); - else - countryName = current.getCountryCode().toUpperCase(); - - pepslist += "<option value=" + current.getCountryCode() + ">" - + countryName - + "</option>\n"; - - } - value = value.replace(PEPSLIST, pepslist); - - } catch (NullPointerException e) { - - } - } - - value = FormBuildUtils.customiceLayoutBKUSelection(value, - oaParam.isShowMandateCheckBox(), - oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten(), - oaParam.isShowStorkLogin()); - - } - return value; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java deleted file mode 100644 index 7121935b0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ /dev/null @@ -1,147 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.net.URI; - -import org.apache.commons.io.IOUtils; - -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.util.FormBuildUtils; -import at.gv.egovernment.moa.logging.Logger; - -public class SendAssertionFormBuilder { - - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; - - private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\""; - - private static String URL = "#URL#"; - private static String ID = "#ID#"; - private static String OANAME = "#OAName#"; - private static String CONTEXTPATH = "#CONTEXTPATH#"; - private static String BACKGROUNDCOLOR = "#BACKGROUNDCOLOR#"; - private static String COLOR = "#COLOR#"; - - private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; - - private static String getTemplate() { - String pathLocation; - InputStream input = null; - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; - - try { - File file = new File(new URI(pathLocation)); - input = new FileInputStream(file); - - } catch (FileNotFoundException e) { - Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; - input = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - - } - - return getTemplate(input); - - } catch (Exception e) { - return null; - - } finally { - try { - if (input != null) - input.close(); - - } catch (IOException e) { - Logger.warn("SendAssertionTemplate inputstream can not be closed.", e); - - } - } - } - - private static String getTemplate(InputStream input) { - String template = null; - try { - - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - template = writer.toString(); - template = template.replace(URL, SERVLET); - - } catch (Exception e) { - Logger.error("Failed to read template", e); - - } - return template; - } - - public static String buildForm(IRequest pendingReq) { - String value = null; - - String contextpath = pendingReq.getAuthURL(); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - byte[] oatemplate = oaParam.getSendAssertionTemplate(); - // OA specific template requires a size of 8 bits minimum - if (oatemplate != null && oatemplate.length > 7) { - InputStream is = new ByteArrayInputStream(oatemplate); - value = getTemplate(is); - - } else { - //load default BKU-selection template - value = getTemplate(); - - } - - if(value != null) { - value = value.replace(ID, pendingReq.getRequestID()); - value = value.replace(OANAME, oaParam.getFriendlyName()); - - if (contextpath.endsWith("/")) - contextpath = contextpath.substring(0, contextpath.length() - 1); - value = value.replace(CONTEXTPATH, contextpath); - - value = FormBuildUtils.customiceLayoutBKUSelection(value, - oaParam.isShowMandateCheckBox(), - oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten(), - oaParam.isShowStorkLogin()); - - } - return value; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index e321c9d05..ec94101d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -31,11 +31,11 @@ import org.w3c.dom.Node; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -81,7 +81,7 @@ public class SignatureVerificationUtils { Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); //send signature-verification to MOA-SP - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the <VerifyXMLSignatureResponse> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 7873fb96d..a72f6c2ea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -46,7 +46,7 @@ import java.util.Map; import org.apache.commons.collections4.map.HashedMap; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java index 31a3e38dc..8fc6368fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown during handling of AuthenticationSession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java index 9c2960c4c..ffbb6a19e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java @@ -22,6 +22,8 @@ ******************************************************************************/ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + public class BKUException extends MOAIDException { private static final long serialVersionUID = -4646544256490397419L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java index 155a18f15..b31354927 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown while building an XML or HTML structure. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java index 69802d7e6..f62bbc4bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java index 554cf7370..f43471f0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java index 2b277736d..20e544330 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown while converting ECDSAKeys from/to an XML structure. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java index 4f68bbac0..c6b8a4b6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + /** * @author tlenz * @@ -41,4 +43,7 @@ public class InvalidProtocolRequestException extends MOAIDException { super(messageId, parameters); } + public InvalidProtocolRequestException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java index c80cbea26..718c35df3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
public class MISSimpleClientException extends MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java deleted file mode 100644 index ef6aaa75c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java +++ /dev/null @@ -1,222 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.exception; - -import java.io.PrintStream; -import java.io.PrintWriter; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.DOMImplementation; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.util.Constants; - -/** - * Base class of technical MOA exceptions. - * - * Technical exceptions are exceptions that originate from system failure (e.g., - * a database connection fails, a component is not available, etc.) - * - * @author Patrick Peck, Ivancsics Paul - * @version $Id$ - */ -public class MOAIDException extends Exception { - /** - * - */ - private static final long serialVersionUID = -1507246171708083912L; -/** message ID */ - private String messageId; - /** wrapped exception */ - private Throwable wrapped; - - private Object[] parameters; - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * exception. - * @param parameters Additional message parameters. - */ - public MOAIDException(String messageId, Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - this.parameters = parameters; - } - - /** - * Create a new <code>MOAIDException</code>. - * - * @param messageId The identifier of the message associated with this - * <code>MOAIDException</code>. - * @param parameters Additional message parameters. - * @param wrapped The exception wrapped by this - * <code>MOAIDException</code>. - */ - public MOAIDException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); - this.messageId = messageId; - this.wrapped = wrapped; - this.parameters = parameters; - } - - /** - * Print a stack trace of this exception to <code>System.err</code>. - * - * @see java.lang.Throwable#printStackTrace() - */ - public void printStackTrace() { - printStackTrace(System.err); - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stack trace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) - */ - public void printStackTrace(PrintStream s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * Print a stack trace of this exception, including the wrapped exception. - * - * @param s The stream to write the stacktrace to. - * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) - */ - public void printStackTrace(PrintWriter s) { - if (getWrapped() == null) - super.printStackTrace(s); - else { - s.print("Root exception: "); - getWrapped().printStackTrace(s); - } - } - - /** - * @return message ID - */ - public String getMessageId() { - return messageId; - } - - /** - * @return wrapped exception - */ - public Throwable getWrapped() { - return wrapped; - } - - - - /** - * @return the parameters - */ -public Object[] getParameters() { - return parameters; -} - -/** - * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code> - * element from the MOA namespace. - * - * @return An <code>ErrorResponse</code> element, containing the subelements - * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema. - */ - public Element toErrorResponse() { - DocumentBuilder builder; - DOMImplementation impl; - Document doc; - Element errorResponse; - Element errorCode; - Element info; - - // create a new document - try { - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - impl = builder.getDOMImplementation(); - } catch (ParserConfigurationException e) { - return null; - } - - // build the ErrorResponse element - doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); - errorResponse = doc.getDocumentElement(); - - // add MOA namespace declaration - errorResponse.setAttributeNS( - Constants.XMLNS_NS_URI, - "xmlns", - Constants.MOA_NS_URI); - - // build the child elements - errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); - errorCode.appendChild(doc.createTextNode(messageId)); - info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); - info.appendChild(doc.createTextNode(toString())); - errorResponse.appendChild(errorCode); - errorResponse.appendChild(info); - return errorResponse; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java index 203be784e..bc19a3f39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java @@ -22,23 +22,24 @@ */ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + /** * @author tlenz * */ -public class SessionDataStorageException extends MOAIDException { +public class MOAIllegalStateException extends MOAIDException { /** * */ - private static final long serialVersionUID = 5743057708136365929L; - + private static final long serialVersionUID = 613582783125887683L; + /** - * @param messageId - * @param parameters + * */ - public SessionDataStorageException(String messageId, Object[] parameters) { - super(messageId, parameters); + public MOAIllegalStateException(String code, Object[] params) { + super(code, params); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java index 42fa5c6a7..d498c3209 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java @@ -22,6 +22,8 @@ ******************************************************************************/ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + public class MOASPException extends MOAIDException { private static final long serialVersionUID = -4646544256490397419L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java index 83d0a398b..aac5fcddb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown while parsing an XML structure. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java index fe2bcedca..2d09384a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java index 3bdf8f743..b892424d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown while calling the MOA-SPSS web service. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java index 0385352d2..124ae771a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown while validating an incoming XML structure diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java index 895a2aeef..c83d1580b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * Exception thrown when the <code>AuthenticationServer</code> API is diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 72a7d3ba1..a82ba501c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -46,22 +46,16 @@ package at.gv.egovernment.moa.id.auth.invoke; -import java.util.Vector; - import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; -import org.apache.axis.message.SOAPBodyElement; import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; @@ -77,9 +71,43 @@ import at.gv.egovernment.moa.util.MiscUtil; * @version $Id$ */ public class SignatureVerificationInvoker { - /** This QName Object identifies the SignatureVerification endpoint of the web service */ + + private static SignatureVerificationInvoker instance = null; + private SignatureVerificationService svs = null; + + /** This QName Object identifies the SignatureVerification endpoint of the web service */ private static final QName SERVICE_QNAME = new QName("SignatureVerification"); + + public static SignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new SignatureVerificationInvoker(); + + } + + return instance; + } + + private SignatureVerificationInvoker() { + try { + AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); + ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter(); + + if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { + + + } else { + svs = SignatureVerificationService.getInstance(); + + } + + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + /** * Method verifyXMLSignature. * @param request to be sent @@ -98,30 +126,29 @@ public class SignatureVerificationInvoker { * @throws ServiceException if an error occurs */ protected Element doCall(QName serviceName, Element request) throws ServiceException { - ConnectionParameter authConnParam = null; - try { - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - String endPoint; + ConnectionParameterInterface authConnParam = null; + try { AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(serviceName, params); - Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); + + throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); +// Service service = ServiceFactory.newInstance().createService(serviceName); +// Call call = service.createCall(); +// SOAPBodyElement body = new SOAPBodyElement(request); +// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; +// Vector responses; +// SOAPBodyElement response; +// +// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); +// call.setTargetEndpointAddress(authConnParam.getUrl()); +// responses = (Vector) call.invoke(serviceName, params); +// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used +// response = (SOAPBodyElement) responses.get(0); +// return response.getAsDOM(); } else { - SignatureVerificationService svs = SignatureVerificationService.getInstance(); VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 8c7583855..84ca9fa05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -23,10 +23,10 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index c96167e71..90795a416 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java index 932019d2c..1128cbab3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index bd8dd709f..42789d01d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 5b53a43bd..dfb90da3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -31,10 +31,10 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index c8e379bc1..6a1ed7203 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -27,10 +27,10 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 2cf2bfd9b..c582050ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -22,20 +22,23 @@ */ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import java.io.PrintWriter; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -45,7 +48,9 @@ import at.gv.egovernment.moa.logging.Logger; */ @Component("GenerateBKUSelectionFrameTask") public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { - + + @Autowired IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -63,20 +68,20 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); } - - //Build authentication form - String publicURLPreFix = pendingReq.getAuthURL(); - if (publicURLPreFix.endsWith("/")) - publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); - String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), - pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID()); - - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(loginForm); - out.flush(); + + IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, + GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); + + guiBuilder.build(response, config, "BKU-Selection form"); + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, + "Can not build GUI. Msg:" + e.getMessage(), + new MOAIDException("builder.09", new Object[]{e.getMessage()}, e)); - } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 47afe5795..ca99e9ba3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -22,18 +22,21 @@ */ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import java.io.PrintWriter; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -46,6 +49,8 @@ import at.gv.egovernment.moa.logging.Logger; @Component("GenerateSSOConsentEvaluatorFrameTask") public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTask { + @Autowired IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -59,22 +64,26 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas //set authenticated flag to false, because user consents is required pendingReq.setAuthenticated(false); - //build consents evaluator form - String form = SendAssertionFormBuilder.buildForm(pendingReq); - //store pending request requestStoreage.storePendingRequest(pendingReq); + + //build consents evaluator form + IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, + GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); + guiBuilder.build(response, config, "SendAssertion-Evaluation"); + //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); - - //write form to response object - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(form); - out.flush(); - + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, + "Can not build GUI. Msg:" + e.getMessage(), + new MOAIDException("builder.09", new Object[]{e.getMessage()}, e)); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index ddda86ecc..c1d02a029 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -30,10 +30,10 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index a4abbbcfa..140c7aebc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -30,15 +30,15 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -78,20 +78,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //check UseMandate flag - String useMISMandateString = null; - boolean useMISMandateBoolean = false; + String useMandateString = null; + boolean useMandateBoolean = false; if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMISMandateString = useMandate; + useMandateString = useMandate; } else { - useMISMandateString = "false"; + useMandateString = "false"; } - if (useMISMandateString.compareToIgnoreCase("true") == 0) - useMISMandateBoolean = true; + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; else - useMISMandateBoolean = false; + useMandateBoolean = false; - moasession.setUseMandate(useMISMandateString); + moasession.setUseMandate(useMandateString); //load OnlineApplication configuration @@ -155,7 +155,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } else { Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); - if (useMISMandateBoolean) { + if (useMandateBoolean) { Logger.error("Online-Mandate Mode for business application not supported."); throw new AuthenticationException("auth.17", null); } @@ -206,15 +206,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //validate SSO functionality - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); + String