diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-18 12:01:21 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-18 12:01:21 +0200 |
commit | 49acb697426d3c313ad047449ea62ac1bf3f4fd0 (patch) | |
tree | 0e25cdfdb8b4b714655b6a16e5dd73bd81fcbea9 /id/server/idserverlib/src/main/java/at | |
parent | 5c345b6a0cd34a8c853aa274b081e70589b44da3 (diff) | |
download | moa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.tar.gz moa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.tar.bz2 moa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.zip |
MOA-ID 2.x Configuration implemented
-SSO deaktivated
-Login with mandate and normal tested
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
66 files changed, 5093 insertions, 3262 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f7c0ff812..214a1df7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -160,12 +160,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * time out in milliseconds used by {@link cleanup} for session store */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of <code>AuthenticationServer</code>. @@ -185,140 +186,144 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } - /** - * Processes request to select a BKU. <br/> - * Processing depends on value of - * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> - * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> - * for the "BKU Auswahl" service is returned. <br/> - * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection is returned. - * - * @param authURL - * base URL of MOA-ID Auth component - * @param target - * "Geschäftsbereich" - * @param oaURL - * online application URL requested - * @param bkuSelectionTemplateURL - * template for BKU selection form to be used in case of - * <code>HTMLSelect</code>; may be null - * @param templateURL - * URL providing an HTML template for the HTML form to be used - * for call <code>startAuthentication</code> - * @return for <code>bkuSelectionType==HTMLComplete</code>, the - * <code>returnURI</code> for the "BKU Auswahl" service; for - * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection - * @throws WrongParametersException - * upon missing parameters - * @throws AuthenticationException - * when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException - * on missing configuration data - * @throws BuildException - * while building the HTML form - */ - public String selectBKU(String authURL, String target, String oaURL, - String bkuSelectionTemplateURL, String templateURL) - throws WrongParametersException, AuthenticationException, - ConfigurationException, BuildException { - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.05"); - - ConnectionParameter bkuConnParam = AuthConfigurationProvider - .getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException("config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (!isEmpty(target)) { - Logger - .info("Ignoring target parameter thus application type is \"businessService\""); - } - target = null; - } - - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - String returnURL = new DataURLBuilder().buildDataURL(authURL, - REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance() - .getBKUSelectionType(); - if (bkuSelectionType - .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" - + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider - .getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException("auth.11", new Object[] { - bkuConnParam.getUrl(), ex.toString() }, ex); - } - String bkuSelectionTemplate = null; - // override template url by url from configuration file - if (oaParam.getBkuSelectionTemplateURL() != null) { - bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); - } - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils - .readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - bkuSelectionTemplateURL, ex.toString() }, ex); - } - } - String htmlForm = new SelectBKUFormBuilder().build( - bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } +// /** +// * Processes request to select a BKU. <br/> +// * Processing depends on value of +// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> +// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> +// * for the "BKU Auswahl" service is returned. <br/> +// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection is returned. +// * +// * @param authURL +// * base URL of MOA-ID Auth component +// * @param target +// * "Geschäftsbereich" +// * @param oaURL +// * online application URL requested +// * @param bkuSelectionTemplateURL +// * template for BKU selection form to be used in case of +// * <code>HTMLSelect</code>; may be null +// * @param templateURL +// * URL providing an HTML template for the HTML form to be used +// * for call <code>startAuthentication</code> +// * @return for <code>bkuSelectionType==HTMLComplete</code>, the +// * <code>returnURI</code> for the "BKU Auswahl" service; for +// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection +// * @throws WrongParametersException +// * upon missing parameters +// * @throws AuthenticationException +// * when the configured BKU selection service cannot be reached, +// * and when the given bkuSelectionTemplateURL cannot be reached +// * @throws ConfigurationException +// * on missing configuration data +// * @throws BuildException +// * while building the HTML form +// */ +// public String selectBKU(String authURL, String target, String oaURL, +// String bkuSelectionTemplateURL, String templateURL) +// throws WrongParametersException, AuthenticationException, +// ConfigurationException, BuildException { +// +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr))) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// if (isEmpty(authURL)) +// throw new WrongParametersException("StartAuthentication", +// "AuthURL", "auth.05"); +// if (isEmpty(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.05"); +// +// ConnectionParameter bkuConnParam = AuthConfigurationProvider +// .getInstance().getBKUConnectionParameter(); +// if (bkuConnParam == null) +// throw new ConfigurationException("config.08", +// new Object[] { "BKUSelection/ConnectionParameter" }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// if (!oaParam.getBusinessService()) { +// if (isEmpty(target)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_TARGET, "auth.05"); +// } else { +// if (!isEmpty(target)) { +// Logger +// .info("Ignoring target parameter thus application type is \"businessService\""); +// } +// target = null; +// } +// +// AuthenticationSession session = newSession(); +// Logger.info("MOASession " + session.getSessionID() + " angelegt"); +// session.setTarget(target); +// session.setOAURLRequested(oaURL); +// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +// session.setAuthURL(authURL); +// session.setTemplateURL(templateURL); +// session.setBusinessService(oaParam.getBusinessService()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// String returnURL = new DataURLBuilder().buildDataURL(authURL, +// REQ_START_AUTHENTICATION, session.getSessionID()); +// String bkuSelectionType = AuthConfigurationProvider.getInstance() +// .getBKUSelectionType(); +// if (bkuSelectionType +// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = bkuConnParam.getUrl() + "?" +// + AuthServlet.PARAM_RETURN + "=" + returnURL; +// return redirectURL; +// } else { +// // bkuSelectionType==HTMLSelect +// String bkuSelectTag; +// try { +// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider +// .getInstance(), bkuConnParam); +// } catch (Throwable ex) { +// throw new AuthenticationException("auth.11", new Object[] { +// bkuConnParam.getUrl(), ex.toString() }, ex); +// } +// String bkuSelectionTemplate = null; +// +// //removed in MOAID 2.0 +// // override template url by url from configuration file +//// if (oaParam.getBkuSelectionTemplateURL() != null) { +//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); +//// } +// +//// if (bkuSelectionTemplateURL != null) { +//// try { +//// bkuSelectionTemplate = new String(FileUtils +//// .readURL(bkuSelectionTemplateURL)); +//// } catch (IOException ex) { +//// throw new AuthenticationException("auth.03", new Object[] { +//// bkuSelectionTemplateURL, ex.toString() }, ex); +//// } +//// } +// +// String htmlForm = new SelectBKUFormBuilder().build( +// bkuSelectionTemplate, returnURL, bkuSelectTag); +// return htmlForm; +// } +// } /** * Method readBKUSelectTag. @@ -416,24 +421,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); + //removed in MOAID 2.0 String pushInfobox = ""; - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); - if (verifyInfoboxParameters != null) { - pushInfobox = verifyInfoboxParameters.getPushInfobox(); - session.setPushInfobox(pushInfobox); - } +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// if (verifyInfoboxParameters != null) { +// pushInfobox = verifyInfoboxParameters.getPushInfobox(); +// session.setPushInfobox(pushInfobox); +// } //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.getSlVersion12()); + .build(oaParam.isSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); @@ -575,8 +581,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam - .getProvideStammzahl()); + + //TODO: check correctness +// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam +// .getProvideStammzahl()); + verifyInfoboxes(session, infoboxReadResponseParameters, false); //TODO: make it better!! @@ -665,13 +674,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -680,6 +682,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -693,30 +699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - - if (oaParam.getProvideFullMandatorData()) { - try { - // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam - .getBusinessService(), oaParam.getProvideStammzahl()); - - //AuthenticationSessionStoreage.storeSession(session); - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - } - + } /** @@ -766,14 +749,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List<String> transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); return createXMLSignatureRequest; } @@ -831,14 +814,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List<String> transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); System.out.println("XML: " + createXMLSignatureRequest); @@ -1156,18 +1139,26 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getInstance(); // get the default VerifyInfobox parameters Map defaultInfoboxParameters = null; - VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider - .getDefaultVerifyInfoboxParameters(); - if (defaultVerifyInfoboxParameters != null) { - defaultInfoboxParameters = defaultVerifyInfoboxParameters - .getInfoboxParameters(); - } + + //removed in MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider +// .getDefaultVerifyInfoboxParameters(); +// if (defaultVerifyInfoboxParameters != null) { +// defaultInfoboxParameters = defaultVerifyInfoboxParameters +// .getInfoboxParameters(); +// } + // get the OA specific VerifyInfobox parameters Map infoboxParameters = null; OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); + + //TODO: check correctness!!!! + //removed in MOAID 2.0 +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// VerifyInfoboxParameters verifyInfoboxParameters = null; + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML // Attributes session.setExtendedSAMLAttributesOA(new Vector()); @@ -1175,191 +1166,191 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); - if (verifyInfoboxParameters != null) { - - infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); - // get the list of infobox identifiers - List identifiers = verifyInfoboxParameters.getIdentifiers(); - if (identifiers != null) { - // step through the identifiers and verify the infoboxes - Iterator it = identifiers.iterator(); - while (it.hasNext()) { - String identifier = (String) it.next(); - // get the infobox read response from the map of parameters - String infoboxReadResponse = (String) infoboxReadResponseParams - .get(identifier); - // get the configuration parameters - VerifyInfoboxParameter verifyInfoboxParameter = null; - Object object = infoboxParameters.get(identifier); - // if not present, use default - if ((object == null) && (defaultInfoboxParameters != null)) { - object = defaultInfoboxParameters.get(identifier); - } - if (object != null) { - verifyInfoboxParameter = (VerifyInfoboxParameter) object; - } - if (infoboxReadResponse != null) { - if (verifyInfoboxParameter == null) { - // should not happen because of the pushinfobox - // mechanism; check it anyway - Logger.error("No validator for verifying \"" - + identifier + "\"-infobox configured."); - throw new ValidateException("validator.41", - new Object[] { identifier }); - } else { - String friendlyName = verifyInfoboxParameter - .getFriendlyName(); - boolean isParepRequest = false; - - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = ExtendedInfoboxReadResponseParser - .parseInfoboxReadResponse( - infoboxReadResponse, - friendlyName); - } catch (ParseException e) { - Logger - .error("InfoboxReadResponse for \"" - + identifier - + "\"-infobox could not be parsed successfully: " - + e.getMessage()); - throw new ValidateException("validator.43", - new Object[] { friendlyName }); - } - // set compatibility mode for mandates infobox and - // all infoboxes (it is possible to be a parep - // infobox) - // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); - // check for party representation in mandates - // infobox - if (Constants.INFOBOXIDENTIFIER_MANDATES - .equalsIgnoreCase(identifier) - && !((infoboxTokenList == null || infoboxTokenList - .size() == 0))) { - // We need app specific parameters - if (null == verifyInfoboxParameter - .getApplicationSpecificParams()) { - throw new ValidateException("validator.66", - new Object[] { friendlyName }); - } - Element mandate = ParepValidator - .extractPrimaryToken(infoboxTokenList); - // ParepUtils.serializeElement(mandate, - // System.out); - String mandateID = ParepUtils - .extractRepresentativeID(mandate); - if (!isEmpty(mandateID) - && ("*".equals(mandateID) || mandateID - .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { - isParepRequest = true; - } - if (!isParepRequest) { - // if mandates validator is disabled we must - // throw an error in this case - if (!ParepUtils - .isValidatorEnabled(verifyInfoboxParameter - .getApplicationSpecificParams())) { - throw new ValidateException( - "validator.60", - new Object[] { friendlyName }); - } - } - } - - // get the class for validating the infobox - InfoboxValidator infoboxValidator = null; - try { - Class validatorClass = null; - if (isParepRequest) { - // Mandates infobox in party representation - // mode - validatorClass = Class - .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); - } else { - validatorClass = Class - .forName(verifyInfoboxParameter - .getValidatorClassName()); - } - infoboxValidator = (InfoboxValidator) validatorClass - .newInstance(); - } catch (Exception e) { - Logger - .error("Could not load validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox: " - + e.getMessage()); - throw new ValidateException("validator.42", - new Object[] { friendlyName }); - } - Logger - .debug("Successfully loaded validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox."); - // build the parameters for validating the infobox - InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder - .buildInfoboxValidatorParams(session, - verifyInfoboxParameter, - infoboxTokenList, oaParam); - - // now validate the infobox - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxValidator - .validate(infoboxValidatorParams); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - - Logger.info(identifier - + " infobox successfully validated."); - // store the validator for post processing - session.addInfoboxValidator(identifier, - friendlyName, infoboxValidator); - - // get the SAML attributes to be appended to the - // AUTHBlock or to the final - // SAML Assertion - AddAdditionalSAMLAttributes(session, - infoboxValidationResult - .getExtendedSamlAttributes(), - identifier, friendlyName); - } - } else { - if ((verifyInfoboxParameter != null) - && (verifyInfoboxParameter.isRequired())) { - Logger - .info("Infobox \"" - + identifier - + "\" is required, but not returned from the BKU"); - throw new ValidateException("validator.48", - new Object[] { verifyInfoboxParameter - .getFriendlyName() }); - } - Logger.debug("Infobox \"" + identifier - + "\" not returned from BKU."); - } - } - } - } +// if (verifyInfoboxParameters != null) { +// +// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); +// // get the list of infobox identifiers +// List identifiers = verifyInfoboxParameters.getIdentifiers(); +// if (identifiers != null) { +// // step through the identifiers and verify the infoboxes +// Iterator it = identifiers.iterator(); +// while (it.hasNext()) { +// String identifier = (String) it.next(); +// // get the infobox read response from the map of parameters +// String infoboxReadResponse = (String) infoboxReadResponseParams +// .get(identifier); +// // get the configuration parameters +// VerifyInfoboxParameter verifyInfoboxParameter = null; +// Object object = infoboxParameters.get(identifier); +// // if not present, use default +// if ((object == null) && (defaultInfoboxParameters != null)) { +// object = defaultInfoboxParameters.get(identifier); +// } +// if (object != null) { +// verifyInfoboxParameter = (VerifyInfoboxParameter) object; +// } +// if (infoboxReadResponse != null) { +// if (verifyInfoboxParameter == null) { +// // should not happen because of the pushinfobox +// // mechanism; check it anyway +// Logger.error("No validator for verifying \"" +// + identifier + "\"-infobox configured."); +// throw new ValidateException("validator.41", +// new Object[] { identifier }); +// } else { +// String friendlyName = verifyInfoboxParameter +// .getFriendlyName(); +// boolean isParepRequest = false; +// +// // parse the infobox read reponse +// List infoboxTokenList = null; +// try { +// infoboxTokenList = ExtendedInfoboxReadResponseParser +// .parseInfoboxReadResponse( +// infoboxReadResponse, +// friendlyName); +// } catch (ParseException e) { +// Logger +// .error("InfoboxReadResponse for \"" +// + identifier +// + "\"-infobox could not be parsed successfully: " +// + e.getMessage()); +// throw new ValidateException("validator.43", +// new Object[] { friendlyName }); +// } +// // set compatibility mode for mandates infobox and +// // all infoboxes (it is possible to be a parep +// // infobox) +// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); +// // check for party representation in mandates +// // infobox +// if (Constants.INFOBOXIDENTIFIER_MANDATES +// .equalsIgnoreCase(identifier) +// && !((infoboxTokenList == null || infoboxTokenList +// .size() == 0))) { +// // We need app specific parameters +// if (null == verifyInfoboxParameter +// .getApplicationSpecificParams()) { +// throw new ValidateException("validator.66", +// new Object[] { friendlyName }); +// } +// Element mandate = ParepValidator +// .extractPrimaryToken(infoboxTokenList); +// // ParepUtils.serializeElement(mandate, +// // System.out); +// String mandateID = ParepUtils +// .extractRepresentativeID(mandate); +// if (!isEmpty(mandateID) +// && ("*".equals(mandateID) || mandateID +// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { +// isParepRequest = true; +// } +// if (!isParepRequest) { +// // if mandates validator is disabled we must +// // throw an error in this case +// if (!ParepUtils +// .isValidatorEnabled(verifyInfoboxParameter +// .getApplicationSpecificParams())) { +// throw new ValidateException( +// "validator.60", +// new Object[] { friendlyName }); +// } +// } +// } +// +// // get the class for validating the infobox +// InfoboxValidator infoboxValidator = null; +// try { +// Class validatorClass = null; +// if (isParepRequest) { +// // Mandates infobox in party representation +// // mode +// validatorClass = Class +// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); +// } else { +// validatorClass = Class +// .forName(verifyInfoboxParameter +// .getValidatorClassName()); +// } +// infoboxValidator = (InfoboxValidator) validatorClass +// .newInstance(); +// } catch (Exception e) { +// Logger +// .error("Could not load validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox: " +// + e.getMessage()); +// throw new ValidateException("validator.42", +// new Object[] { friendlyName }); +// } +// Logger +// .debug("Successfully loaded validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox."); +// // build the parameters for validating the infobox +// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder +// .buildInfoboxValidatorParams(session, +// verifyInfoboxParameter, +// infoboxTokenList, oaParam); +// +// // now validate the infobox +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxValidator +// .validate(infoboxValidatorParams); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// +// Logger.info(identifier +// + " infobox successfully validated."); +// // store the validator for post processing +// session.addInfoboxValidator(identifier, +// friendlyName, infoboxValidator); +// +// // get the SAML attributes to be appended to the +// // AUTHBlock or to the final +// // SAML Assertion +// AddAdditionalSAMLAttributes(session, +// infoboxValidationResult +// .getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } else { +// if ((verifyInfoboxParameter != null) +// && (verifyInfoboxParameter.isRequired())) { +// Logger +// .info("Infobox \"" +// + identifier +// + "\" is required, but not returned from the BKU"); +// throw new ValidateException("validator.48", +// new Object[] { verifyInfoboxParameter +// .getFriendlyName() }); +// } +// Logger.debug("Infobox \"" + identifier +// + "\" not returned from BKU."); +// } +// } +// } +// } } /** @@ -1378,18 +1369,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException * @throws SAXException */ - private void setExtendedSAMLAttributeForMandates( + private void validateExtendedSAMLAttributeForMandates( AuthenticationSession session, MISMandate mandate, - boolean business, boolean provideStammzahl) + boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes( - mandate, business, provideStammzahl); + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } } /** @@ -1421,56 +1417,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Intermediate processing of the infoboxes. The first pending infobox - * validator may validate the provided input - * - * @param session - * The current authentication session - * @param parameters - * The parameters got returned by the user input fields - */ - public static void processInput(AuthenticationSession session, - Map parameters) throws ValidateException { - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector - .get(1); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator - .validate(parameters); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } - } - } - } +// /** +// * Intermediate processing of the infoboxes. The first pending infobox +// * validator may validate the provided input +// * +// * @param session +// * The current authentication session +// * @param parameters +// * The parameters got returned by the user input fields +// */ +// public static void processInput(AuthenticationSession session, +// Map parameters) throws ValidateException { +// +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// if (iter != null) { +// while (iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector +// .get(1); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator +// .validate(parameters); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } +// } +// } /** * Adds given SAML Attributes to the current session. They will be appended @@ -1581,7 +1577,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { @@ -1733,7 +1729,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return doc.getDocumentElement(); } - private static void replaceExtendedSAMLAttribute(List attributes, + protected static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { if (null == attributes) { attributes = new Vector(); @@ -1813,7 +1809,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // validates <CreateXMLSignatureResponse> new CreateXMLSignatureResponseValidator().validate(csresp, session); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -1997,223 +1993,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(AuthenticationSession session, - Element mandate) throws AuthenticationException, BuildException, - ParseException, ConfigurationException, ServiceException, - ValidateException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - //AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - - IdentityLink tempIdentityLink = null; - - if (session.getUseMandate()) { - tempIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical - && session.getBusinessService() - && identificationType != null - && Constants.URN_PREFIX_BASEID - .equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the - // BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" - + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK( - identificationValue, session.getDomainIdentifier()); - ParepUtils - .HideStammZahlen(prPerson, true, null, null, true); - } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(session.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - - } - - } - - // builds authentication data and stores it together with a SAML - // artifact - - // TODO: Check, if this element is in use!!!! - //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, - // vsresp, - // replacementIdentityLink); - - - Element mandatePerson = tempIdentityLink.getPrPerson(); -// try { -// System.out.println("MANDATE: " + -// DOMUtils.serializeNode(mandatePerson)); -// } -// catch(Exception e) { -// e.printStackTrace(); -// } - String mandateData = null; - boolean useCondition = false; - int conditionLength = -1; - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - useCondition = oaParam.getUseCondition(); - conditionLength = oaParam.getConditionLength(); - - String oatargetType; - - if(session.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); - - } else { - oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); - } - - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - - if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); - } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); - } - } - - } else { - -// Element identificationBpK = mandatePerson.getOwnerDocument() -// .createElementNS(Constants.PD_NS_URI, "Identification"); -// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Value"); -// -// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// tempIdentityLink.getIdentificationValue())); -// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Type"); -// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// "urn:publicid:gv.at:cdid+bpk")); -// identificationBpK.appendChild(valueBpK); -// identificationBpK.appendChild(typeBpK); -// -// mandatePerson.insertBefore(identificationBpK, prIdentification); - } - - - mandateData = DOMUtils.serializeNode(mandatePerson); - - } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - //TODO: Check, if this element is in use!!! - //session.setAuthData(authData); - - session.setMandateData(mandateData); - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - return newMOASessionID; - - /* - String samlAssertion = new AuthenticationDataAssertionBuilder() - .buildMandate(authData, session.getAssertionPrPerson(), - mandateData, session.getAssertionAuthBlock(), session - .getAssertionIlAssertion(), - session.getBkuURL(), session - .getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getSourceID(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact;*/ - - } - - private Element createIdentificationBPK(Element mandatePerson, + protected Element createIdentificationBPK(Element mandatePerson, String baseid, String target) throws BuildException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); @@ -2234,7 +2015,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - private String getBaseId(Element mandatePerson) + protected String getBaseId(Element mandatePerson) throws TransformerException, IOException { NodeList list = mandatePerson.getElementsByTagNameNS( Constants.PD_NS_URI, "Identification"); @@ -2437,11 +2218,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } + //TODO: check correctness +// boolean provideStammzahl = oaParam.getProvideStammzahl(); +// if (provideStammzahl) { +// authData.setIdentificationValue(identityLink +// .getIdentificationValue()); +// } // String prPerson = new PersonDataBuilder().build(identityLink, // provideStammzahl); @@ -2599,7 +2381,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //clean AuthenticationSessionStore //TODO: acutally the StartAuthentificaten timestamp is used!!!!! //TODO: maybe change this to lastupdate timestamp. - AuthenticationSessionStoreage.clean(now, sessionTimeOut); + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); @@ -2612,8 +2394,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param seconds * Time out of the session in seconds */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; } /** @@ -2623,7 +2409,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Time out for signing AuthData in seconds */ public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; + authDataTimeOut = seconds * 1000; } /** @@ -2650,7 +2436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the friendly name of the infobox for messages * @return the SAML attribute value (Element or String) */ - private static Object verifySAMLAttribute( + protected static Object verifySAMLAttribute( ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) throws ValidateException { String name = samlAttribute.getName(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index e23b26417..725773b75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,7 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; -import java.io.PrintWriter; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; @@ -37,9 +37,6 @@ import javax.activation.MailcapCommandMap; import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; -import org.apache.commons.logging.impl.SLF4JLog; -import org.apache.log4j.config.PropertyPrinter; - import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -177,40 +174,26 @@ public class MOAIDAuthInitializer { } - //TODO: Set TimeOuts!!! // sets the authentication session and authentication data time outs - String param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + BigInteger param = authConf.getTimeOuts().getMOASessionCreated(); if (param != null) { - long sessionTimeOut = 0; - try { - sessionTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); if (sessionTimeOut > 0) AuthenticationServer.getInstance() - .setSecondsSessionTimeOut(sessionTimeOut); + .setSecondsSessionTimeOutCreated(sessionTimeOut); } - param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + + param = authConf.getTimeOuts().getMOASessionUpdated(); if (param != null) { - long authDataTimeOut = 0; - try { - authDataTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = authConf.getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 245ab206d..23596abda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.Calendar; +import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; @@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) { String sl10Prefix; String sl11Prefix; String slNsDeclaration; String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; + + for (String element : dsigTransformInfos) { + dsigTransformInfosString += element; } +// for (int i = 0; i < dsigTransformInfos.length; i++) { +// dsigTransformInfosString += dsigTransformInfos[i]; +// } + if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4dd6ac78b..9b7cc41ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -60,27 +60,23 @@ public class DataURLBuilder { String individualDataURLPrefix = null; String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } + + //is removed from config in MOA-ID 2.0 + //check if an individual prefix is configured +// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). +// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); +// +// if (null != individualDataURLPrefix) { +// +// //check individualDataURLPrefix +// if(!individualDataURLPrefix.startsWith("http")) +// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); +// +// //when ok then use it +// dataURL = individualDataURLPrefix + authServletName; +// } else + + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index fa1de87de..913b12d49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -99,7 +99,11 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + + //TODO: check if this is Protocol specific + //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); + infoboxValidatorParams.setHideStammzahl(true); + return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index a81baafac..ed55d660c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -6,17 +6,22 @@ import java.io.StringWriter; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { - private static String SERVLET = "GenerateIframeTemplate"; + private static String SERVLET = "./GenerateIframeTemplate"; private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; private static String OANAME = "#OAName#"; + private static String BKU_ONLINE = "#ONLINE#"; + private static String BKU_HANDY = "#HANDY#"; + private static String BKU_LOCAL = "#LOCAL#"; private static String template; @@ -32,6 +37,9 @@ public class LoginFormBuilder { IOUtils.copy(input, writer); template = writer.toString(); template = template.replace(AUTH_URL, SERVLET); + template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); + template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); + template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); } catch (Exception e) { Logger.error("Failed to read template", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java new file mode 100644 index 000000000..6d10f5519 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.InputStream; +import java.io.StringWriter; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectFormBuilder { + + private static String URL = "#URL#"; + private static String template; + + private static String getTemplate() { + + if (template == null) { + try { + String classpathLocation = "resources/templates/redirectForm.html"; + InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classpathLocation); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + } + + return template; + } + + public static String buildLoginForm(String url) { + String value = getTemplate(); + value = value.replace(URL, url); + + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index a0fe0de1b..304a5b70c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -72,7 +72,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 5e6d47bdf..b65b3db0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder { */ public Element build( CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, + List<String> verifyTransformsInfoProfileID, String trustProfileID) throws BuildException { //samlAssertionObject @@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder { // add the transform profile IDs Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); - } + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4001fdd1a..ffe938d89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -34,13 +35,19 @@ import java.util.Iterator; import java.util.List; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; + import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; /** @@ -125,7 +132,7 @@ public class AuthenticationSession implements Serializable { * * Mandate element */ - private Element mandate; + private MISMandate mandate; /** * Reference value for mandate @@ -1081,11 +1088,26 @@ public class AuthenticationSession implements Serializable { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } - public Element getMandate() { + public MISMandate getMISMandate() { return mandate; } - public void setMandate(Element mandate) { + public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + }catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 63ad62662..b0a4f2f8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, - String sourceID, String oaURL, String bkuURL, String templateURL, @@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // escape parameter strings //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); @@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); @@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", @@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) +// && (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); moasession.setAuthURL(authURL); - //check and set SourceID - if (sourceID != null) - moasession.setSourceID(sourceID); +// //check and set SourceID +// if (sourceID != null) +// moasession.setSourceID(sourceID); // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } } moasession.setBkuURL(bkuURL); + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + // override template url by url from configuration file if (oaParam.getTemplateURL() != null) { templateURL = oaParam.getTemplateURL(); @@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ //get Parameters from request String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 187cf4fdb..4b15d80b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -415,12 +415,15 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { throws AuthenticationException, ConfigurationException { // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + + //Removed from MOA-ID 2.0 config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) + //&& (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index e6eecd11b..2ea34ee12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -86,15 +86,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //load Parameters from config String target = oaParam.getTarget(); - String sourceID = ""; //TODO: load from Config - String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); - String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; - +// String sourceID = ""; //TODO: load from Config +// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); +// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam); + + String bkuURL = oaParam.getBKUURL(bkuid); + String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); //parse all OA parameters i StartAuthentificationParameterParser.parse(moasession, target, - sourceID, moasession.getOAURLRequested(), bkuURL, templateURL, @@ -136,43 +137,43 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } - private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List<String> bkuURIs = Arrays.asList( - "http://localhost:8080/moa-id-auth/template_onlineBKU.html", - "http://localhost:8080/moa-id-auth/template_handyBKU.html", - "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); - +// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// // List<String> bkuURIs = Arrays.asList( -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", -// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, - "auth.12"); - } - - private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { - //TODO: CHANGE to real OA config - - List<String> bkuURIs = Arrays.asList( - "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", - "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", - "https://127.0.0.1:3496/https-security-layer-request"); - -// List<String> bkuURIs = Arrays.asList( -// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", -// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -// "https://127.0.0.1:3496/https-security-layer-request"); - - if (bkuID < bkuURIs.size()) - return bkuURIs.get(bkuID); - else - throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, - "auth.12"); - } +// "http://localhost:8080/moa-id-auth/template_onlineBKU.html", +// "http://localhost:8080/moa-id-auth/template_handyBKU.html", +// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); +// +//// List<String> bkuURIs = Arrays.asList( +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, +// "auth.12"); +// } +// +// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { +// //TODO: CHANGE to real OA config +// +// List<String> bkuURIs = Arrays.asList( +// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); +// +//// List<String> bkuURIs = Arrays.asList( +//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +//// "https://127.0.0.1:3496/https-security-layer-request"); +// +// if (bkuID < bkuURIs.size()) +// return bkuURIs.get(bkuID); +// else +// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, +// "auth.12"); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index d41d20def..7d825da17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -174,47 +176,75 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // verify mandate signature - AuthenticationServer.getInstance().verifyMandate(session, mandate); - - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, - null, null).getDocumentElement(); - + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + // TODO OW bPK (Offen: was bei saml:NameIdentifier // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute // AttributeName="bPK" ) System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - String redirectURL = null; - String samlArtifactBase64 = AuthenticationServer.getInstance() - .verifyAuthenticationBlockMandate(session, mandateDoc); - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, - // URLEncoder.encode(session.getTarget(), "UTF-8")); - } - // redirectURL = addURLParameter(redirectURL, - // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, - // "UTF-8")); - redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), - session.getAction()), samlArtifactBase64); - redirectURL = resp.encodeRedirectURL(redirectURL); - - } else { - redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), - AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, - session.getSessionID()); - - } + //check if it is a parsable XML + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // extract RepresentationType + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + session.setMISMandate(mandate); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + String redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction()), newMOASessionID); + redirectURL = resp.encodeRedirectURL(redirectURL); + + +// String samlArtifactBase64 = AuthenticationServer.getInstance() +// .verifyAuthenticationBlockMandate(session, mandateDoc); + +// if (!samlArtifactBase64.equals("Redirect to Input Processor")) { +// +// redirectURL = session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// // URLEncoder.encode(session.getTarget(), "UTF-8")); +// } +// // redirectURL = addURLParameter(redirectURL, +// // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, +// // "UTF-8")); +// redirectURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// ModulUtils.buildAuthURL(session.getModul(), +// session.getAction()), samlArtifactBase64); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// } else { +// redirectURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, +// session.getSessionID()); +// +// } + + resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index f89460a83..200d25fbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -147,122 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); -
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- } - - String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
- - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); -
- try { - - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); -
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
- - String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); - // escape parameter strings - inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template -
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); - - if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) - throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); -
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- } - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } -
- } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// } +// +// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +//
+// try { +// +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); +//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+// +// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); +// // escape parameter strings +// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template +//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); +// +// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) +// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); +//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +//
+// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java new file mode 100644 index 000000000..310f3509c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.logging.Logger; + + + +public class RedirectServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + public static final String REDIRCT_GETPARAM = "redirecturl"; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + RedirectServlet.class + " Request"); + + String url = req.getParameter(REDIRCT_GETPARAM); + + Logger.info("Redirect to " + url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index d544e2f85..2deece26f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet { Logger.debug("GET SelectBKU"); - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); - - - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - - String returnValue = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - } - else { - // use target from config - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); - } - - - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.setContentType("text/html"); - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html;charset=UTF-8"); - Logger.debug("HTML-Form: " + htmlForm); - Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); - out.write(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String authURL = req.getScheme() + "://" + req.getServerName(); +// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { +// authURL = authURL.concat(":" + req.getServerPort()); +// } +// authURL = authURL.concat(req.getContextPath() + "/"); +// +// String target = req.getParameter(PARAM_TARGET); +// String oaURL = req.getParameter(PARAM_OA); +// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); +// String templateURL = req.getParameter(PARAM_TEMPLATE); +// +// // escape parameter strings +// target = StringEscapeUtils.escapeHtml(target); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// templateURL = StringEscapeUtils.escapeHtml(templateURL); +// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); +// +// +// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); +// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); +// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); +// +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// // get target and target friendly name from config +// String targetConfig = oaParam.getTarget(); +// +// String returnValue = null; +// if (StringUtils.isEmpty(targetConfig)) { +// // no target attribut is given in OA config +// // target is used from request +// // check parameter +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); +// +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// else { +// // use target from config +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// +// +// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); +// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = returnValue; +// resp.setContentType("text/html"); +// resp.sendRedirect(redirectURL); +// Logger.info("REDIRECT TO: " + redirectURL); +// } else { +// // bkuSelectionType==HTMLSelect +// String htmlForm = returnValue; +// resp.setContentType("text/html;charset=UTF-8"); +// Logger.debug("HTML-Form: " + htmlForm); +// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); +// out.write(htmlForm); +// out.flush(); +// Logger.debug("Finished GET SelectBKU"); +// } +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (Throwable ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 115c52688..ba7893412 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -55,7 +55,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 892607c16..ed826c615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -81,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, + List<String> identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) throws ValidateException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 88c4a8feb..a154c9ece 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ } + +public String start(boolean physical, String familyName, String givenName, + String dateOfBirth, String streetName, String buildingNumber, + String unit, String postalCode, String municipality, String cbFullName, + String cbIdentificationType, String cbIdentificationValue) { + // TODO Auto-generated method stub + return null; +} + +public String validate(Map parameters, String extErrortext) { + // TODO Auto-generated method stub + return null; +}
+ + //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 735117094..f2f897432 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants; *
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +public class ParepValidator implements InfoboxValidator { + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - /** */ - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten �bernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+ + public InfoboxValidationResult validate(InfoboxValidatorParams params) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Map parameters) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Element samlAssertion) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public String getForm() { + // TODO Auto-generated method stub + return null; + }
+ + + //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +// public final static String EXT_SAML_MANDATE_OID = "OID"; +// +// /** */ +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
-// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index bc5a0e061..ee5a57914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants; * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+ + + //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index fb1dc0293..bf4952113 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -81,7 +81,7 @@ public class ConfigurationProvider { * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to * chaining mode (a <code>String</code>) mapping. */ - protected Map chainingModes; + protected Map<IssuerAndSerial, String> chainingModes; /** * the URL for the trusted CA Certificates @@ -93,6 +93,10 @@ public class ConfigurationProvider { */ protected String rootConfigFileDir; + protected String certstoreDirectory; + + protected boolean trustmanagerrevoationchecking; + /** * Returns the main configuration file directory used to configure MOA-ID * @@ -148,5 +152,22 @@ public class ConfigurationProvider { return trustedCACertificates; } + +/** + * @return the certstoreDirectory + */ +public String getCertstoreDirectory() { + return certstoreDirectory; +} + +/** + * @return the trustmanagerrevoationchecking + */ +public boolean isTrustmanagerrevoationchecking() { + return trustmanagerrevoationchecking; +} + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java new file mode 100644 index 000000000..65fda8396 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.config; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +public class ConfigurationUtils { + + public static List<String> getTransformInfos(List<TransformsInfoType> transformations) { + List<String> list = new ArrayList<String>(); + + for (TransformsInfoType e1 : transformations) { + + try { + String transform = new String(e1.getTransformation(), "UTF-8"); + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs"); + return null; + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database."); + return null; + } + } + return list; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java new file mode 100644 index 000000000..41d6959b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterForeign extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; + + public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java new file mode 100644 index 000000000..0e05633c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMOASP extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; + + public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java new file mode 100644 index 000000000..00b393b92 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMandate extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; + + public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 56c97a802..c1715d6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + /** * Configuration parameters belonging to an online application, * to be used within both, the MOA ID Auth and the @@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config; */ public class OAParameter { + public OAParameter(OnlineApplication oa) { + + this.oaType = oa.getType(); + + if (this.oaType.equals("businessService")) + this.businessService = true; + else + this.businessService = false; + + this.publicURLPrefix = oa.getPublicURLPrefix(); + + this.friendlyName = oa.getFriendlyName(); + + this.target = oa.getTarget(); + + this.targetFriendlyName = oa.getTargetFriendlyName(); + + } + /** * type of the online application (maybe "PublicService" or "BusinessService") */ @@ -63,102 +84,26 @@ public class OAParameter { */ private String targetFriendlyName; - /** - * Returns the type of the online application. - * @return the type of the online application. - */ - public String getOaType() { - return oaType; - } - - /** - * Returns <code>true</code> is the OA is a businss application, otherwise - * <code>false</code>. - * @return <code>true</code> is the OA is a businss application, otherwise - * <code>false</code> - */ - public boolean getBusinessService() { - return this.businessService; - } - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - /** - * - * Sets the type of the online application. - * If the type is "businessService" the value of <code>businessService</code> - * ({@link #getBusinessService()}) is also set to <code>true</code> - * @param oaType The type of the online application. - */ - public void setOaType(String oaType) { - this.oaType = oaType; - if ("businessService".equalsIgnoreCase(oaType)) { - this.businessService = true; - } - } + public String getOaType() { + return oaType; + } + public boolean getBusinessService() { + return businessService; + } + public String getPublicURLPrefix() { + return publicURLPrefix; + } + public String getFriendlyName() { + return friendlyName; + } + public String getTarget() { + return target; + } + public String getTargetFriendlyName() { + return targetFriendlyName; + } - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - - - /** - * Gets the friendly name of the OA - * @return Friendly Name of the OA - */ - public String getFriendlyName() { - return friendlyName; - } - - /** - * Sets the friendly name of the OA - * @param friendlyName - */ - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - /** - * Gets the target of the OA - * @return target of the OA - */ - public String getTarget() { - return target; - } - - /** - * Sets the target of the OA - * @param target - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Gets the target friendly name of the OA - * @return target Friendly Name of the OA - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the target friendly name of the OA - * @param targetFriendlyName - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6f1af9842..922d86fc0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -24,38 +24,60 @@ package at.gv.egovernment.moa.id.config.auth; -import java.io.BufferedInputStream; +import iaik.util.logging.Log; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; import java.net.MalformedURLException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Properties; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + import org.hibernate.cfg.Configuration; -import org.w3c.dom.Element; -import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ConfigurationUtil; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.XPathUtils; import eu.stork.vidp.messages.common.STORKBootstrap; /** @@ -123,90 +145,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // // configuration data // + private static MOAIDConfiguration moaidconfig; - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; - - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; - - - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private List identityLinkX509SubjectNames; - /** - * default parameters for verifying additional infoboxes. - */ - private VerifyInfoboxParameters defaultVerifyInfoboxParameters; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; - - /** - * parameter for connection to SZR-GW GetIdentityLink - */ - private ConnectionParameter foreignIDConnectionParameter; - - /** - * parameter for connection to OnlineMandates Service - */ - private ConnectionParameter onlineMandatesConnectionParameter; - - /** - * Parameter for trusted BKUs - */ - private List trustedBKUs; - - /** - * Parameter for trusted Template URLs - */ - private List trustedTemplateURLs; - - /** - * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) - */ - private STORKConfig storkConfig; + private static Properties props; + private static STORKConfig storkconfig; + /** * Return the single instance of configuration data. * @@ -260,38 +204,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * read/built. */ private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } - try { - + + try { //Initial Hibernate Framework Logger.trace("Initializing Hibernate framework."); //Load MOAID-2.0 properties file - String propertiesFileLocation = System.getProperty("moa.id.config"); - MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); - File propertiesFile = new File(propertiesFileLocation); + File propertiesFile = new File(fileName); FileInputStream fis; - Properties props = new Properties(); + props = new Properties(); - //TODO: determine from new config file path // determine the directory of the root config file rootConfigFileDir = new File(fileName).getParent(); @@ -306,7 +228,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { fis = new FileInputStream(propertiesFile); props.load(fis); - + //TODO: maybe some general hibnerate config!!! // read MOAID Session Hibernate properties Properties moaSessionProp = new Properties(); for (Object key : props.keySet()) { @@ -331,7 +253,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { synchronized (AuthConfigurationProvider.class) { //Initial config Database - ConfigurationUtil.initHibernate(configProp); + ConfigurationDBUtils.initHibernate(configProp); //initial MOAID Session Database Configuration config = new Configuration(); @@ -340,7 +262,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); config.addProperties(moaSessionProp); - MOASessionUtil.initHibernate(config, moaSessionProp); + MOASessionDBUtils.initHibernate(config, moaSessionProp); } Logger.trace("Hibernate initialization finished."); @@ -360,113 +282,141 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + + String legacyconfig = props.getProperty("configuration.xml.legacy"); + String xmlconfig = props.getProperty("configuration.xml"); + + //check if XML config should be used + if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + } + + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(legacyconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir); + ConfigurationDBUtils.save(moaconfig); + Logger.info("Legacy Configuration load is completed."); + + //TODO: only for Testing!!! + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Marshaller m = jc.