aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-08-09 11:01:40 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-08-09 11:01:40 +0200
commit45e170310a012dca93d5e5d4dc0b54e6b0808e95 (patch)
tree9bea65102edd41a0c9d87700bd89fdd67616dd86 /id/server/idserverlib/src/main/java/at
parent085e28a515520656a281634297d399d550eb3898 (diff)
downloadmoa-id-spss-45e170310a012dca93d5e5d4dc0b54e6b0808e95.tar.gz
moa-id-spss-45e170310a012dca93d5e5d4dc0b54e6b0808e95.tar.bz2
moa-id-spss-45e170310a012dca93d5e5d4dc0b54e6b0808e95.zip
BugFixes:
>>PVP2 Metadata: - Load OA only if Authentication is required - Load Metadata enityID from Database >>LegacyConfigParser - Solve problems if no OnlineMandate or STORK config is included - try to load DefaultBKUURLs from TrustedBKUs - if old MOA-ID 2.x config exists, use this DefaultBKUs to import OnlineApplications >> ConfigurationTool - change LayOut
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java127
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java2
4 files changed, 165 insertions, 105 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index da3a79d32..f4cdeddb7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -323,7 +323,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
String legacyconfig = props.getProperty("configuration.xml.legacy");
String xmlconfig = props.getProperty("configuration.xml");
- String xmlconfigout = props.getProperty("configuration.xml.out");
+// String xmlconfigout = props.getProperty("configuration.xml.out");
//check if XML config should be used
@@ -344,8 +344,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
if (MiscUtil.isNotEmpty(legacyconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
- MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir);
+ MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
+
+ List<OnlineApplication> oas = moaconfig.getOnlineApplication();
+ for (OnlineApplication oa : oas)
+ ConfigurationDBUtils.save(oa);
+
+ moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.save(moaconfig);
+
Logger.info("Legacy Configuration load is completed.");
@@ -361,6 +368,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
File file = new File(xmlconfig);
MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
//ConfigurationDBUtils.save(moaconfig);
+
+ List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
+ for (OnlineApplication importoa : importoas) {
+ ConfigurationDBUtils.saveOrUpdate(importoa);
+ }
+
+ moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.saveOrUpdate(moaconfig);
} catch (Exception e) {
@@ -375,16 +389,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.info("MOA-ID 2.0 is loaded.");
- //TODO: only for Testing!!!
- if (MiscUtil.isNotEmpty(xmlconfigout)) {
- Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
- JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
- Marshaller m = jc.createMarshaller();
- m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
- File test = new File(xmlconfigout);
- m.marshal(moaidconfig, test);
-
- }
+// //TODO: only for Testing!!!
+// if (MiscUtil.isNotEmpty(xmlconfigout)) {
+// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
+// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+// Marshaller m = jc.createMarshaller();
+// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+// File test = new File(xmlconfigout);
+// m.marshal(moaidconfig, test);
+//
+// }
//build STORK Config
AuthComponentGeneral auth = getAuthComponentGeneral();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 762669a70..c807fdc7d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -17,6 +17,7 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import org.bouncycastle.crypto.macs.OldHMac;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.XMLObject;
import org.w3c.dom.Element;
@@ -77,12 +78,17 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class BuildFromLegacyConfig {
private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/";
+ private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at";
+ private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request";
- public static MOAIDConfiguration build(File fileName, String rootConfigFileDir) throws ConfigurationException {
+ public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException {
InputStream stream = null;
Element configElem;
ConfigurationBuilder builder;
@@ -109,6 +115,10 @@ public class BuildFromLegacyConfig {
}
try {
+ String oldbkuonline = "";
+ String oldbkulocal = "";
+ String oldbkuhandy = "";
+
// build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
@@ -309,24 +319,31 @@ public class BuildFromLegacyConfig {
}
auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
+
//set SAMLSigningParameter
- SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
- auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
-
- SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
- auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
- KeyStore stork_saml_creat_keystore = new KeyStore();
- stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
- stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
- stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
- KeyName stork_saml_creat_keyname = new KeyName();
- stork_saml_creat.setKeyName(stork_saml_creat_keyname);
- stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
- stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
-
- SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
- auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
- stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+ if (storkConfig.getSignatureCreationParameter() != null &&
+ storkConfig.getSignatureVerificationParameter() != null) {
+ SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
+ auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
+
+ SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
+ auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
+ KeyStore stork_saml_creat_keystore = new KeyStore();
+ stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
+ stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
+ stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
+ KeyName stork_saml_creat_keyname = new KeyName();
+ stork_saml_creat.setKeyName(stork_saml_creat_keyname);
+ stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
+ stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
+
+
+
+ SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
+ auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
+ stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+
+ }
//TODO: check correctness
//set QualityAuthenticationAssurance
@@ -335,20 +352,44 @@ public class BuildFromLegacyConfig {
//set OnlineMandates config
ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
- OnlineMandates auth_mandates = new OnlineMandates();
- generalAuth.setOnlineMandates(auth_mandates);
- auth_mandates.setConnectionParameter(
+ if (onlineMandatesConnectionParameter != null) {
+ OnlineMandates auth_mandates = new OnlineMandates();
+ generalAuth.setOnlineMandates(auth_mandates);
+ auth_mandates.setConnectionParameter(
parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
+ }
//TODO: add auth template configuration!!!