domainIdentifier = authConfig.getSSOTagetIdentifier(); if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) { //do not use SSO if no Target is set Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); protocolReq.setNeedSingleSignOnFunctionality(false); } - if (protocolReq.needSingleSignOnFunctionality() && useMISMandateBoolean) { - Logger.info("Usage of MIS-MandateService does not allow Single Sign-On. --> SSO is disabled for this request."); + if (protocolReq.needSingleSignOnFunctionality() && useMandateBoolean) { + Logger.info("Usage of Mandate-Service does not allow Single Sign-On. --> SSO is disabled for this request."); protocolReq.setNeedSingleSignOnFunctionality(false); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 04e4e7bdb..e3efdeac0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -22,34 +22,35 @@ */ package at.gv.egovernment.moa.id.auth.servlet; -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; import java.io.PrintWriter; import java.io.StringWriter; -import java.net.URI; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; +import com.google.common.net.MediaType; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; @@ -57,10 +58,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidator import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -72,16 +71,13 @@ public abstract class AbstractController extends MOAIDAuthConstants { public static final String ERROR_CODE_PARAM = "errorid"; - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String HTMLTEMPLATEFULL = "error_message.html"; - private static String CONTEXTPATH = "contextPath"; - @Autowired protected StatisticLogger statisticLogger; @Autowired protected IRequestStorage requestStorage; @Autowired protected ITransactionStorage transactionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; - + @Autowired protected IGUIFormBuilder guiBuilder; + @ExceptionHandler({MOAIDException.class}) public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { Logger.error(e.getMessage() , e); @@ -92,7 +88,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { @ExceptionHandler({Exception.class}) public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + "(Errorcode=9199" +" | Description="+ exception.getMessage() + ")"); @@ -103,15 +99,19 @@ public abstract class AbstractController extends MOAIDAuthConstants { @ExceptionHandler({IOException.class}) public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) { Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { + HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException { + String pendingRequestID = null; + if (pendingReq != null) + pendingRequestID = pendingReq.getRequestID(); + Throwable loggedException = null; Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); @@ -120,6 +120,10 @@ public abstract class AbstractController extends MOAIDAuthConstants { //set original exception loggedException = ((TaskExecutionException) extractedException).getOriginalException(); + //use TaskExecutionException directly, if no Original Exeception is included + if (loggedException == null) + loggedException = exceptionThrown; + //set pending-request ID if it is set String reqID = ((TaskExecutionException) extractedException).getPendingRequestID(); if (MiscUtil.isNotEmpty(reqID)) @@ -132,8 +136,19 @@ public abstract class AbstractController extends MOAIDAuthConstants { //switch to protocol-finalize method to generate a protocol-specific error message //put exception into transaction store for redirect - String key = Random.nextRandom(); - transactionStorage.put(key, loggedException); + String key = Random.nextLongRandom(); + if (pendingReq != null) { + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); + transactionStorage.put(key, + new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), loggedException)); + + } else { + transactionStorage.put(key, + new ExceptionContainer(null, + null, loggedException)); + + } //build up redirect URL String redirectURL = null; @@ -208,7 +223,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { Logger.warn(loggedException.getMessage(), loggedException); } else { - Logger.info(loggedException.getMessage()); + Logger.warn(loggedException.getMessage()); } } @@ -219,7 +234,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { String code = utils.mapInternalErrorToExternalError( ((InvalidProtocolRequestException)e).getMessageId()); String descr = e.getMessage(); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + "(Errorcode=" + code + " | Description=" + descr + ")"); @@ -227,89 +242,40 @@ public abstract class AbstractController extends MOAIDAuthConstants { } private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException { - VelocityContext context = new VelocityContext(); - - //add errorcode and errormessage - context.put("errorMsg", msg); - context.put("errorCode", errorCode); + + try { + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + HTTPUtils.extractAuthURLFromRequest(req), + DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, + null); + + //add errorcode and errormessage + config.putCustomParameter("errorMsg", msg); + config.putCustomParameter("errorCode", errorCode); - //add stacktrace if debug is enabled - if (Logger.isTraceEnabled()) { - context.put("stacktrace", getStacktraceFromException(error)); + //add stacktrace if debug is enabled + if (Logger.isTraceEnabled()) { + config.putCustomParameter("stacktrace", getStacktraceFromException(error)); - } - - writeHTMLErrorResponse(req, httpResp, context); - - } - - private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException { - VelocityContext context = new VelocityContext(); - - //add errorcode and errormessage - context.put("errorMsg", error.getMessage()); - context.put("errorCode", ErrorResponseUtils.getInstance().getResponseErrorCode(error)); - - //add stacktrace if debug is enabled - if (Logger.isTraceEnabled()) { - context.put("stacktrace", getStacktraceFromException(error)); + } + + guiBuilder.build(httpResp, config, "Error-Message"); + + } catch (GUIBuildException e) { + Logger.warn("Can not build error-message GUI.", e); + GenericExceptionHandler(httpResp, e); } - writeHTMLErrorResponse(req, httpResp, context); } - private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, VelocityContext context) throws IOException { - try { - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - context.put(CONTEXTPATH, authURL); - - InputStream is = null; - String pathLocation = null; - try { - String rootconfigdir = authConfig.getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; - File file = new File(new URI(pathLocation)); - is = new FileInputStream(file); - evaluateErrorTemplate(context, httpResp, is); - - } catch (Exception e) { - Logger.warn("SLO Template is not found in configuration directory (" + - pathLocation + "). Load template from project library ... "); - - try { - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; - is = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - evaluateErrorTemplate(context, httpResp, is); - - } catch (Exception e1) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - - } finally { - if (is != null) - is.close(); - - } - } catch (Exception e) { - Logger.error("Error-message form can not created.", e); - IOExceptionHandler(httpResp, e); - - } + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException { + writeHTMLErrorResponse(req, httpResp, + error.getMessage(), + ErrorResponseUtils.getInstance().getResponseErrorCode(error), + error); } - private void evaluateErrorTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - BufferedReader reader = new BufferedReader(new InputStreamReader(is )); - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, "Error Template", reader); - httpResp.setContentType("text/html;charset=UTF-8"); - httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } private String getStacktraceFromException(Exception ex) { StringWriter errors = new StringWriter(); @@ -351,7 +317,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { if (e instanceof ProtocolNotActiveException) { resp.getWriter().write(e.getMessage()); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); } else if (e instanceof AuthnRequestValidatorException) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 6be0fce90..0ce7b0050 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -9,9 +9,10 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.ProcessEngine;
import at.gv.egovernment.moa.logging.Logger;
@@ -27,13 +28,14 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
-
+ IRequest pendingReq = null;
try {
if (pendingRequestID == null) {
- throw new IllegalStateException("Unable to determine MOA pending-request id.");
+ throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
+
}
- IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+ pendingReq = requestStorage.getPendingRequest(pendingRequestID);
if (pendingReq == null) {
Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
@@ -42,6 +44,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont //change pending-request ID
requestStorage.changePendingRequestID(pendingReq);
+ pendingRequestID = pendingReq.getRequestID();
//add transactionID and unique sessionID to Logger
TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
@@ -49,14 +52,15 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // process instance is mandatory
if (pendingReq.getProcessInstanceId() == null) {
- throw new IllegalStateException("MOA session does not provide process instance id.");
+ throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
+
}
// wake up next task
processEngine.signal(pendingReq);
} catch (Exception ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ handleError(null, ex, req, resp, pendingReq);
} finally {
//MOASessionDBUtils.closeSession();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 3f9093a21..9b658d81b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,10 +33,11 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.GUILayoutBuilder; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; @@ -55,6 +55,7 @@ public class GUILayoutBuilderServlet extends AbstractController { @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; + @Autowired IGUIFormBuilder formBuilder; public GUILayoutBuilderServlet() { super(); @@ -66,40 +67,60 @@ public class GUILayoutBuilderServlet extends AbstractController { @RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET}) public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException { - IRequest pendingReq = extractPendingRequest(req); - - //build Service-Provider specific CSS - String css = GUILayoutBuilder.buildCSS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req)); - - resp.setContentType("text/css;charset=UTF-8"); - writeResponse(resp, css, "CSS"); + try { + IRequest pendingReq = extractPendingRequest(req); + + //initialize GUI builder configuration + ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + if (pendingReq != null) + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + null); + + else + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + HTTPUtils.extractAuthURLFromRequest(req), + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + null); + + //build GUI component + formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); + + } catch (Exception e) { + Logger.warn("GUI ressource:'CSS' generation FAILED."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); + } } @RequestMapping(value = "/js/buildJS", method = {RequestMethod.GET}) public void buildJavaScript(HttpServletRequest req, HttpServletResponse resp) throws IOException { - IRequest pendingReq = extractPendingRequest(req); + try { + IRequest pendingReq = extractPendingRequest(req); - //build Service-Provider specific CSS - String js = GUILayoutBuilder.buildJS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req)); + //initialize GUI builder configuration + ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + if (pendingReq != null) + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); - resp.setContentType("text/javascript;charset=UTF-8"); - writeResponse(resp, js, "JavaScript"); - - } - - private void writeResponse(HttpServletResponse resp, String value, String ressourceID) throws IOException { - if (MiscUtil.isNotEmpty(value)) { - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(value); - out.flush(); + else + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + HTTPUtils.extractAuthURLFromRequest(req), + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); + + //build GUI component + formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); - } else { - Logger.warn("GUI ressource: " + ressourceID + " generation FAILED."); + } catch (Exception e) { + Logger.warn("GUI ressource:'JavaScript' generation FAILED."); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); - } - + } private IRequest extractPendingRequest(HttpServletRequest req) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index 26a0488ca..dfa923558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -39,9 +39,11 @@ import org.springframework.web.bind.annotation.RequestMethod; public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController { + public static final String ENDPOINT_BKUSELECTION_EVALUATION = "/EvaluateBKUSelection"; + public static final String ENDPOINT_SENDASSERTION_EVALUATION = "/SSOSendAssertionServlet"; + public static final String ENDPOINT_GENERIC = "/signalProcess"; - - @RequestMapping(value = {"/GenerateIframeTemplate", + @RequestMapping(value = {"/EvaluateBKUSelection", "/SSOSendAssertionServlet", "/signalProcess" }, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 9397f1132..66e8757ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -28,7 +28,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; @@ -36,10 +35,13 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; @@ -50,7 +52,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -68,6 +69,7 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired IAuthenticationSessionStoreage authenicationStorage; @Autowired SingleLogOutBuilder sloBuilder; + @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -104,18 +106,22 @@ public class IDPSingleLogOutServlet extends AbstractController { transactionStorage.remove(tokken); } - VelocityContext context = new VelocityContext(); + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) - context.put("successMsg", + config.putCustomParameter("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else - context.put("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - ssoManager.printSingleLogOutInfo(context, resp, authURL); - - } catch (MOAIDException e) { - handleErrorNoRedirect(e, req, resp, false); + config.putCustomParameter("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + guiBuilder.build(resp, config, "Single-LogOut GUI"); + + } catch (GUIBuildException e) { + handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { handleErrorNoRedirect(e, req, resp, false); @@ -202,28 +208,36 @@ public class IDPSingleLogOutServlet extends AbstractController { } - VelocityContext context = new VelocityContext(); - context.put("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - try { - ssoManager.printSingleLogOutInfo(context, resp, authURL); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); - } catch (MOAIDException e) { + config.putCustomParameter("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + guiBuilder.build(resp, config, "Single-LogOut GUI"); + + } catch (GUIBuildException e) { e.printStackTrace(); } return; } } - - VelocityContext context = new VelocityContext(); - context.put("successMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - try { - ssoManager.printSingleLogOutInfo(context, resp, authURL); + try { + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + config.putCustomParameter("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); + + guiBuilder.build(resp, config, "Single-LogOut GUI"); - } catch (MOAIDException e) { + } catch (GUIBuildException e) { e.printStackTrace(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 4fcf166c9..15333a933 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,8 +56,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; @@ -91,7 +91,7 @@ public class LogOutServlet { } else { //return an error if RedirectURL is not a active Online-Applikation - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); + IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); if (oa == null) { Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index ba8ace6c9..3eaede028 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,12 +32,13 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -51,7 +51,11 @@ public class RedirectServlet { public static final String REDIRCT_PARAM_URL = "redirecturl"; private static final String DEFAULT_REDIRECTTARGET = "_parent"; + private static final String URL = "URL"; + private static final String TARGET = "TARGET"; + @Autowired SSOManager ssoManager; + @Autowired IGUIFormBuilder guiBuilder; @RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET) public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -63,7 +67,7 @@ public class RedirectServlet { String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); Logger.debug("Check URL against online-applications"); - OAAuthParameter oa = null; + IOAAuthParameters oa = null; String redirectTarget = DEFAULT_REDIRECTTARGET; try { oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); @@ -77,7 +81,7 @@ public class RedirectServlet { //Redirect is a SAML1 send Artifact redirct if (MiscUtil.isNotEmpty(artifact)) { try { - String test = oa.getFormCustomizaten().get(FormBuildUtils.REDIRECTTARGET); + String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); if (MiscUtil.isNotEmpty(test)) redirectTarget = test; @@ -99,14 +103,15 @@ public class RedirectServlet { URLEncoder.encode(artifact, "UTF-8")); url = resp.encodeRedirectURL(url); - String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget); - - resp.setContentType("text/html;charset=UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.write(redirect_form); - out.flush(); - + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, + null); + config.putCustomParameter(URL, url); + config.putCustomParameter(TARGET, redirectTarget); + guiBuilder.build(resp, config, "RedirectForm.html"); + } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service Logger.info("Receive an interfederation redirect request for IDP " + interIDP); @@ -121,13 +126,12 @@ public class RedirectServlet { } else { Logger.debug("Redirect to " + url); - String redirect_form = RedirectFormBuilder.buildLoginForm(url, DEFAULT_REDIRECTTARGET); - - resp.setContentType("text/html;charset=UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.write(redirect_form); - out.flush(); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, + null); + config.putCustomParameter(URL, url); + guiBuilder.build(resp, config, "RedirectForm.html"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java new file mode 100644 index 000000000..93d74d7ef --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java @@ -0,0 +1,185 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet.interceptor; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.List; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.springframework.context.ApplicationContext; + +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class VHostUrlRewriteServletFilter implements Filter { + + private static final String VHOST_PATH = "/vhost/"; + private static final String AUTHURL = "authURL"; + + + private ApplicationContext context = null; + + public VHostUrlRewriteServletFilter(ApplicationContext context) { + Logger.info("Register vHost Servelt Filter"); + this.context = context; + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + @Override + public void init(FilterConfig filterConfig) throws ServletException { + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest httpReq = (HttpServletRequest) request; + try { + AuthConfiguration authConfig = context.getBean(AuthConfiguration.class); + List<String> configuredPublicURLPrefix = authConfig.getPublicURLPrefix(); + + //check if End-Point is valid + String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq); + URL publicURL; + try { + publicURL = new URL(publicURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + //check if virtual IDPs are enabled + if (!authConfig.isVirtualIDPsEnabled()) { + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0)); + chain.doFilter(request, response); + + } else { + String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq); + URL authURL; + try { + authURL = new URL(authURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + Logger.debug("Extract AuthenticationServiceURL: " + authURLString); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = authURL.getPort(); + if (authURLPort == -1) + authURLPort = authURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(authURL.getHost()) && + configPort == authURLPort && + authURL.getPath().startsWith(configuredURL.getPath())) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + authURLString); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{authURLString}); + + } else { + httpReq.setAttribute(AUTHURL, resultURL.toExternalForm()); + + } + + String servletPath = httpReq.getServletPath(); + if (servletPath.startsWith(VHOST_PATH)) { + Logger.trace("Found V-IDP selection via REST URL ... "); + String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length()); + String requestedServlet = authURLString.substring(0, vHostDescriptor.length()); + String newURL = publicURL.toExternalForm().concat(requestedServlet); + httpReq.setAttribute(AUTHURL, newURL); + httpReq.getRequestDispatcher(newURL).forward(httpReq, response); + + } else { + Logger.trace("Found V-IDP selection via Domain ..."); + chain.doFilter(request, response); + + } + + } + + } catch (ConfigurationException e) { + + + } + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#destroy() + */ + @Override + public void destroy() { + // TODO Auto-generated method stub + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index ce384d1a0..87804ea6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -29,10 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index 672d2a35e..1548f11b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -27,8 +27,15 @@ import java.util.Map; import javax.net.ssl.SSLSocketFactory; import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; + +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; @@ -38,20 +45,12 @@ import at.gv.util.wsdl.szrgw.SZRGWType; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.frontend.ClientProxy; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; - public class SZRGWClient { private SSLSocketFactory sslContext = null; - public SZRGWClient(ConnectionParameter szrgwconnection) throws SZRGWClientException { - initial(szrgwconnection); + public SZRGWClient(ConnectionParameterInterface connectionParameters) throws SZRGWClientException { + initial(connectionParameters); } public CreateIdentityLinkResponse sentCreateIDLRequest(CreateIdentityLinkRequest request, String serviceUrl) throws SZRGWClientException { @@ -101,11 +100,11 @@ public class SZRGWClient { } - private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ + private void initial(ConnectionParameterInterface connectionParameters) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ try { sslContext = SSLUtils.getSSLSocketFactory( AuthConfigurationProviderFactory.getInstance(), - szrgwconnection); + connectionParameters); } catch (Exception e) { Logger.warn("SZRGW Client initialization FAILED.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java index 2038e3f18..991e748de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.client; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public class SZRGWClientException extends MOAIDException{ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java index b0b2029ec..622eca0a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java @@ -31,19 +31,19 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; +import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.MISType.Filters; /** @@ -127,7 +127,7 @@ public class SZRGWClientUtils { try { AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(); String requestID = UUID.randomUUID().toString(); SZRGWClient client = new SZRGWClient(connectionParameters); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java deleted file mode 100644 index a0223853a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ /dev/null @@ -1,82 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; - -/** - * Exception signalling an error in the configuration. - * - * @author Patrick Peck - * @version $Id$ - */ -public class ConfigurationException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = -7199539463319751278L; - -/** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Create a <code>MOAConfigurationException</code>. - */ - public ConfigurationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(messageId, parameters, wrapped); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java deleted file mode 100644 index 5ec0a5bc6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.config; - -/** - * @author tlenz - * - */ -public interface ConfigurationProvider { - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String CONFIG_PROPERTY_NAME = - "moa.id.configuration"; - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String PROXY_CONFIG_PROPERTY_NAME = - "moa.id.proxy.configuration"; - - /** - * The name of the generic configuration property giving the certstore directory path. - */ - public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; - - /** - * The name of the generic configuration property switching the ssl revocation checking on/off - */ - public static final String TRUST_MANAGER_REVOCATION_CHECKING = - "TrustManager.RevocationChecking"; - - public String getRootConfigFileDir(); - - public String getDefaultChainingMode(); - - public String getTrustedCACertificates(); - - public String getCertstoreDirectory(); - - public boolean isTrustmanagerrevoationchecking(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java index 60d676868..5c2f86732 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java @@ -51,17 +51,17 @@ import java.util.Properties; import org.hibernate.cfg.Configuration; +import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.util.config.EgovUtilPropertiesConfiguration; @@ -219,9 +219,8 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider config.addAnnotatedClass(AuthenticatedSessionStore.class); config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); - config.addAnnotatedClass(ExceptionStore.class); config.addAnnotatedClass(InterfederationSessionStore.class); - config.addAnnotatedClass(ProcessInstanceStore.class); + //config.addAnnotatedClass(ProcessInstanceStore.class); config.addProperties(moaSessionProp); MOASessionDBUtils.initHibernate(config, moaSessionProp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index e38a4f360..9d78c348b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.util.MiscUtil; public abstract class ConnectionParameter implements ConnectionParameterInterface{ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java deleted file mode 100644 index 8e95c106d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java +++ /dev/null @@ -1,35 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.config; - -public interface ConnectionParameterInterface { - - - public boolean isHTTPSURL(); - public String getUrl(); - public String getAcceptedServerCertificates(); - - public String getClientKeyStore(); - public String getClientKeyStorePassword(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java deleted file mode 100644 index 1f9259696..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ /dev/null @@ -1,165 +0,0 @@ -package at.gv.egovernment.moa.id.config.auth; - -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.util.config.EgovUtilPropertiesConfiguration; - -public interface AuthConfiguration extends ConfigurationProvider{ - - public static final String DEFAULT_X509_CHAININGMODE = "pkix"; - - public Properties getGeneralPVP2ProperiesConfig(); - - public Properties getGeneralOAuth20ProperiesConfig(); - - public ProtocolAllowed getAllowedProtocols(); - - public Map<String, String> getConfigurationWithPrefix(final String Prefix); - - public String getConfigurationWithKey(final String key); - - /** - * Get a configuration value from basic file based MOA-ID configuration - * - * @param key configuration key - * @return configuration value - */ - public String getBasicMOAIDConfiguration(final String key); - - public int getTransactionTimeOut(); - public int getSSOCreatedTimeOut(); - public int getSSOUpdatedTimeOut(); - - public String getAlternativeSourceID() throws ConfigurationException; - - public List<String> getLegacyAllowedProtocols(); - - public OAAuthParameter getOnlineApplicationParameter(String oaURL); - - public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; - - public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; - - public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException; - - public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException; - - public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException; - - public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; - - public List<String> getTransformsInfos() throws ConfigurationException; - - public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException; - - public List<String> getSLRequestTemplates() throws ConfigurationException; - - public String getSLRequestTemplates(String type) throws ConfigurationException; - - public List<String> getDefaultBKUURLs() throws ConfigurationException; - - public String getDefaultBKUURL(String type) throws ConfigurationException; - - public String getSSOTagetIdentifier() throws ConfigurationException; - - public String getSSOFriendlyName(); - - public String getSSOSpecialText(); - - public String getMOASessionEncryptionKey(); - - public String getMOAConfigurationEncryptionKey(); - - public boolean isIdentityLinkResigning(); - - public String getIdentityLinkResigningKey(); - - public boolean isMonitoringActive(); - - public String getMonitoringTestIdentityLinkURL(); - - public String getMonitoringMessageSuccess(); - - public boolean isAdvancedLoggingActive(); - - /** - * Returns the PublicURLPrefix. - * - * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / - * @throws ConfigurationException if no PublicURLPrefix is found. - */ - public List<String> getPublicURLPrefix() throws ConfigurationException; - - public boolean isVirtualIDPsEnabled(); - - public boolean isPVP2AssertionEncryptionActive(); - - public boolean isCertifiacteQCActive(); - - public STORKConfig getStorkConfig() throws ConfigurationException; - - public EgovUtilPropertiesConfiguration geteGovUtilsConfig(); - - public String getDocumentServiceUrl(); - - /** - * Notify, if the STORK fake IdentityLink functionality is active - * - * @return true/false - */ - public boolean isStorkFakeIdLActive(); - - /** - * Get a list of all STORK countries for which a faked IdentityLink should be created - * - * @return {List<String>} of country codes - */ - public List<String> getStorkFakeIdLCountries(); - - /** - * Get a list of all STORK countries for which no signature is required - * - * @return {List<String>} of country codes - */ - public List<String> getStorkNoSignatureCountries(); - - /** - * Get the MOA-SS key-group identifier for fake IdentityLink signing - * - * @return MOA-SS key-group identifier {String} - */ - public String getStorkFakeIdLResigningKey(); - - - /** - * Notify, if the PVP2x metadata schema validation is active - * - * @return true/false - */ - public boolean isPVPSchemaValidationActive(); - - /** - * Get all configuration values with prefix and wildcard - * - * @param key: Search key. * and % can be used as wildcards - * @return Key/Value pairs {Map<String, String>}, which key maps the search key - */ - Map<String, String> getConfigurationWithWildCard(String key); - - /** - * Get configured default revisions-log event codes which should be logged - * - * @return {List<Integer>} if event codes or null - */ - List<Integer> getDefaultRevisionsLogEventCodes(); - - @Deprecated - public boolean isHTTPAuthAllowed(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java index a00d3d313..94bcae672 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -24,7 +24,8 @@ package at.gv.egovernment.moa.id.config.auth; import org.springframework.context.ApplicationContext; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java deleted file mode 100644 index 58034cc7b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.config.auth; - -import java.security.PrivateKey; -import java.util.Collection; -import java.util.List; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; - -/** - * @author tlenz - * - */ -public interface IOAAuthParameters { - - public static final String ONLINEBKU = "online"; - public static final String HANDYBKU = "handy"; - public static final String LOCALBKU = "local"; - public static final String INDERFEDERATEDIDP = "interfederated"; - - /** - * Get the full key/value configuration for this online application - * - * @return an unmodifiable map of key/value pairs - */ - public Map<String, String> getFullConfiguration(); - - /** - * Get a configuration value from online application key/value configuration - * - * @param key: The key identifier of a configuration value * - * @return The configuration value {String} or null if the key does not exist - */ - public String getConfigurationValue(String key); - - public String getFriendlyName(); - - public String getPublicURLPrefix(); - - public String getOaType(); - - public boolean getBusinessService(); - - /** - * Get target of a public service-provider - * - * @return target identifier without prefix - */ - public String getTarget(); - - public String getTargetFriendlyName(); - - public boolean isInderfederationIDP(); - - public boolean isSTORKPVPGateway(); - - public boolean isRemovePBKFromAuthBlock(); - - /** - * Return the private-service domain-identifier with PreFix - * - * @return the identityLinkDomainIdentifier - */ - public String getIdentityLinkDomainIdentifier(); - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier(); - - public SAML1ConfigurationParameters getSAML1Parameter(); - - /** - * Get a list of online application specific trusted security layer templates - * - * @return a {List<String>} with template URLs, maybe empty but never null - */ - public List<String> getTemplateURL(); - - - /** - * Return the additional AuthBlock text for this online application - * - * @return authblock text {String} or null if no text is configured - */ - public String getAditionalAuthBlockText(); - - /** - * Return an online application specific BKU URL for a requested BKU type - * - * @param bkutype: defines the type of BKU - * @return BKU URL {String} or null if no BKU URL is configured - */ - public String getBKUURL(String bkutype); - - /** - * Return a list of all configured BKU URLs for this online application - * - * @return List<String> of BKU URLs or an empty list if no BKU is configured - */ - public List<String> getBKUURL(); - - public boolean useSSO(); - - public boolean useSSOQuestion(); - - /** - * Return all mandate-profile types configured for this online application - * - * @return the mandateProfiles {List<String>} or null if no profile is defined - */ - public List<String> getMandateProfiles(); - - /** - * @return the identityLinkDomainIdentifierType - */ - public String getIdentityLinkDomainIdentifierType(); - - public boolean isShowMandateCheckBox(); - - public boolean isOnlyMandateAllowed(); - - /** - * Shall we show the stork login in the bku selection frontend? - * - * @return true, if is we should show stork login - */ - public boolean isShowStorkLogin(); - - public Map<String, String> getFormCustomizaten(); - - public Integer getQaaLevel(); - - public boolean isRequireConsentForStorkAttributes(); - - /** - * Return a {Collection} of requested STORK attributes - * - * @return {Collection<StorkAttribute>} maybe empty but never null - */ - public Collection<StorkAttribute> getRequestedSTORKAttributes(); - - public byte[] getBKUSelectionTemplate(); - - public byte[] getSendAssertionTemplate(); - - /** - * Return a {Collection} of configured STORK CPEPS - * - * @return {Collection<CPEPS>} maybe empty but never null - */ - public Collection<CPEPS> getPepsList(); - - public String getIDPAttributQueryServiceURL(); - - /** - * @return - */ - boolean isInboundSSOInterfederationAllowed(); - - /** - * @return - */ - boolean isInterfederationSSOStorageAllowed(); - - /** - * @return - */ - boolean isOutboundSSOInterfederationAllowed(); - - boolean isTestCredentialEnabled(); - - List<String> getTestCredentialOIDs(); - - boolean isUseIDLTestTrustStore(); - boolean isUseAuthBlockTestTestStore(); - - PrivateKey getBPKDecBpkDecryptionKey(); - - /** - * @return - */ - boolean isPassivRequestUsedForInterfederation(); - - /** - * @return - */ - boolean isPerformLocalAuthenticationOnInterfederationError(); - - /** - * Get a {Collection} of configured STORK attribute provider plug-ins - * - * @return {Collection<StorkAttributeProviderPlugins>} maybe empty but never null - */ - public Collection<StorkAttributeProviderPlugin> getStorkAPs(); - - public List<Integer> getReversionsLoggingEventCodes(); - -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index fdd125156..b1bba6c17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -61,19 +61,19 @@ import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.TargetValidator; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; -import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -390,52 +390,6 @@ public boolean isOnlyMandateAllowed() { } } -/* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() - */ -@Override -public Map<String, String> getFormCustomizaten() { - Map<String, String> map = new HashMap<String, String>(); - map.putAll(FormBuildUtils.getDefaultMap()); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR))) - map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR))) - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS))) - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR))) - map.put(FormBuildUtils.BUTTON_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE))) - map.put(FormBuildUtils.FONTFAMILY, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR))) - map.put(FormBuildUtils.MAIN_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR))) - map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR))) - map.put(FormBuildUtils.HEADER_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT))) - map.put(FormBuildUtils.HEADER_TEXT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET))) - map.put(FormBuildUtils.REDIRECTTARGET, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT))) - map.put(FormBuildUtils.APPLET_HEIGHT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)); - - if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH))) - map.put(FormBuildUtils.APPLET_WIDTH, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)); - - return map; -} /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() @@ -615,7 +569,7 @@ public byte[] getSendAssertionTemplate() { public Collection<CPEPS> getPepsList() { Map<String, CPEPS> cPEPSMap = new HashMap<String, CPEPS>(); try { - STORKConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); + IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); if (availableSTORKConfig != null) { Set<String> configKeys = oaConfiguration.keySet(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index ed2f4d96b..348b1c45a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -19,8 +19,14 @@ import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; @@ -29,15 +35,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @@ -735,13 +738,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ public String getSSOTagetIdentifier() throws ConfigurationException { try { - return configuration.getStringValue( + String value = configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET); - + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { Logger.warn("Single Sign-On Target can not be read from configuration.", e); - return null; + } + + return null; } /** @@ -916,8 +923,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return a new STORK Configuration or {@code null} * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} */ - public STORKConfig getStorkConfig() throws ConfigurationException { - STORKConfig result = null; + public IStorkConfig getStorkConfig() throws ConfigurationException { + IStorkConfig result = null; try { Map<String, String> storkProps = configuration.getPropertySubset( MOAIDConfigurationConstants.GENERAL_AUTH_STORK + "."