+
+ if (oldconfig != null) {
+ if (oldconfig.getDefaultBKUs() != null) {
+ oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU();
+ oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU();
+ oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU();
+ }
+ } else {
+ List<String> trustbkus = builder.getTrustedBKUs();
+ for (String trustbku : trustbkus) {
+ if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE))
+ oldbkuonline = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY))
+ oldbkuhandy = trustbku;
+
+ if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL))
+ oldbkulocal = trustbku;
+ }
+
+ }
+
//set OnlineApplications
OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
- // ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
-// moaIDConfig.setOnlineApplication(moa_oas);
+ ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+ moaIDConfig.setOnlineApplication(moa_oas);
for (OAAuthParameter oa : onlineApplicationAuthParameters) {
OnlineApplication moa_oa = new OnlineApplication();
@@ -375,9 +416,9 @@ public class BuildFromLegacyConfig {
//BKUURLs
BKUURLS bkuurls = new BKUURLS();
- bkuurls.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
- bkuurls.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
- bkuurls.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+ bkuurls.setOnlineBKU(oldbkuonline);
+ bkuurls.setHandyBKU(oldbkuhandy);
+ bkuurls.setLocalBKU(oldbkulocal);
oa_auth.setBKUURLS(bkuurls);
//IdentificationNumber
@@ -451,8 +492,8 @@ public class BuildFromLegacyConfig {
// oa_pvp2.setCertificate(null);
// }
- //moa_oas.add(moa_oa);
- ConfigurationDBUtils.save(moa_oa);
+ moa_oas.add(moa_oa);
+ //ConfigurationDBUtils.save(moa_oa);
}
//removed from MOAID 2.0 config
@@ -498,9 +539,9 @@ public class BuildFromLegacyConfig {
//set DefaultBKUs
DefaultBKUs moa_defaultbkus = new DefaultBKUs();
moaIDConfig.setDefaultBKUs(moa_defaultbkus);
- moa_defaultbkus.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
- moa_defaultbkus.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
- moa_defaultbkus.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+ moa_defaultbkus.setOnlineBKU(oldbkuonline);
+ moa_defaultbkus.setHandyBKU(oldbkuhandy);
+ moa_defaultbkus.setLocalBKU(oldbkulocal);
//set SLRequest Templates
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 2a28bcd15..604077844 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -315,27 +315,21 @@ public class DispatcherServlet extends AuthServlet{
}
}
-
-
-
- //load Parameters from OnlineApplicationConfiguration
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(protocolRequest.getOAURL());
-
- if (oaParam == null) {
- throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
- }
RequestStorage.setPendingRequest(httpSession, protocolRequests);
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
-
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
SSOManager ssomanager = SSOManager.getInstance();
+ String moasessionID = null;
+ AuthenticationSession moasession = null;
+
//get SSO Cookie for Request
String ssoId = ssomanager.getSSOSessionID(req);
-
- if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
+
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+
+ if (needAuthentication) {
//check SSO session
if (ssoId != null) {
@@ -349,6 +343,15 @@ public class DispatcherServlet extends AuthServlet{
ssomanager.deleteSSOSessionID(req, resp);
}
}
+
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(protocolRequest.getOAURL());
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+ }
+
isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
useSSOOA = oaParam.useSSO();
@@ -387,72 +390,74 @@ public class DispatcherServlet extends AuthServlet{
return;
}
}
-
- }
-
- String moasessionID = null;
- AuthenticationSession moasession = null;
-
- if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
- {
-
- //TODO SSO Question!!!!
- if (useSSOOA && isValidSSOSession) {
- moasessionID = ssomanager.getMOASession(ssoId);
- moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
+ {
+
+ //TODO SSO Question!!!!
+ if (useSSOOA && isValidSSOSession) {
- //use new OAParameter
- if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
- authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
- return;
- }
- }
- else {
+ moasessionID = ssomanager.getMOASession(ssoId);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ //use new OAParameter
+ if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+ authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+ return;
+ }
+ }
+ else {
+
+ //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+
+// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
- //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+ //save SSO session usage in Database
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+
+ } else {
// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
+// AuthenticationManager.MOA_SESSION, null);
+
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
}
+
- //save SSO session usage in Database
- String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
-
- if (newSSOSessionId != null) {
- ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
-
- } else {
- ssomanager.deleteSSOSessionID(req, resp);
- }
-
- } else {
-// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
-
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
- moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
}
-
+
moduleAction.processRequest(protocolRequest, req, resp, moasession);
RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
- boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+ if (needAuthentication) {
+ boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
- if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
+ if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
&& !moasession.getUseMandate())
- {
+ {
- } else {
- authmanager.logout(req, resp, moasessionID);
- }
+ } else {
+ authmanager.logout(req, resp, moasessionID);
+ }
//authmanager.logout(req, resp);
+ }
} catch (Throwable e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 9fc213a48..3d0fd80bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -63,7 +63,7 @@ public class MetadataAction implements IAction {
idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
idpEntityDescriptor
- .setEntityID("https://localhost:8443/moa-id-auth");
+ .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
List<ContactPerson> persons = PVPConfiguration.getInstance()
.getIDPContacts();