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java deleted file mode 100644 index b7d5ebed5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.config.auth.data; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.Serializable; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; - -import org.apache.commons.lang.SerializationUtils; - -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.KeyStoreUtils; - - -/** - * @author tlenz - * - */ -public class BPKDecryptionParameters implements Serializable{ - - private static final long serialVersionUID = 1L; - - private byte[] keyStore = null; - private String keyStorePassword = null; - private String keyAlias = null; - private String keyPassword = null; - - /** - * @return - * @throws IOException - */ - public PrivateKey getPrivateKey() { - InputStream in = null; - try { - in = new ByteArrayInputStream(keyStore); - KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword); - - char[] chPassword = " ".toCharArray(); - if (keyPassword != null) - chPassword = keyPassword.toCharArray(); - -// Certificate test = store.getCertificate(keyAlias); -// Base64Utils.encode(test.getPublicKey().getEncoded()); - - return (PrivateKey) store.getKey(keyAlias, chPassword); - - - } catch (KeyStoreException e) { - Logger.error("Can not load private key from keystore.", e); - - } catch (IOException e) { - Logger.error("Can not load private key from keystore.", e); - - } catch (UnrecoverableKeyException e) { - Logger.error("Can not load private key from keystore.", e); - - } catch (NoSuchAlgorithmException e) { - Logger.error("Can not load private key from keystore.", e); - - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - Logger.warn("Close InputStream failed." , e); - } - } - } - - return null; - } - - public byte[] serialize() { - return SerializationUtils.serialize(this); - - } - - /** - * @param keyStore the keyStore to set - */ - public void setKeyStore(byte[] keyStore) { - this.keyStore = keyStore; - } - - /** - * @param keyStorePassword the keyStorePassword to set - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * @param keyAlias the keyAlias to set - */ - public void setKeyAlias(String keyAlias) { - this.keyAlias = keyAlias; - } - - /** - * @param keyPassword the keyPassword to set - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 171940063..8d70b1444 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -28,9 +28,10 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; /** * @author tlenz @@ -197,15 +198,6 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() - */ - @Override - public Map<String, String> getFormCustomizaten() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override @@ -254,7 +246,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override - public Collection<at.gv.egovernment.moa.id.config.stork.CPEPS> getPepsList() { + public Collection<at.gv.egovernment.moa.id.commons.api.data.CPEPS> getPepsList() { // TODO Auto-generated method stub return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java deleted file mode 100644 index a04fb1626..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.config.auth.data; - -/** - * @author tlenz - * - */ -public class ProtocolAllowed { - - private boolean isSAML1Active = false; - private boolean isPVP21Active = true; - private boolean isOAUTHActive = true; - - /** - * - */ - public ProtocolAllowed() { - - } - - /** - * - */ - public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { - this.isOAUTHActive = oauth; - this.isPVP21Active = pvp21; - this.isSAML1Active = saml1; - - } - - /** - * @return the isSAML1Active - */ - public boolean isSAML1Active() { - return isSAML1Active; - } - /** - * @param isSAML1Active the isSAML1Active to set - */ - public void setSAML1Active(boolean isSAML1Active) { - this.isSAML1Active = isSAML1Active; - } - /** - * @return the isPVP21Active - */ - public boolean isPVP21Active() { - return isPVP21Active; - } - /** - * @param isPVP21Active the isPVP21Active to set - */ - public void setPVP21Active(boolean isPVP21Active) { - this.isPVP21Active = isPVP21Active; - } - /** - * @return the isOAUTHActive - */ - public boolean isOAUTHActive() { - return isOAUTHActive; - } - /** - * @param isOAUTHActive the isOAUTHActive to set - */ - public void setOAUTHActive(boolean isOAUTHActive) { - this.isOAUTHActive = isOAUTHActive; - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java deleted file mode 100644 index 8ff64f188..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.config.auth.data; - -/** - * @author tlenz - * - */ -public class SAML1ConfigurationParameters { - - private boolean isActive = false; - private boolean provideBaseId = false; - private boolean provideAuthBlock = false; - private boolean provideIdl = false; - private boolean provideCertificate = false; - private boolean provideMandate = false; - private boolean provideAllErrors = true; - private boolean useCondition = false; - private String sourceID = null; - private String condition = new String(); - - - /** - * - */ - public SAML1ConfigurationParameters(boolean isActive, - boolean provideBaseId, boolean provideAuthBlock, - boolean provideIdl, boolean provideCertificate, - boolean provideMandate, boolean provideAllErrors, - boolean useCondition, String condition, - String sourceID) { - this.condition = condition; - this.isActive = isActive; - this.provideAllErrors = provideAllErrors; - this.provideAuthBlock = provideAuthBlock; - this.provideBaseId = provideBaseId; - this.provideCertificate = provideCertificate; - this.provideIdl = provideIdl; - this.provideMandate = provideMandate; - this.useCondition = useCondition; - this.sourceID = sourceID; - - } - - - /** - * - */ - public SAML1ConfigurationParameters() { - - } - - - /** - * Gets the value of the isActive property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isIsActive() { - return this.isActive; - } - - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - - /** - * @param provideBaseId the provideBaseId to set - */ - public void setProvideBaseId(boolean provideBaseId) { - this.provideBaseId = provideBaseId; - } - - - /** - * @param provideAuthBlock the provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - - - /** - * @param provideIdl the provideIdl to set - */ - public void setProvideIdl(boolean provideIdl) { - this.provideIdl = provideIdl; - } - - - /** - * @param provideCertificate the provideCertificate to set - */ - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - - - /** - * @param provideMandate the provideMandate to set - */ - public void setProvideMandate(boolean provideMandate) { - this.provideMandate = provideMandate; - } - - - /** - * @param provideAllErrors the provideAllErrors to set - */ - public void setProvideAllErrors(boolean provideAllErrors) { - this.provideAllErrors = provideAllErrors; - } - - - /** - * @param useCondition the useCondition to set - */ - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - - - /** - * @param sourceID the sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - - /** - * @param condition the condition to set - */ - public void setCondition(String condition) { - this.condition = condition; - } - - - /** - * Gets the value of the provideStammzahl property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideStammzahl() { - return this.provideBaseId; - } - - /** - * Gets the value of the provideAUTHBlock property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideAUTHBlock() { - return this.provideAuthBlock; - } - - /** - * Gets the value of the provideIdentityLink property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideIdentityLink() { - return this.provideIdl; - } - - /** - * Gets the value of the provideCertificate property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideCertificate() { - return this.provideCertificate; - } - - /** - * Gets the value of the provideFullMandatorData property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideFullMandatorData() { - return this.provideMandate; - } - - /** - * Gets the value of the useCondition property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isUseCondition() { - return this.useCondition; - } - - /** - * Gets the value of the conditionLength property. - * - * @return - * possible object is - * {@link BigInteger } - * - */ - - public int getConditionLength() { - return condition.length(); - } - - /** - * Gets the value of the sourceID property. - * - * @return - * possible object is - * {@link String } - * - */ - public String getSourceID() { - return this.sourceID; - } - - /** - * Gets the value of the provideAllErrors property. - * - * @return - * possible object is - * {@link String } - * - */ - public Boolean isProvideAllErrors() { - return this.provideAllErrors; - } - -} - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java deleted file mode 100644 index 3f4be5093..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java +++ /dev/null @@ -1,138 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/**
- *
- */
-package at.gv.egovernment.moa.id.config.stork;
-
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-/**
- * Encpasulates C-PEPS information according MOA configuration
- *
- * @author bzwattendorfer
- *
- */
-public class CPEPS {
-
- /** Country Code of C-PEPS */
- private String countryCode;
-
- /** URL of C-PEPS */
- private URL pepsURL;
-
- private Boolean isXMLSignatureSupported;
-
- /** Specific attributes to be requested for this C-PEPS */
- private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
-
- /**
- * Constructs a C-PEPS
- * @param countryCode ISO Country Code of C-PEPS
- * @param pepsURL URL of C-PEPS
- */
- public CPEPS(String countryCode, URL pepsURL, Boolean isXMLSignatureSupported) {
- super();
- this.countryCode = countryCode;
- this.pepsURL = pepsURL;
- this.isXMLSignatureSupported = isXMLSignatureSupported;
- }
-
- /**
- * Gets the country code of this C-PEPS
- * @return ISO country code
- */
- public String getCountryCode() {
- return countryCode;
- }
-
- /**
- * Sets the country code of this C-PEPS
- * @param countryCode ISO country code
- */
- public void setCountryCode(String countryCode) {
- this.countryCode = countryCode;
- }
-
- /**
- * Gets the URL of this C-PEPS
- * @return C-PEPS URL
- */
- public URL getPepsURL() {
- return pepsURL;
- }
-
- /**
- * Sets the C-PEPS URL
- * @param pepsURL C-PEPS URL
- */
- public void setPepsURL(URL pepsURL) {
- this.pepsURL = pepsURL;
- }
-
- /**
- * Returns weather the C-PEPS supports XMl Signatures or not (important for ERnB)
- */
- public Boolean isXMLSignatureSupported() {
- return isXMLSignatureSupported;
- }
-
- /**
- * Sets weather the C-PEPS supports XMl Signatures or not (important for ERnB)
- * @param isXMLSignatureSupported C-PEPS XML Signature support
- */
- public void setXMLSignatureSupported(boolean isXMLSignatureSupported) {
- this.isXMLSignatureSupported = isXMLSignatureSupported;
- }
-
- /**
- * Gets the country specific attributes of this C-PEPS
- * @return List of country specific attributes
- */
- public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
- return countrySpecificRequestedAttributes;
- }
-
- /**
- * Sets the country specific attributes
- * @param countrySpecificRequestedAttributes List of country specific requested attributes
- */
- public void setCountrySpecificRequestedAttributes(
- List<RequestedAttribute> countrySpecificRequestedAttributes) {
- this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
- }
-
- /**
- * Adds a Requested attribute to the country specific attribute List
- * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
- */
- public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
- this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 9532aa9ab..8f6dff849 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -34,8 +34,13 @@ import java.util.Map; import java.util.Properties;
import java.util.Set;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -47,7 +52,7 @@ import at.gv.egovernment.moa.util.StringUtils; * @author bzwattendorfer
*
*/
-public class STORKConfig {
+public class STORKConfig implements IStorkConfig {
/** STORK SAML signature creation parameters */
private Properties props = null;
@@ -118,20 +123,36 @@ public class STORKConfig { }
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getSignatureCreationParameter()
+ */
+ @Override
public SignatureCreationParameter getSignatureCreationParameter() {
return new SignatureCreationParameter(props, basedirectory);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getSignatureVerificationParameter()
+ */
+ @Override
public SignatureVerificationParameter getSignatureVerificationParameter() {
return sigverifyparam;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCpepsMap()
+ */
+ @Override
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#isSTORKAuthentication(java.lang.String)
+ */
+ @Override
public boolean isSTORKAuthentication(String ccc) {
if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
@@ -144,6 +165,10 @@ public class STORKConfig { }
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCPEPS(java.lang.String)
+ */
+ @Override
public CPEPS getCPEPS(String ccc) {
if (isSTORKAuthentication(ccc))
return this.cpepsMap.get(ccc);
@@ -151,6 +176,10 @@ public class STORKConfig { return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getStorkAttributes()
+ */
+ @Override
public List<StorkAttribute> getStorkAttributes() {
return attr;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java deleted file mode 100644 index f188daf0d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java +++ /dev/null @@ -1,103 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.gv.egovernment.moa.id.config.stork;
-
-import java.util.Properties;
-
-/**
- * Encapsulates signature creation parameters according MOA configuration
- *
- * @author bzwattendorfer
- *
- */
-public class SignatureCreationParameter {
-
- private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
- private static final String PROPS_KEYSTORE_FILE = "keystore.file";
- private static final String PROPS_KEYSTORE_PASS = "keystore.password";
- private static final String PROPS_KEYNAME_NAME = "keyname.name";
- private static final String PROPS_KEYNAME_PASS = "keyname.password";
-
- private Properties props;
- private String basedirectory;
-
- SignatureCreationParameter(Properties props, String basedirectory) {
- this.props = props;
- this.basedirectory = basedirectory;
- }
-
- /**
- * Gets the KeyStore Path
- * @return File Path to KeyStore
- */
- public String getKeyStorePath() {
- return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
- }
-
- /**
- * Gets the KeyStore Password
- * @return Password to KeyStore
- */
- public String getKeyStorePassword() {
- return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
- }
-
- /**
- * Gets the Signing Key Name
- * @return Siging Key Name
- */
- public String getKeyName() {
- return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
- }
-
- /**
- * Gets the Signing Key Password
- * @return Signing Key Password
- */
- public String getKeyPassword() {
- return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java deleted file mode 100644 index 9b3e24c46..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java +++ /dev/null @@ -1,53 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/**
- *
- */
-package at.gv.egovernment.moa.id.config.stork;
-
-/**
- * Encapsulates Signature Verification data for STORK according MOA configuration
- *
- * @author bzwattendorfer
- *
- */
-public class SignatureVerificationParameter {
-
- /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
- private String trustProfileID;
-
- public SignatureVerificationParameter(String trustProfileID2) {
- this.trustProfileID = trustProfileID2;
- }
-
- /**
- * Gets the MOA-SP TrustProfileID
- * @return TrustProfileID of MOA-SP for STORK signature verification
- */
- public String getTrustProfileID() {
- return trustProfileID;
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java deleted file mode 100644 index 87ec7fb0c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java +++ /dev/null @@ -1,27 +0,0 @@ -package at.gv.egovernment.moa.id.config.stork; - -public class StorkAttribute { - - protected Boolean mandatory; - protected String name; - - public StorkAttribute(String name, boolean mandatory) { - this.name = name; - this.mandatory = mandatory; - } - - public Boolean getMandatory() { - return mandatory; - } - public void setMandatory(Boolean mandatory) { - this.mandatory = mandatory; - } - public String getName() { - return name; - } - public void setName(String name) { - this.name = name; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index aa9a0824d..d306ec005 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -35,7 +35,7 @@ import org.apache.commons.collections4.map.HashedMap; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java index 619af2358..1c6fdcb65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java @@ -20,62 +20,49 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.gv.egovernment.moa.id.config.stork; +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; /** * @author tlenz * */ -public class StorkAttributeProviderPlugin { - private String name = null; - private String url = null; - private String attributes = null; +public class ExceptionContainer implements Serializable { + + private static final long serialVersionUID = 5355860753609684995L; + private Throwable exceptionThrown = null; + private String uniqueSessionID = null; + private String uniqueTransactionID = null; /** * */ - public StorkAttributeProviderPlugin(String name, String url, String attributes) { - this.name = name; - this.url = url; - this.attributes = attributes; + public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) { + this.uniqueSessionID = uniqueSessionID; + this.uniqueTransactionID = uniqueTransactionID; + this.exceptionThrown = exception; } /** - * @return the name - */ - public String getName() { - return name; - } - /** - * @param name the name to set - */ - public void setName(String name) { - this.name = name; - } - /** - * @return the url - */ - public String getUrl() { - return url; - } - /** - * @param url the url to set + * @return the exceptionThrown */ - public void setUrl(String url) { - this.url = url; + public Throwable getExceptionThrown() { + return exceptionThrown; } /** - * @return the attributes + * @return the uniqueSessionID */ - public String getAttributes() { - return attributes; + public String getUniqueSessionID() { + return uniqueSessionID; } /** - * @param attributes the attributes to set + * @return the uniqueTransactionID */ - public void setAttributes(String attributes) { - this.attributes = attributes; + public String getUniqueTransactionID() { + return uniqueTransactionID; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java index 18ffc5c6d..38f6948d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.data; import java.util.Iterator; import java.util.List; -import java.util.Set; import java.util.Map.Entry; +import java.util.Set; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -63,5 +63,8 @@ public interface ISLOInformationContainer { List<String> getSloFailedOAs(); void putFailedOA(String oaID); - + + public String getTransactionID(); + + public String getSessionID(); }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index fd1749129..20588ad0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -44,6 +44,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs; private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs; private List<String> sloFailedOAs = null; + private String transactionID = null; + private String sessionID = null; /** * @@ -146,6 +148,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon @Override public void setSloRequest(PVPTargetConfiguration sloRequest) { this.sloRequest = sloRequest; + } /* (non-Javadoc) @@ -164,5 +167,37 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon if (sloFailedOAs == null) sloFailedOAs = new ArrayList<String>(); sloFailedOAs.add(oaID); - } + } + + + /** + * @return the transactionID + */ + public String getTransactionID() { + return transactionID; + } + + + /** + * @param transactionID the transactionID to set + */ + public void setTransactionID(String transactionID) { + this.transactionID = transactionID; + } + + public String getSessionID() { + return this.sessionID; + + } + + + /** + * @param sessionID the sessionID to set + */ + public void setSessionID(String sessionID) { + this.sessionID = sessionID; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index f065bbc56..a1f2c6558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.core.StatusCode; @@ -48,19 +47,23 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; @@ -76,7 +79,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEng import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; @@ -101,6 +103,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired protected AuthConfiguration authConfig; @Autowired private SingleLogOutBuilder sloBuilder; @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private IGUIFormBuilder guiBuilder; public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { @@ -440,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; + String uniqueSessionIdentifier = "notSet"; + String uniqueTransactionIdentifier = "notSet"; Logger.debug("Start technical Single LogOut process ... "); @@ -448,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); pvpSLOIssuer = logOutReq.getIssuer().getValue(); inboundRelayState = samlReq.getRelayState(); + uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier(); + uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier(); + } else { + AuthenticationSessionExtensions sessionExt; + try { + sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); + if (sessionExt != null) + uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); + + } catch (MOADatabaseException e) { + Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e); + + } + uniqueTransactionIdentifier = Random.nextLongRandom(); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED); + } //store active OAs to SLOContaine List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); - SLOInformationContainer sloContainer = new SLOInformationContainer(); - sloContainer.setSloRequest(pvpReq); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setTransactionID(uniqueTransactionIdentifier); + sloContainer.setSessionID(uniqueSessionIdentifier); + sloContainer.setSloRequest(pvpReq); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); @@ -465,9 +489,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); //terminate MOASession - try { + try { authenticatedSessionStore.destroySession(session.getSessionID()); - ssoManager.deleteSSOSessionID(httpReq, httpResp); + ssoManager.deleteSSOSessionID(httpReq, httpResp); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); + Logger.debug("Active SSO Session on IDP is remove."); } catch (MOADatabaseException e) { @@ -476,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - Logger.trace("Starting Service-Provider logout process ... "); - //start service provider back channel logout process + Logger.trace("Starting Service-Provider logout process ... "); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); + //start service provider back channel logout process Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); while (nextOAInterator.hasNext()) { SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); @@ -551,12 +578,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { + "/idpSingleLogout" + "?restart=" + relayState; - VelocityContext context = new VelocityContext(); - context.put("redirectURLs", sloReqList); - context.put("timeoutURL", timeOutURL); - context.put("timeout", SLOTIMEOUT); - ssoManager.printSingleLogOutInfo(context, httpResp, authURL); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + config.putCustomParameter("redirectURLs", sloReqList); + config.putCustomParameter("timeoutURL", timeOutURL); + config.putCustomParameter("timeout", SLOTIMEOUT); + + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + } else { if (pvpReq != null) { @@ -567,33 +599,61 @@ public class AuthenticationManager extends MOAIDAuthConstants { } else { //print SLO information directly - VelocityContext context = new VelocityContext(); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) - context.put("successMsg", + sloContainer.getSloFailedOAs().size() == 0) { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); + config.putCustomParameter("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - else - context.put("errorMsg", + + } else { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp, authURL); + + } + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); } } - + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + } catch (MOADatabaseException e) { Logger.error("MOA AssertionDatabase ERROR", e); if (pvpReq != null) { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); }else { //print SLO information directly - VelocityContext context = new VelocityContext(); - context.put("errorMsg", + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp, authURL); + + try { + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + } catch (GUIBuildException e1) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index 7833e795e..ae2771427 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -25,7 +25,8 @@ package at.gv.egovernment.moa.id.moduls; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 79e52f6e1..b9b161bb6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.moduls; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.commons.api.IRequest; + public interface IModulInfo { //public List<ServletInfo> getServlets(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java deleted file mode 100644 index d5d0e6c48..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ /dev/null @@ -1,202 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import java.util.Collection; - -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; - -public interface IRequest { - - /** - * Indicates the module, which implements this authentication protocol. - * The class, which is referenced, had to implement the 'IModulInfo' interface. - * - * @return Full-qualified name of the class which implements this protocol - */ - public String requestedModule(); - - /** - * Indicates the protocol specific action, which should executed if the request is processed. - * The class, which is referenced, had to implement the 'IAction' interface. - * - * @return Full-qualified name of the class which implements the action - */ - public String requestedAction(); - - /** - * Unique identifier, which indicates the service provider. - * In case of SAML1 protocol, it is the OA http-GET parameter - * - * @return Unique identifier for the service provider - */ - public String getOAURL(); - - /** - * Indicates the passive flag in authentication requests. - * If the passive flag is set, the identification and authentication process - * failed if no active SSO session is found. - * - * @return true, if the is passive flag is set in authentication request, otherwise false - */ - public boolean isPassiv(); - - /** - * Indicates the force authentication flag in authentication request - * If this flag is set, a new identification and authentication process - * is carried out in any case. - * - * @return true, if the force authentication flag is set, otherwise false - */ - public boolean forceAuth(); - - - /** - * Returns a generic request-data object with is stored with a specific identifier - * - * @param key The specific identifier of the request-data object - * @return The request-data object or null if no data is found with this key - */ - public Object getGenericData(String key); - - /** - * Returns a generic request-data object with is stored with a specific identifier - * - * @param key The specific identifier of the request-data object - * @param clazz The class type which is stored with this key - * @return The request-data object or null if no data is found with this key - */ - public <T> T getGenericData(String key, final Class<T> clazz); - - /** - * Store a generic data-object to request with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage - */ - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; - - /** - * Hold the identifier of this request object. - * This identifier can be used to load the request from request storage - * - * @return Request identifier - */ - public String getRequestID(); - - - /** - * Hold the identifier of the MOASession which is associated with this request - * - * @return MOASession identifier if a associated session exists, otherwise null - */ - public String getMOASessionIdentifier(); - - - /** - * Holds a unique transaction identifier, which could be used for looging - * This transaction identifier is unique for a single identification and authentication process - * - * @return Unique transaction identifier. - */ - public String getUniqueTransactionIdentifier(); - - /** - * Holds a unique session identifier, which could be used for logging - * This session identifier is unique for the full Single Sign-On session time - * - * @return Unique session identifier - */ - public String getUniqueSessionIdentifier(); - - - /** - * Hold the identifier if the process instance, which is associated with this request - * - * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null - */ - public String getProcessInstanceId(); - - - /** - * get the IDP URL PreFix, which was used for authentication request - * - * @return IDP URL PreFix <String>. The URL prefix always ends without / - */ - public String getAuthURL(); - public String getAuthURLWithOutSlash(); - - /** - * Indicates if this pending request needs authentication - * - * @return true if this request needs authentication, otherwise false - */ - public boolean isNeedAuthentication(); - - /** - * Indicates, if this pending request needs Single Sign-On (SSO) functionality - * - * @return true if this request needs SSO, otherwise false - */ - public boolean needSingleSignOnFunctionality(); - public void setNeedSingleSignOnFunctionality(boolean needSSO); - - /** - * Indicates, if this pending request is already authenticated - * - * @return true if this request is already authenticated, otherwise false - */ - public boolean isAuthenticated(); - public void setAuthenticated(boolean isAuthenticated); - - /** - * Get get Service-Provider configuration which is associated with this request. - * - * @return Service-Provider configuration - */ - public IOAAuthParameters getOnlineApplicationConfiguration(); - - /** - * Indicates, if this pending-request is aborted by the user - * - * @return true, if it is aborted, otherwise false - */ - public boolean isAbortedByUser(); - - /** - * Set the 'isAboredByUser' flag of this pending-request - * - * @param b true, if the user has abort the authentication process, otherwise false - */ - public void setAbortedByUser(boolean isAborted); - - /** - * This method get a Set of PVP 2.1 attribute, which are request by this pending-request. - * - * @return A set of PVP attribute names or null if no attributes are requested - * or the Service Provider, which sends this request needs no attributes - */ - public Collection<String> getRequestedAttributes(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java index d26af89a2..987d92e16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java @@ -22,7 +22,8 @@ */ package at.gv.egovernment.moa.id.moduls; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java index 6551b88a3..f1db466e9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public class NoPassivAuthenticationException extends MOAIDException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index aec5ad124..85e4dc99b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -33,12 +33,13 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index c49df43fa..1b550881e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -26,7 +26,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; import at.gv.egovernment.moa.id.storage.ITransactionStorage; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index db4022cdc..bc7dd272b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -22,13 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; -import java.net.URI; import java.util.Date; import java.util.List; @@ -36,27 +29,24 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.hibernate.Query; import org.hibernate.Session; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -312,69 +302,7 @@ public class SSOManager { return false; } - - public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp, String authURL) throws MOAIDException { - try { - Logger.trace("Initialize VelocityEngine..."); - context.put(CONTEXTPATH, authURL); - - InputStream is = null; - String pathLocation = null; - try { - String rootconfigdir = authConfig.getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; - File file = new File(new URI(pathLocation)); - is = new FileInputStream(file); - evaluateSLOTemplate(context, httpResp, is); - - } catch (Exception e) { - Logger.warn("SLO Template is not found in configuration directory (" + - pathLocation + "). Load template from project library ... "); - - try { - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; - is = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - evaluateSLOTemplate(context, httpResp, is); - - } catch (Exception e1) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - - } finally { - if (is != null) - is.close(); - - } - - } catch (Exception e) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - } - - private void evaluateSLOTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { - - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - BufferedReader reader = new BufferedReader(new InputStreamReader(is )); - - //set default elements to velocity context - //context.put(CONTEXTPATH, authConfig.getPublicURLPrefix()); - - StringWriter writer = new StringWriter(); - //velocityEngine.evaluate(context, writer, "SLO_Template", reader); - engine.evaluate(context, writer, "SLO Template", reader); - - - httpResp.setContentType("text/html;charset=UTF-8"); - httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { Cookie[] cookies = httpReq.getCookies(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java index b68f170c8..44f622fa0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java @@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.process; import java.io.InputStream; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.model.ProcessDefinition; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index 437eee63c..f9986dccb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -15,9 +15,9 @@ import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java index 88048d23e..cff85ad60 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.process.api; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java index d690c37bf..3620f2950 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java @@ -17,7 +17,9 @@ import at.gv.egovernment.moa.id.process.ProcessInstanceState; @Entity @Table(name = "processinstance") -public class ProcessInstanceStore { +public class ProcessInstanceStore implements Serializable{ + + private static final long serialVersionUID = -6147519767313903808L; /** * A process instance identifier qualifies as natural primary key by satisfying these requirements diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java index 577e971db..a9a9322ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java @@ -1,15 +1,12 @@ package at.gv.egovernment.moa.id.process.dao; -import org.hibernate.Criteria; -import org.hibernate.Session; -import org.hibernate.Transaction; -import org.hibernate.criterion.Restrictions; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; /** * Database backed implementation of the {@link ProcessInstanceStoreDAO} @@ -20,10 +17,14 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { private Logger log = LoggerFactory.getLogger(getClass()); + @Autowired ITransactionStorage transactionStorage; + @Override public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException { try { - MOASessionDBUtils.saveOrUpdate(pIStore); + transactionStorage.put(pIStore.getProcessInstanceId(), pIStore); + +// MOASessionDBUtils.saveOrUpdate(pIStore); log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId()); } catch (MOADatabaseException e) { log.warn("ProcessInstanceStore could not be persisted to the database."); @@ -35,31 +36,35 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { public ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException { log.debug("Retrieve the ProcessInstanceStore for id='{}' from the database.", processInstanceId); - Session session = MOASessionDBUtils.getCurrentSession(); - + + +// Session session = MOASessionDBUtils.getCurrentSession(); +// ProcessInstanceStore result = null; - Transaction tx = null; - synchronized (session) { +// Transaction tx = null; +// synchronized (session) { try { - tx = session.beginTransaction(); - // select all where processInstanceId equals processInstanceId - Criteria criteria = session.createCriteria(ProcessInstanceStore.class); - criteria.add(Restrictions.eq("processInstanceId", processInstanceId)); - result = (ProcessInstanceStore) criteria.uniqueResult(); - tx.commit(); - + result = transactionStorage.get(processInstanceId, ProcessInstanceStore.class); + +// tx = session.beginTransaction(); +// // select all where processInstanceId equals processInstanceId +// Criteria criteria = session.createCriteria(ProcessInstanceStore.class); +// criteria.add(Restrictions.eq("processInstanceId", processInstanceId)); +// result = (ProcessInstanceStore) criteria.uniqueResult(); +// tx.commit(); +// } catch (Exception e) { log.error("There are multiple persisted processes with the same process instance id '{}'", - processInstanceId); - if (tx != null) { - tx.rollback(); - } + processInstanceId); +// if (tx != null) { +// tx.rollback(); +// } throw e; } finally { //MOASessionDBUtils.closeSession(); } - } +// } if (result != null) { log.debug("Found process instance store for instance '{}'.", processInstanceId); } else { @@ -71,14 +76,16 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { @Override public void remove(String processInstanceId) throws MOADatabaseException { - log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId); - ProcessInstanceStore toBeDeleted = load(processInstanceId); - if (toBeDeleted != null) { - if (!MOASessionDBUtils.delete(toBeDeleted)) { - log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId); - throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '" - + processInstanceId + "'."); - } + log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId); + //ProcessInstanceStore toBeDeleted = load(processInstanceId); + + if (transactionStorage.containsKey(processInstanceId)) { + transactionStorage.remove(processInstanceId); +// if (!MOASessionDBUtils.delete(toBeDeleted)) { +// log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId); +// throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '" +// + processInstanceId + "'."); +// } } else log.trace("ProcessInstanceStore for id='{}' was not found and could therefore not be deleted.", processInstanceId); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java index b60434b2a..dd0d87dd7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java @@ -9,7 +9,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.filter.RequestContextFilter; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java index bf00cadaf..79afba412 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -30,18 +30,19 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; @@ -90,6 +91,9 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //authenticated MOASession already exists --> protocol-specific postProcessing can start directly finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + //transaction is finished, log transaction finished event + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + } } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 0ab630dc2..0da43d818 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -34,10 +34,11 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +67,14 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon if (errorid != null) { try { //load stored exception from database - Throwable throwable = transactionStorage.get(errorid, Throwable.class); - - if (throwable != null) { + ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); + if (container != null) { //remove exception if it was found transactionStorage.remove(errorid); - if (pendingReq != null) { - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); - + Throwable throwable = container.getExceptionThrown(); + + if (pendingReq != null) { //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); @@ -166,8 +166,11 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon } //remove pending-request - if (pendingReq != null) + if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getRequestID()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java index 048293fc2..eff839e4e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java index 0e6dc1838..f1d88f877 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.text.DateFormat; import java.text.SimpleDateFormat; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 2d15edc7b..dab3810e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java index 998377472..623acd18e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 14199d808..cfc6b102c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java index 13addc1fd..9e5d4198c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java index 3d7260af1..fc80ad7fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -22,10 +22,10 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil; public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { @@ -36,9 +36,12 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { String countryCode = authData.getCcc(); - - return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, - EID_ISSUING_NATION_NAME, countryCode); + if (MiscUtil.isNotEmpty(countryCode)) + return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME, countryCode); + + else + return null; } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java index 43a0458cb..b1474acda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java index 2ca56a791..c3300d60f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java index 204c0c15d..1172d3cec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java index 69f0c3088..a6a5f1dd4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java index 58f18ee23..1d836802a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 76866c336..9dfbe00b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java index 61771de66..af87a319a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java index 4def39d54..1d3faff2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java index ace4c0be0..5b44f02aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index ca66700a2..53cfbecc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -26,7 +26,7 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 67eb92d9b..97043a3a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -26,7 +26,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index 9474cd832..46472c983 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -26,7 +26,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 8391c8230..41c35dad3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -26,7 +26,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index df077a631..df8f86f7e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -29,7 +29,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index 663e927fc..a64880889 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -31,7 +31,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index dd49b2a1e..085579108 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -29,7 +29,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 55c864335..4cd2ca670 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -28,7 +28,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 53eca141e..69a731e53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -28,7 +28,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 46562c506..41a821c98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -27,7 +27,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index d1da36aa3..b4eed85d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 3cfc40d22..bef9afd8f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java index a1fa6c2a8..5ad562ffa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java index 573f0584a..a531e31fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java index 2a5c8d418..b967ad42c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java @@ -2,64 +2,58 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.builder; - -import java.io.InputStream; -import java.io.StringWriter; - -import org.apache.commons.io.IOUtils; + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.builder.attributes; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; -public class RedirectFormBuilder { +public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder { - private static String URL = "#URL#"; - private static String TARGET = "#TARGET#"; - private static String template; - - private static String getTemplate() { - - if (template == null) { - try { - String classpathLocation = "resources/templates/redirectForm.html"; - InputStream input = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(classpathLocation); - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - template = writer.toString(); - } catch (Exception e) { - Logger.error("Failed to read template", e); + public String getName() { + return MANDATE_TYPE_OID_NAME; + } + + public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authData.isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); + + if (MiscUtil.isEmpty(mandateType)) { + Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); + return null; + } + + return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); } + return null; - return template; } - - public static String buildLoginForm(String url, String redirectTarget) { - String value = getTemplate(); - value = value.replace(URL, url); - value = value.replace(TARGET, redirectTarget); - - return value; + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java index 456634fb1..285a6977f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java index 33f3a1d05..b2465b5c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 142810d45..2168316ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -44,23 +44,24 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; @@ -128,10 +129,9 @@ public class AttributQueryAction implements IAction { + " validTo:" + responseInfo.getSecond().toString()); //build PVP 2.1 assertion - - String issuerEntityID = pendingReq.getAuthURL(); - if (issuerEntityID.endsWith("/")) - issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + + String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( + pendingReq.getAuthURL()); Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), @@ -217,14 +217,16 @@ public class AttributQueryAction implements IAction { + " for authentication information."); //load configuration of next IDP - OAAuthParameter idp = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); - if (idp == null) { + IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); + if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) { Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() + "is not loadable."); throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()}); } + OAAuthParameter idp = (OAAuthParameter) idpLoaded; + //check if next IDP config allows inbound messages if (!idp.isInboundSSOInterfederationAllowed()) { Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index a214dad9d..8de44a2e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -37,18 +37,19 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; @@ -81,10 +82,13 @@ public class AuthenticationAction implements IAction { SLOInformationImpl sloInformation = new SLOInformationImpl(); //change to entity value from entity name to IDP EntityID (URL) - String issuerEntityID = pvpRequest.getAuthURL(); - if (issuerEntityID.endsWith("/")) - issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); - +// String issuerEntityID = pvpRequest.getAuthURL(); +// if (issuerEntityID.endsWith("/")) +// issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + + String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( + pvpRequest.getAuthURL()); + //build Assertion Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, peerEntity, date, consumerService, sloInformation); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 15fe1e9d7..b282e3a4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -28,13 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; @@ -62,7 +64,7 @@ public class MetadataAction implements IAction { String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); Logger.debug("METADATA: " + metadataXML); - httpResp.setContentType("text/xml"); + httpResp.setContentType(MediaType.XML_UTF_8.toString()); httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8")); httpResp.getOutputStream().close(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 8065af1a6..bca080ba6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -56,15 +56,16 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; @@ -95,7 +96,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -114,12 +114,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { public static final String METADATA = "Metadata"; public static final String ATTRIBUTEQUERY = "AttributeQuery"; public static final String SINGLELOGOUT = "SingleLogOut"; - - public static final String ENDPOINT_IDP = "idp"; - public static final String ENDPOINT_SP = "sp"; - public static final String PARAMETER_ENDPOINT = "endpointtype"; - public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( new String[] { PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME @@ -208,12 +203,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (MOAIDException e) { + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -243,7 +241,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { //get POST-Binding decoder implementation InboundMessage msg = (InboundMessage) new RedirectBinding().decode( req, resp, MOAMetadataProvider.getInstance(), false, - new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); + new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL()))); pendingReq.setRequest(msg); //preProcess Message @@ -259,11 +257,14 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -309,12 +310,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - + + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -496,7 +500,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); @@ -579,7 +583,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - OAAuthParameter oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID()); + IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID()); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -733,7 +737,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String oaURL = moaRequest.getEntityMetadata().getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index c2b61aaa7..73d6e978e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -31,7 +31,7 @@ public interface PVPConstants { public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; - public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128; + public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; @@ -190,6 +190,11 @@ public interface PVPConstants { public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; public static final int MANDATE_TYPE_MAX_LENGTH = 256; + public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106"; + public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID; + public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID"; + public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256; + public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 5afa10a72..af6c79140 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -34,17 +34,21 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import org.hibernate.resource.transaction.spi.TransactionStatus; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -54,7 +58,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; @@ -79,6 +82,7 @@ public class SingleLogOutAction implements IAction { @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; @Autowired private SingleLogOutBuilder sloBuilder; + @Autowired private MOAReversionLogger revisionsLogger; /* (non-Javadoc) @@ -239,11 +243,17 @@ public class SingleLogOutAction implements IAction { String statusCode = null; if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) + sloContainer.getSloFailedOAs().size() == 0) { statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; - else + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), + MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); + + } else { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), + MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; - + + } transactionStorage.put(artifact, statusCode); redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); @@ -274,7 +284,7 @@ public class SingleLogOutAction implements IAction { throw new AuthenticationException("pvp2.13", new Object[]{}); } finally { - if (tx != null && !tx.wasCommitted()) { + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) { tx.commit(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java index 6080f8a33..7bb64a106 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import org.opensaml.common.binding.decoding.URIComparator; +import at.gv.egovernment.moa.logging.Logger; + public class MOAURICompare implements URIComparator { /** @@ -40,8 +42,12 @@ public class MOAURICompare implements URIComparator { if (this.serviceURL.equals(uri1)) return true; - else + else { + Logger.warn("PVP request destination-endpoint: " + uri1 + + " does not match to IDP endpoint:" + serviceURL); return false; + + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 46381fcc2..9977e607b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -50,6 +50,7 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -58,7 +59,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 7278c9c6c..279038967 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -183,7 +183,7 @@ public class RedirectBinding implements IDecoder, IEncoder { } if (metadataProvider instanceof IMOARefreshableMetadataProvider) { - Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId()); + Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer()); if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer())) throw e; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 9c097780b..2df72637d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,8 +49,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Document; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index aea3c2ee7..78ddab488 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -51,7 +51,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria; import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xml.security.x509.X509Credential; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index c48caed29..b82e6c1f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -32,7 +32,7 @@ import java.util.ServiceLoader; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index d5d84dd51..01ef4a43d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -38,13 +38,15 @@ import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; @@ -175,6 +177,20 @@ public class PVPAuthnRequestBuilder { subjectNameID.setFormat(NameID.TRANSIENT); reqSubject.setNameID(subjectNameID); + + if (config.getSubjectConformationDate() != null) { + SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class); + SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class); + subjectConformation.setSubjectConfirmationData(subjectConformDate); + reqSubject.getSubjectConfirmations().add(subjectConformation ); + + if (config.getSubjectConformationMethode() != null) + subjectConformation.setMethod(config.getSubjectConformationMethode()); + + subjectConformDate.setDOM(config.getSubjectConformationDate()); + + } + authReq.setSubject(reqSubject ); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java index 84285a318..e2f8664d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java @@ -69,7 +69,7 @@ import org.opensaml.xml.signature.Signer; import org.springframework.stereotype.Service; import org.w3c.dom.Document; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -182,9 +182,12 @@ public class PVPMetadataBuilder { } else { entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); + entityDescriptor.setID(SAML2Utils.getSecureIdentifier()); entityDescriptor.setSignature(signature); + + //marshall document Marshaller out = Configuration.getMarshallerFactory() .getMarshaller(entityDescriptor); @@ -212,8 +215,8 @@ public class PVPMetadataBuilder { private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(false); + spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned()); + spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned()); KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); @@ -365,7 +368,7 @@ public class PVPMetadataBuilder { idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); //set ass default value, because PVP 2.x specification defines this feature as MUST - idpSSODescriptor.setWantAuthnRequestsSigned(true); + idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned()); // add WebSSO descriptor for POST-Binding if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 63452bee0..e5c897aa6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -63,10 +63,11 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -83,7 +85,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; /** @@ -232,7 +233,7 @@ public class SingleLogOutBuilder { DateTime now = new DateTime(); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(sloInfo.getAuthURL()); + issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL())); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); @@ -321,7 +322,8 @@ public class SingleLogOutBuilder { private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(spRequest.getAuthURLWithOutSlash()); + issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService( + spRequest.getAuthURLWithOutSlash())); issuer.setFormat(NameID.ENTITY); sloResp.setIssuer(issuer); sloResp.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 3aa05bb2d..8ddd2cb39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -61,9 +61,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -282,7 +282,8 @@ public class PVP2AssertionBuilder implements PVPConstants { String bpk = null; Element mandate = authData.getMandate(); - if(mandate != null) { + if(mandate != null) { + Logger.debug("Read mandator bPK|baseID from full-mandate ... "); Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { throw new NoMandateDataAvailableException(); @@ -307,7 +308,7 @@ public class PVP2AssertionBuilder implements PVPConstants { bpk = id.getValue().getValue(); } else { - Logger.debug("Read mandatpr bPK|baseID from PVP attributes ... "); + Logger.debug("Read mandator bPK|baseID from PVP attributes ... "); bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); @@ -315,6 +316,15 @@ public class PVP2AssertionBuilder implements PVPConstants { //no sourcePin is included --> search for bPK bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); + try { + if (bpk.contains(":")) + bpk = bpk.split(":")[1]; + + } catch (Exception e) { + Logger.warn("Can not split bPK from mandator attribute!", e); + + } + //set bPK-Type from configuration, because it MUST be equal to service-provider type if (oaParam.getBusinessService()) { if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) @@ -435,7 +445,7 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); - subjectConfirmationData.setNotBefore(date); +// subjectConfirmationData.setNotBefore(date); subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java index 9a51e75e4..c0fb5bf5b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java @@ -32,7 +32,7 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -97,7 +97,14 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura */ @Override public String getEntityID() { - return authURL; + try { + return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + + } catch (ConfigurationException e) { + Logger.error("Can not load Metadata entry: EntityID", e); + return null; + + } } /* (non-Javadoc) @@ -293,4 +300,20 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura return "MOA-ID-Auth"; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java index 6e1798ed1..814a2387d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; /** * @author tlenz @@ -136,11 +137,26 @@ public interface IPVPAuthnRequestBuilderConfiguruation { public String getSubjectNameIDFormat(); /** - * Define a SP specific SAMK2 requestID + * Define a SP specific SAML2 requestID * * @return requestID, or null if the requestID should be generated automatically */ public String getRequestID(); + /** + * Defines the 'method' attribute in 'SubjectConformation' element + * + * @return method, or null if no method should set + */ + public String getSubjectConformationMethode(); + + /** + * Define the information, which should be added as 'subjectConformationDate' + * in 'SubjectConformation' element + * + * @return subjectConformation information or null if no subjectConformation should be set + */ + public Element getSubjectConformationDate(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java index 56274535b..3a8404cae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java @@ -221,4 +221,18 @@ public interface IPVPMetadataBuilderConfiguration { * @return a List of SAML2 nameID types */ public List<String> getSPAllowedNameITTypes(); + + /** + * Set the 'wantAssertionSigned' attribute in SP metadata + * + * @return + */ + public boolean wantAssertionSigned(); + + /** + * Set the 'wantAuthnRequestSigned' attribute + * + * @return + */ + public boolean wantAuthnRequestSigned(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 58210a72c..480656e30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -44,10 +44,10 @@ import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java index fcd8472b1..1e029f567 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java index 7ed438471..f65c4d265 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java index 709c1e34b..00fb97151 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; import org.opensaml.saml2.core.StatusCode; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public abstract class PVP2Exception extends MOAIDException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 618346485..3002ca179 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -45,12 +45,12 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; @@ -121,7 +121,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider @Override public boolean refreshMetadataProvider(String entityID) { try { - OAAuthParameter oaParam = + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); if (oaParam != null) { String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -230,7 +230,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - OAAuthParameter oaParam = + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -361,7 +361,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - OAAuthParameter oaParam = + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -425,7 +425,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider internalProvider = chainProvider; } - private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException { + private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException { PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java index 6d646c609..442455d4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java @@ -32,9 +32,9 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.xml.parse.BasicParserPool; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java index 9102606a2..77cc7228b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java @@ -122,15 +122,15 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); } return credentials; } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -147,8 +147,8 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); } @@ -156,7 +156,7 @@ public abstract class AbstractCredentialProvider { } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -178,16 +178,17 @@ public abstract class AbstractCredentialProvider { if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); } return (X509Credential) credentials; + } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java index a47c34c0b..85de666c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public class CredentialsNotAvailableException extends MOAIDException { @@ -31,6 +31,11 @@ public class CredentialsNotAvailableException extends MOAIDException { super(messageId, parameters); } + public CredentialsNotAvailableException(String messageId, + Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index abc4eb4a9..381289824 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -27,7 +27,7 @@ import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 75ef7e5a1..0426c2a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -35,9 +35,9 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java index 0b2bbafeb..a9f9b206e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java @@ -28,7 +28,7 @@ import java.util.List; import org.opensaml.saml2.core.RequestAbstractType; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public class ChainSAMLValidator implements ISAMLValidator { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java index f9dab1cb5..4f697d986 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.validation; import org.opensaml.saml2.core.RequestAbstractType; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public interface ISAMLValidator { public void validateRequest(RequestAbstractType request) throws MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java index d65b847dc..952a6024a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java @@ -27,7 +27,7 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.security.SAMLSignatureProfileValidator; import org.opensaml.xml.validation.ValidationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; public class SAMLSignatureValidator implements ISAMLValidator { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java index 749f613f8..d0596d50b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java @@ -28,7 +28,7 @@ import java.util.List; import org.opensaml.saml2.core.RequestAbstractType; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public class ChainSAMLVerifier implements ISAMLVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 4650327b4..2ded32bac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -34,11 +34,11 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -53,7 +53,7 @@ public class EntityVerifier { // List<OnlineApplication> oaList = ConfigurationDBRead // .getAllActiveOnlineApplications(); try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); if (MiscUtil.isNotEmpty(certBase64)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java index 8bbf8ee1a..e032edc9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; import org.opensaml.saml2.core.RequestAbstractType; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; public interface ISAMLVerifier { public void verifyRequest(RequestAbstractType request) throws MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java index 1e13da179..385fe90fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java @@ -47,9 +47,9 @@ import org.opensaml.xml.validation.ValidationException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; @@ -62,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger; public class SAMLVerificationEngineSP extends SAMLVerificationEngine { @Autowired AuthConfiguration authConfig; - + /** * Validate a PVP response and all included assertions * @@ -74,6 +74,13 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { * @throws AssertionValidationExeption */ public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName) throws AssertionValidationExeption { + validateAssertion(samlResp, validateDestination, assertionDecryption, spEntityID, loggerSPName, true); + + } + + + public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName, + boolean validateDateTime) throws AssertionValidationExeption { try { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); @@ -102,7 +109,7 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' attribute is not included"}); } - if (issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { + if (validateDateTime && issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { Logger.warn("PVP response: IssueInstant DateTime is not valid anymore."); throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' Time is not valid any more"}); @@ -150,7 +157,8 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { if (conditions != null) { DateTime notbefore = conditions.getNotBefore().minusMinutes(5); DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + if (validateDateTime && + (notbefore.isAfterNow() || notafter.isBeforeNow()) ) { isAssertionValid = false; Logger.info("Assertion:" + saml2assertion.getID() + " is out of Date. " diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index f67c475bb..3d69b0380 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -23,14 +23,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import java.io.IOException; -import java.io.StringWriter; -import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.FilterException; @@ -39,8 +34,9 @@ import org.opensaml.xml.XMLObject; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter { EntityDescriptor entityDes = (EntityDescriptor) metadata; //check signature; try { - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(metadata.getDOM()); - transformer.transform(source, sr); - sw.close(); - String metadataXML = sw.toString(); + byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8"); + +// Transformer transformer = TransformerFactory.newInstance() +// .newTransformer(); +// StringWriter sw = new StringWriter(); +// StreamResult sr = new StreamResult(sw); +// DOMSource source = new DOMSource(metadata.getDOM()); +// transformer.transform(source, sr); +// sw.close(); +// String metadataXML = sw.toString(); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); VerifyXMLSignatureResponse result = sigVerify.verify( - metadataXML.getBytes(), trustProfileID); + serialized, trustProfileID); //check signature-verification result if (result.getSignatureCheckCode() != 0) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index 149874ce0..679bdd10f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -36,8 +36,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; - +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index 69fe0ee6a..83a2b61d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 10594d6fc..094e25040 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -32,6 +32,7 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import org.hibernate.resource.transaction.spi.TransactionStatus; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -41,6 +42,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; @@ -48,11 +52,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.JsonMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.Random; @@ -231,7 +232,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; @@ -321,7 +322,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -371,7 +372,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0); } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -477,7 +478,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch(HibernateException e) { Logger.warn("Error during database saveOrUpdate. Rollback.", e); - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); } @@ -504,7 +505,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Exception e) { if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { + && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { session.getTransaction().rollback(); throw e; @@ -534,7 +535,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Exception e) { if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { + && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { session.getTransaction().rollback(); throw e; @@ -583,7 +584,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return null; } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -626,7 +627,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getActiveOAsessions().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -665,7 +666,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); return null; } @@ -702,7 +703,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -740,7 +741,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -804,7 +805,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt idp.setIdpurlprefix(idpEntityID); idp.setAuthURL(req.getAuthURL()); - OAAuthParameter oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix()); + IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix()); idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed()); idp.setMoasession(dbsession); idpList.add(idp); @@ -856,7 +857,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return result.get(0).getInderfederation().get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -948,7 +949,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } @@ -1018,7 +1019,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return (AuthenticatedSessionStore) result.get(0); } catch (Exception e) { - if (tx != null && !tx.wasCommitted() && commit) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit) tx.rollback(); throw e; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index ff631a720..c2b3b0fc5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.storage; import java.io.Serializable; +import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -99,6 +100,17 @@ public class DBTransactionStorage implements ITransactionStorage { } } + public Object get(String key) throws MOADatabaseException { + AssertionStore element = searchInDatabase(key); + + if (element == null) + return null; + + return SerializationUtils.deserialize(element.getAssertion()); + + + } + public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException { AssertionStore element = searchInDatabase(key); @@ -134,10 +146,11 @@ public class DBTransactionStorage implements ITransactionStorage { } } - public void clean(Date now, long dataTimeOut) { + public List<String> clean(Date now, long dataTimeOut) { Date expioredate = new Date(now.getTime() - dataTimeOut); List<AssertionStore> results; + List<String> returnValues = new ArrayList<String>();; Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { @@ -146,22 +159,14 @@ public class DBTransactionStorage implements ITransactionStorage { query.setTimestamp("timeout", expioredate); results = query.list(); session.getTransaction().commit(); - - if (results.size() != 0) { - for(AssertionStore result : results) { - try { - cleanDelete(result); - Logger.info("Remove stored information with ID: " + result.getArtifact() - + " after timeout."); - - } catch (HibernateException e){ - Logger.warn("Sessioninformation with ID=" + result.getArtifact() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } } + + if (results != null) { + for (AssertionStore el : results) + returnValues.add(el.getArtifact()); + + } + return returnValues; } public void remove(String key) { @@ -237,6 +242,12 @@ public class DBTransactionStorage implements ITransactionStorage { element.setType(value.getClass().getName()); element.setDatatime(new Date()); + if (!Serializable.class.isInstance(value)) { + Logger.warn("Transaction-Storage can only store objects which implements the 'Seralizable' interface"); + throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null); + + } + //serialize the Assertion for Database storage byte[] data = SerializationUtils.serialize((Serializable) value); element.setAssertion(data); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java index 666511425..b5d816eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -29,12 +29,12 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java index 48283d2b6..493f24ee8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.storage; import java.util.Date; +import java.util.List; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -45,7 +46,8 @@ public interface ITransactionStorage { * Store a data object with a key to transaction storage * * @param key Id which identifiers the data object - * @param value Data object which should be stored + * @param value Data object which should be stored. + * This data must implement the <code>java.io.Serializable</code> interface * @throws MOADatabaseException In case of store operation failed */ public void put(String key, Object value) throws MOADatabaseException; @@ -53,6 +55,15 @@ public interface ITransactionStorage { /** * Get a data object from transaction storage * + * @param key key Id which identifiers the data object + * @return The transaction-data object, or null + * @throws MOADatabaseException In case of load operation failed + */ + public Object get(String key) throws MOADatabaseException; + + /** + * Get a data object from transaction storage + * * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key * @return The transaction-data object from type class, or null @@ -91,11 +102,12 @@ public interface ITransactionStorage { public void remove(String key); /** - * Clean-up the transaction storage + * Get all entries for Clean-up the transaction storage * * @param now Current time * @param dataTimeOut Data-object timeout in [ms] + * @return List of entry-keys which as a timeout */ - public void clean(Date now, long dataTimeOut); + public List<String> clean(Date now, long dataTimeOut); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java deleted file mode 100644 index fff5fac96..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ /dev/null @@ -1,258 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - -import java.io.BufferedWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintWriter; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.util.Hashtable; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.components.net.BooleanHolder; -import org.apache.axis.components.net.DefaultSocketFactory; -import org.apache.axis.components.net.SocketFactory; -import org.apache.axis.components.net.TransportClientProperties; -import org.apache.axis.components.net.TransportClientPropertiesFactory; -import org.apache.axis.utils.Messages; -import org.apache.axis.utils.XMLUtils; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * Secure socket factory for Axis webs service clients of the MOA-ID component, - * which are the MOA-SP calls from MOA-ID Auth, - * and the MOA-ID Auth calls from MOA-ID Proxy. - * <br/>Use this initialization code:<br/> - * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider - * AxisSecureSocketFactory.initialize(connParam);</code> - * <br/>See the Apache Axis documentation on how to configure this class - * as the default secure socket factory to be used by Axis. - * <br/> - * This code has been copied from <code>JSSESocketFactory</code>, the - * method <code>initialize()</code> has been added. - * - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AxisSecureSocketFactory - extends DefaultSocketFactory implements SocketFactory { - - /** Field sslFactory */ - private static SSLSocketFactory sslFactory; - - /** - * Constructor for AxisSecureSocketFactory. - * @param attributes ??? - */ - public AxisSecureSocketFactory(Hashtable attributes) { - super(attributes); - } - /** - * Initializes the factory by setting the connection parameters to be used for - * setting the secure socket factory, and by setting the system property - * <code>axis.socketSecureFactory</code>. - * @param ssf <code>SSLSocketFactory</code> to initialize with - */ - public static void initialize(SSLSocketFactory ssf) - throws IOException, GeneralSecurityException { - - Logger.debug("Initialize AxisSecureSocketFactory"); - sslFactory = ssf; - } - - /** - * creates a secure socket - * - * @param host - * @param port - * @param otherHeaders - * @param useFullURL - * - * @return Socket - * @throws Exception - */ - public Socket create( - String host, - int port, - StringBuffer otherHeaders, - BooleanHolder useFullURL) - throws Exception { - if (port == -1) { - port = 443; - } - - TransportClientProperties tcp = - TransportClientPropertiesFactory.create("https"); - - boolean hostInNonProxyList = - isHostInNonProxyList(host, tcp.getNonProxyHosts()); - - Socket sslSocket = null; - if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { - // direct SSL connection - sslSocket = sslFactory.createSocket(host, port); - } - else { - - // Default proxy port is 80, even for https - int tunnelPort = - (tcp.getProxyPort().length() != 0) - ? Integer.parseInt(tcp.getProxyPort()) - : 80; - if (tunnelPort < 0) - tunnelPort = 80; - - // Create the regular socket connection to the proxy - Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); - - // The tunnel handshake method (condensed and made reflexive) - OutputStream tunnelOutputStream = tunnel.getOutputStream(); - PrintWriter out = - new PrintWriter( - new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); - - // More secure version... engage later? - // PasswordAuthentication pa = - // Authenticator.requestPasswordAuthentication( - // InetAddress.getByName(tunnelHost), - // tunnelPort, "SOCK", "Proxy","HTTP"); - // if(pa == null){ - // printDebug("No Authenticator set."); - // }else{ - // printDebug("Using Authenticator."); - // tunnelUser = pa.getUserName(); - // tunnelPassword = new String(pa.getPassword()); - // } - out.print( - "CONNECT " - + host - + ":" - + port - + " HTTP/1.0\r\n" - + "User-Agent: AxisClient"); - if (tcp.getProxyUser().length() != 0 - && tcp.getProxyPassword().length() != 0) { - - // add basic authentication header for the proxy - String encodedPassword = - XMLUtils.base64encode( - (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); - - out.print("\nProxy-Authorization: Basic " + encodedPassword); - } - out.print("\nContent-Length: 0"); - out.print("\nPragma: no-cache"); - out.print("\r\n\r\n"); - out.flush(); - InputStream tunnelInputStream = tunnel.getInputStream(); - - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "isNull00", - "tunnelInputStream", - "" + (tunnelInputStream == null))); - } - String replyStr = ""; - - // Make sure to read all the response from the proxy to prevent SSL negotiation failure - // Response message terminated by two sequential newlines - int newlinesSeen = 0; - boolean headerDone = false; /* Done on first newline */ - - while (newlinesSeen < 2) { - int i = tunnelInputStream.read(); - - if (i < 0) { - throw new IOException("Unexpected EOF from proxy"); - } - if (i == '\n') { - headerDone = true; - ++newlinesSeen; - } - else if (i != '\r') { - newlinesSeen = 0; - if (!headerDone) { - replyStr += String.valueOf((char) i); - } - } - } - if (!replyStr.startsWith("HTTP/1.0 200") - && !replyStr.startsWith("HTTP/1.1 200")) { - throw new IOException( - Messages.getMessage( - "cantTunnel00", - new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); - } - - // End of condensed reflective tunnel handshake method - sslSocket = sslFactory.createSocket(tunnel, host, port, true); - if (log.isDebugEnabled()) { - log.debug( - Messages.getMessage( - "setupTunnel00", - tcp.getProxyHost(), - "" + tunnelPort)); - } - } - - ((SSLSocket) sslSocket).startHandshake(); - if (log.isDebugEnabled()) { - log.debug(Messages.getMessage("createdSSL00")); - } - return sslSocket; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java index 8bd682421..655675f00 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java @@ -26,7 +26,7 @@ import java.util.Locale; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.util.Messages; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java deleted file mode 100644 index 9a1237b80..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java +++ /dev/null @@ -1,136 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.util; - -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import at.gv.egovernment.moa.util.MiscUtil; - -public class FormBuildUtils { - - private static Map<String, String> defaultmap = null; - - public static String MAIN_BACKGROUNDCOLOR = "#MAIN_BACKGOUNDCOLOR#"; - public static String MAIN_COLOR = "#MAIN_COLOR#"; - public static String HEADER_BACKGROUNDCOLOR = "#HEADER_BACKGROUNDCOLOR#"; - public static String HEADER_COLOR = "#HEADER_COLOR#"; - public static String BUTTON_BACKGROUNDCOLOR = "#BUTTON_BACKGROUNDCOLOR#"; - public static String BUTTON_BACKGROUNDCOLOR_FOCUS = "#BUTTON_BACKGROUNDCOLOR_FOCUS#"; - public static String BUTTON_COLOR = "#BUTTON_COLOR#"; - public static String FONTFAMILY = "#FONTTYPE#"; - public static String HEADER_TEXT = "#HEADER_TEXT#"; - public static String REDIRECTTARGET = "#REDIRECTTARGET#"; - public static String APPLET_HEIGHT = "#APPLETHEIGHT#"; - public static String APPLET_WIDTH = "#APPLETWIDTH#"; - - private static String MANDATEVISIBLE = "#MANDATEVISIBLE#"; - private static String MANDATECHECKED = "#MANDATECHECKED#"; - - private static String STORKVISIBLE = "#STORKVISIBLE#"; - - private static final String TEMPLATEVISIBLE = " display: none"; - private static final String TEMPLATEDISABLED = "disabled=\"true\""; - private static final String TEMPLATECHECKED = "checked=\"true\""; - private static final String TEMPLATE_ARIACHECKED = "aria-checked="; - - - static { - if (defaultmap == null) { - defaultmap = new HashMap<String, String>(); - defaultmap.put(MAIN_BACKGROUNDCOLOR, "#F7F8F7"); - defaultmap.put(MAIN_COLOR, "#000000"); - - defaultmap.put(HEADER_BACKGROUNDCOLOR, "#C3D2E2"); - defaultmap.put(HEADER_COLOR, "#000000"); - defaultmap.put(HEADER_TEXT, "Login"); - - defaultmap.put(BUTTON_BACKGROUNDCOLOR, "#EBEBEB"); - defaultmap.put(BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB"); - defaultmap.put(BUTTON_COLOR, "#000000"); - - defaultmap.put(FONTFAMILY, "Verdana,Geneva,Arial,sans-serif"); - - defaultmap.put(REDIRECTTARGET, "_top"); - } - } - - - public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox, - boolean isOnlyMandateAllowed, - Map<String, String> map, boolean showStorkLogin) { - - if (isShowMandateCheckbox) - value = value.replace(MANDATEVISIBLE, ""); - else - value = value.replace(MANDATEVISIBLE, TEMPLATEVISIBLE); - - if (isOnlyMandateAllowed) { - value = value.replace(MANDATECHECKED, TEMPLATECHECKED + " " + - TEMPLATEDISABLED + " " + - TEMPLATE_ARIACHECKED + "\"true\""); - - } else - value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); - - if (showStorkLogin) - value = value.replace(STORKVISIBLE, ""); - else - value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE); - - String fonttype = map.get(FONTFAMILY); - if (MiscUtil.isNotEmpty(fonttype)) { - String[] fonttypeList = fonttype.split(","); - String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\""; - - for (int i=1; i<fonttypeList.length; i++) { - fonttypeformated += ",\"" + fonttypeList[i].trim().replace("\"", "") + "\""; - } - - map.put(FONTFAMILY, fonttypeformated); - } - - Set<String> elements = map.keySet(); - for (String element: elements) { - value = value.replace(element, map.get(element)); - } - - return value; - } - - public static Map<String, String> getDefaultMap() { - return defaultmap; - } - - /** - * @param value - * @return - */ - public static String defaultLayoutBKUSelection(String value) { - return customiceLayoutBKUSelection(value, false, false, getDefaultMap(), false); - - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index d2499af9d..4cb6af127 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -173,6 +173,17 @@ public class HTTPUtils { } + /** + * Extract the IDP requested URL from authrequest + * + * @param req HttpServletRequest + * @return RequestURL <String> which ends always without / + */ + public static String extractAuthServletPathFromRequest(HttpServletRequest req) { + return extractAuthURLFromRequest(req).concat(req.getServletPath()); + + } + public static String addURLParameter(String url, String paramname, String paramvalue) { String param = paramname + "=" + paramvalue; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index 0b517e783..81041260c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -35,8 +35,8 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java deleted file mode 100644 index b7a866370..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - -import java.util.Locale; - -import at.gv.egovernment.moa.util.Messages; - -/** - * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDMessageProvider { - - /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ - private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/id_messages" }; - /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ - private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; - /** The instance for our singleton */ - private static MOAIDMessageProvider instance; - /** The Messages */ - private Messages messages; - - /** - * Returns the single instance of <code>MOAIDMessageProvider</code>. - * - * @return the single instance of <code>MOAIDMessageProvider</code> - */ - public static MOAIDMessageProvider getInstance() { - if (instance == null) - instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - return instance; - } - - /** - * Create a <code>MOAIDMessageProvider</code>. - * - * @param resourceNames The names of the resources containing the messages. - * @param locales The corresponding locales. - */ - protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { - this.messages = new Messages(resourceNames, locales); - } - - /** - * Get the message corresponding to a given message ID. - * - * @param messageId The ID of the message. - * @param parameters The parameters to fill in into the message arguments. - * @return The formatted message. - */ - public String getMessage(String messageId, Object[] parameters) { - return messages.getMessage(messageId, parameters); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 47010a735..885d03fd8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -46,34 +46,44 @@ package at.gv.egovernment.moa.id.util;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils extends MOAIDAuthConstants{
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Checks if the given target is valid
* @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false;
Logger.debug("Ueberpruefe Parameter XMLDocument");
- try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder builder = factory.newDocumentBuilder();
- InputSource is = new InputSource(new StringReader(document));
- builder.parse(is);
+ try {
+ DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+
+// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// InputSource is = new InputSource(new StringReader(document));
+// builder.parse(is);
Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
return true;
@@ -527,9 +539,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false;
}
- if (StringUtils.isEmpty(oaURL)
- //|| StringUtils.isEmpty(templateURL)
- || StringUtils.isEmpty(bkuURL) )
+ if (StringUtils.isEmpty(bkuURL))
return false;
else
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 47f784c33..ba45a3679 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -99,8 +99,12 @@ public class Random { char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)]; //generate ID - return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits - + String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits + if (returnValue.length() > 40) + return returnValue.substring(0, 40); + else + return returnValue; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index d3fba8854..891d01e09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -62,11 +62,11 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import iaik.pki.PKIException; import iaik.security.provider.IAIK; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java deleted file mode 100644 index 269e21d4f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.util; - -import org.apache.velocity.app.Velocity; -import org.apache.velocity.runtime.RuntimeServices; -import org.apache.velocity.runtime.log.LogChute; - -import at.gv.egovernment.moa.logging.Logger; - -public class VelocityLogAdapter implements LogChute { - - public VelocityLogAdapter() { - try - { - /* - * register this class as a logger with the Velocity singleton - * (NOTE: this would not work for the non-singleton method.) - */ - Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); - Velocity.init(); - } - catch (Exception e) - { - Logger.error("Failed to register Velocity logger"); - } - } - - public void init(RuntimeServices arg0) throws Exception { - } - - public boolean isLevelEnabled(int arg0) { - switch(arg0) { - case LogChute.DEBUG_ID: - return Logger.isDebugEnabled(); - case LogChute.TRACE_ID: - return Logger.isTraceEnabled(); - default: - return true; - } - } - - public void log(int arg0, String arg1) { - switch(arg0) { - case LogChute.DEBUG_ID: - Logger.debug(arg1); - break; - case LogChute.TRACE_ID: - Logger.trace(arg1); - break; - case LogChute.INFO_ID: - Logger.info(arg1); - break; - case LogChute.WARN_ID: - Logger.warn(arg1); - break; - case LogChute.ERROR_ID: - default: - Logger.error(arg1); - break; - } - } - - public void log(int arg0, String arg1, Throwable arg2) { - switch(arg0) { - case LogChute.DEBUG_ID: - case LogChute.TRACE_ID: - case LogChute.INFO_ID: - case LogChute.WARN_ID: - Logger.warn(arg1, arg2); - break; - case LogChute.ERROR_ID: - default: - Logger.error(arg1, arg2); - break; - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java deleted file mode 100644 index 231f36fa8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java +++ /dev/null @@ -1,112 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.util;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- *
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
- /**
- * Gets velocityEngine from Classpath
- * @return VelocityEngine
- * @throws Exception
- */
- public static VelocityEngine getClassPathVelocityEngine() throws Exception {
- VelocityEngine velocityEngine = getBaseVelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- velocityEngine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-
- velocityEngine.init();
-
- return velocityEngine;
- }
-
- /**
- * Gets VelocityEngine from File
- * @param rootPath File Path to template file
- * @return VelocityEngine
- * @throws Exception
- */
- public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
- VelocityEngine velocityEngine = getBaseVelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
- velocityEngine.setProperty("file.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
- velocityEngine.setProperty("file.resource.loader.path", rootPath);
-
- velocityEngine.init();
-
- return velocityEngine;
- }
-
- /**
- * Gets a basic VelocityEngine
- * @return VelocityEngine
- */
- private static VelocityEngine getBaseVelocityEngine() {
- VelocityEngine velocityEngine = new VelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
- "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-
- return velocityEngine;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java index dd4e67bcd..48e1460f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java @@ -26,8 +26,8 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class LegacyHelper extends MOAIDAuthConstants{ |