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + File test = new File(xmlconfig); + m.marshal(moaconfig, test); + + } + } - //TODO: load from Legacy if legacy.xml.configuration != null -// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(fileName, rootConfigFileDir); -// ConfigurationUtil.save(moaconfig); + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); - //TODO: Save MOAID 2.0 config to XML -// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -// Marshaller m = jc.createMarshaller(); -// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); -// File test = new File("D:/moa2.0_config.xml"); -// m.marshal(moaconfig, test); + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + File file = new File(xmlconfig); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); + //ConfigurationDBUtils.save(moaconfig); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + Log.err("MOA-ID XML configuration can not be loaded from File."); + throw new ConfigurationException("config.02", null); + } + Logger.info("XML Configuration load is completed."); + } + Logger.info("Read MOA-ID 2.0 configuration from database."); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + Logger.info("MOA-ID 2.0 is loaded."); -// // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - defaultVerifyInfoboxParameters = null; - Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); - if (defaultVerifyInfoboxParamtersElem != null) { - defaultVerifyInfoboxParameters = - builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); - } - - - foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); - onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - trustedBKUs = builder.getTrustedBKUs(); - trustedTemplateURLs = builder.getTrustedTemplateURLs(); - storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + + //build STORK Config + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authgeneral.getForeignIdentities(); + if (foreign == null ) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + throw new ConfigurationException("config.02", null); + } + storkconfig = new STORKConfig(foreign.getSTORK(), props); + + + //load Chaining modes + ChainingModes cm = moaidconfig.getChainingModes(); + if (cm != null) { + defaultChainingMode = cm.getSystemDefaultMode().value(); + + List<TrustAnchor> tas = cm.getTrustAnchor(); + + chainingModes = new HashMap<IssuerAndSerial, String>(); + for (TrustAnchor ta : tas) { + IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); + chainingModes.put(is, ta.getMode().value()); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); + throw new ConfigurationException("config.02", null); + } + //set Trusted CA certs directory + trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); + + //set CertStoreDirectory + setCertStoreDirectory(); + + //set TrustManagerRevocationChecking + setTrustManagerRevocationChecking(); + + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } - /** - * Loads the <code>transformsInfos</code> from files. - * @throws Exception on any exception thrown - */ -// private void loadTransformsInfos() throws Exception { -// -// transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// } - -// /** -// * Loads the <code>transformsInfos</code> from files. -// * @throws Exception on any exception thrown -// */ -// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { -// -// String[] transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// return transformsInfos; -// } - - - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - //TODO: only for testing -// public String[] getTransformsInfoFileNames() { -// return transformsInfoFileNames; -// } + public TimeOuts getTimeOuts() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + return auth.getGeneralConfiguration().getTimeOuts(); + else { + Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); + throw new ConfigurationException("config.02", null); + } + } - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; + public String getAlternativeSourceID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + return auth.getGeneralConfiguration().getAlternativeSourceID(); + else { + Logger.warn("Error in MOA-ID Configuration. No AlternativeSourceID defined."); + throw new ConfigurationException("config.02", null); + } } + + public List<String> getLegacyAllowedProtocols() { + try { + AuthComponentGeneral auth = getAuthComponentGeneral(); + Protocols procols = auth.getProtocols(); + LegacyAllowed legacy = procols.getLegacyAllowed(); + return legacy.getProtocolName(); + + } catch (Exception e) { + Logger.info("No protocols found with legacy allowed flag!"); + return new ArrayList<String>(); + } + + } + /** * Provides configuration information regarding the online application behind @@ -478,15 +428,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// return ConfigurationDBUtils.getOnlineApplication(oaURL); + OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaURL); - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); } @@ -495,9 +444,19 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID + * @throws ConfigurationException */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock(); + + if (verifyidl != null) + return verifyidl.getTrustProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); + } /** @@ -505,119 +464,207 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs + * @throws ConfigurationException */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock(); + + if (verifyidl != null) + return verifyidl.getVerifyTransformsInfoProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element + * @throws ConfigurationException */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(authgeneral); + + if (moasp.getConnectionParameter() != null) + return new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); + else + return null; } /** * Return a ConnectionParameter bean containing all information * of the authentication component foreigid element * @return ConnectionParameter of the authentication component foreignid element + * @throws ConfigurationException */ - public ConnectionParameter getForeignIDConnectionParameter() { - return foreignIDConnectionParameter; + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authgeneral.getForeignIdentities(); + + if (foreign != null) { + return new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); + } + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); + throw new ConfigurationException("config.02", null); } /** * Return a ConnectionParameter bean containing all information * of the authentication component OnlineMandates element * @return ConnectionParameter of the authentication component OnlineMandates element + * @throws ConfigurationException */ - public ConnectionParameter getOnlineMandatesConnectionParameter() { - return onlineMandatesConnectionParameter; + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + OnlineMandates ovs = authgeneral.getOnlineMandates(); + + if (ovs != null) { + return new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); + } + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); + throw new ConfigurationException("config.02", null); } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + MOASP moasp = getMOASPConfig(auth); + VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); + + if (verifyidl != null) + return verifyidl.getTrustProfileID(); + + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); + throw new ConfigurationException("config.02", null); } + /** * Returns the transformsInfos. * @return String[] + * @throws ConfigurationException */ - public String[] getTransformsInfos() { - return transformsInfos; + public List<String> getTransformsInfos() throws ConfigurationException { + + AuthComponentGeneral authgeneral = getAuthComponentGeneral(); + + SecurityLayer seclayer = authgeneral.getSecurityLayer(); + if (seclayer == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } + + return ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); } /** * Returns the identityLinkX509SubjectNames. * @return List + * @throws ConfigurationException */ - public List getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + + AuthComponentGeneral auth = getAuthComponentGeneral(); + IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); + + if (idlsigners != null) { + return idlsigners.getX509SubjectName(); + + } + + Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found."); + return new ArrayList<String>(); } - /** - * Returns the trustBKUs. - * @return List - */ - public List getTrustedBKUs() { - return this.trustedBKUs; - } - - /** - * Returns the trustedTemplateURLs. - * @return List - */ - public List getTrustedTemplateURLs() { - return this.trustedTemplateURLs; - } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; - } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; - } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; + public List<String> getSLRequestTemplates() throws ConfigurationException { + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + List<String> list = new ArrayList<String>(); + + if (templ == null) { + Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); + throw new ConfigurationException("config.02", null); + } + list.add(templ.getOnlineBKU()); + list.add(templ.getHandyBKU()); + list.add(templ.getLocalBKU()); + return list; } - - /** - * Returns the defaultVerifyInfoboxParameters. - * - * @return The defaultVerifyInfoboxParameters. - */ - public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { - return defaultVerifyInfoboxParameters; + + public String getSLRequestTemplates(String type) throws ConfigurationException { + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + if (templ != null) { + if (type.equals(OAAuthParameter.ONLINEBKU)) + return templ.getOnlineBKU(); + else if (type.equals(OAAuthParameter.HANDYBKU)) + return templ.getHandyBKU(); + else if (type.equals(OAAuthParameter.LOCALBKU)) + return templ.getLocalBKU(); + + } + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + return null; } - + /** * Retruns the STORK Configuration * @return STORK Configuration + * @throws ConfigurationException */ - public STORKConfig getStorkConfig() { - return storkConfig; + public STORKConfig getStorkConfig() throws ConfigurationException { + + return storkconfig; } + + private void setCertStoreDirectory() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + + private void setTrustManagerRevocationChecking() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + if (auth.getGeneralConfiguration() != null) + trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { + AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); + if (authgeneral == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); + throw new ConfigurationException("config.02", null); + } + return authgeneral; + } + private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { + MOASP moasp = authgeneral.getMOASP(); + + if (moasp == null) { + Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); + throw new ConfigurationException("config.02", null); + } + return moasp; + } }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 7c174de77..32c609e81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -25,10 +25,21 @@ package at.gv.egovernment.moa.id.config.auth; import java.util.ArrayList; +import java.util.List; -import org.opensaml.saml2.metadata.RequestedAttribute; - +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; @@ -47,88 +58,20 @@ import eu.stork.vidp.messages.stork.RequestedAttributes; * @author Harald Bratko */ public class OAAuthParameter extends OAParameter { - /** - * Sercurity Layer version - */ - private String slVersion; - /** - * true, if the Security Layer version is version 1.2, otherwise false - */ - private boolean slVersion12; - /** - * identityLinkDomainIdentifier - * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") - * <br> - * only used within a business application context for providing it to the - * security layer as input for wbPK computation - */ - private String identityLinkDomainIdentifier; - /** - * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) - */ - private String keyBoxIdentifier; - /** - * transformations for rendering in the secure viewer of the security layer - * implementation; multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * determines whether "Stammzahl" is to be included in the authentication data - */ - private boolean provideStammzahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - /** - * determines whether the certificate is to be included in the authentication data - */ - private boolean provideCertificate; - /** - * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data - */ - private boolean provideFullMandatorData; - - /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ - private boolean useUTC; - - /** determines wheter a saml:Condition is added to the SAML assertion or not */ - private boolean useCondition; - - /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ - private int conditionLength; - /** - * url to a template for web page "Auswahl der Bürgerkartenumgebung" - */ - private String bkuSelectionTemplateURL; - /** - * template for web page "Anmeldung mit Bürgerkarte" - */ - private String templateURL; - /** - * template for web page "Signatur der Anmeldedaten" - */ - private String inputProcessorSignTemplateURL; - /** - * Parameters for verifying infoboxes. - */ - private VerifyInfoboxParameters verifyInfoboxParameters; - - /** - * Parameter for Mandate profiles - */ - private String mandateProfiles; - - /** - * - * Type for authentication number (e.g. Firmenbuchnummer) - */ - private String identityLinkDomainIdentifierType; + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + + private AuthComponentOA oa_auth; + + public OAAuthParameter(OnlineApplication oa) { + super(oa); + + this.oa_auth = oa.getAuthComponentOA(); + + this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); +} /** * STORK QAA Level, Default = 4 @@ -144,359 +87,205 @@ public class OAAuthParameter extends OAParameter { STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - -/** - * Returns <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code>. - * @return <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code> - */ - public boolean getSlVersion12() { - return slVersion12; - } - - /** - * Returns the security layer version. - * @return the security layer version. - */ - public String getSlVersion() { - return slVersion; - } - - /** - * Returns the identityLinkDomainIdentifier. - * @return the identityLinkDomainIdentifier. - */ - public String getIdentityLinkDomainIdentifier() { - return identityLinkDomainIdentifier; - } - - /** - * Returns the transformsInfos. - * @return the transformsInfos. - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - /** - * Returns the provideStammzahl. - * @return String - */ - public boolean getProvideStammzahl() { - return provideStammzahl; - } - - /** - * Returns <code>true</code> if the certificate should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the certificate should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideCertifcate() { - return provideCertificate; - } - - /** - * Returns <code>true</code> if the full mandator data should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the full mandator data should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideFullMandatorData() { - return provideFullMandatorData; - } - - /** - * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - */ - public boolean getUseUTC() { - return useUTC; - } - - /** - * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - */ - public boolean getUseCondition() { - return useCondition; - } - - /** - * Returns the validity time of the SAML assertion (if useCondition is true) in seconds - * @return the validity time of the SAML assertion (if useCondition is true) in seconds - */ - public int getConditionLength() { - return conditionLength; - } + private String keyBoxIdentifier; - /** - * Returns the key box identifier. - * @return String - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * Returns the BkuSelectionTemplate url. - * @return The BkuSelectionTemplate url or <code>null</code> if no url for - * a BkuSelectionTemplate is set. - */ - public String getBkuSelectionTemplateURL() { - return bkuSelectionTemplateURL; - } - - /** - * Returns the TemplateURL url. - * @return The TemplateURL url or <code>null</code> if no url for - * a Template is set. - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * Returns the inputProcessorSignTemplateURL url. - * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for - * a input processor sign template is set. - */ - public String getInputProcessorSignTemplateURL() { - return inputProcessorSignTemplateURL; - } - - /** - * Returns the parameters for verifying additional infoboxes. - * - * @return The parameters for verifying additional infoboxes. - * Maybe <code>null</code>. - */ - public VerifyInfoboxParameters getVerifyInfoboxParameters() { - return verifyInfoboxParameters; - } - - /** - * Sets the security layer version. - * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) - * to <code>true</code> if the Security Layer version is 1.2. - * @param slVersion The security layer version to be used. - */ - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - if ("1.2".equals(slVersion)) { - this.slVersion12 = true; - } - } - /** - * Sets the IdentityLinkDomainIdentifier. - * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. - */ - public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { - this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; - } - /** - * Sets the transformsInfos. - * @param transformsInfos The transformsInfos to be used. - */ - public void setTransformsInfos(String[] transformsInfos) { - this.transformsInfos = transformsInfos; - } - + * @return the slVersion + */ +public String getSlVersion() { + return oa_auth.getSlVersion(); +} /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } + * @return the slVersion12 + */ +public boolean isSlVersion12() { + if ("1.2".equals(oa_auth.getSlVersion())) + return true; + else + return false; + } - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } +public boolean getUseUTC() { + return oa_auth.isUseUTC(); +} - /** - * Sets the provideStammzahl. - * @param provideStammzahl The provideStammzahl to set - */ - public void setProvideStammzahl(boolean provideStammzahl) { - this.provideStammzahl = provideStammzahl; - } - - /** - * Sets the provideCertificate variable. - * @param provideCertificate The provideCertificate value to set - */ - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - - /** - * Sets the provideFullMandatorData variable. - * @param provideFullMandatorData The provideFullMandatorData value to set - */ - public void setProvideFullMandatorData(boolean provideFullMandatorData) { - this.provideFullMandatorData = provideFullMandatorData; - } - - /** - * Sets the useUTC variable. - * @param useUTC The useUTC value to set - */ - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - - /** - * Sets the useCondition variable - * @param useCondition The useCondition value to set - */ - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - - /** - * Sets the conditionLength variable - * @param conditionLength the conditionLength value to set - */ - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - +public boolean useIFrame() { + return oa_auth.isUseIFrame(); +} - /** - * Sets the key box identifier. - * @param keyBoxIdentifier to set - */ - public void setKeyBoxIdentier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * Sets the BkuSelectionTemplate url. - * @param bkuSelectionTemplateURL The url string specifying the location - * of a BkuSelectionTemplate. - */ - public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { - this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; - } - - /** - * Sets the Template url. - * @param templateURL The url string specifying the location - * of a Template. - */ - public void setTemplateURL(String templateURL) { - this.templateURL = templateURL; - } - - /** - * Sets the input processor sign form template url. - * - * @param inputProcessorSignTemplateURL The url string specifying the - * location of the input processor sign form - */ - public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { - this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; - } +/** + * @return the identityLinkDomainIdentifier + */ +public String getIdentityLinkDomainIdentifier() { + + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getValue(); + + return null; +} - /** - * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. - * - * @param verifyInfoboxParameters The verifyInfoboxParameters to set. - */ - public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { - this.verifyInfoboxParameters = verifyInfoboxParameters; - } - - /** - * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - */ - public String getIdentityLinkDomainIdentifierType() { - return identityLinkDomainIdentifierType; - } +/** + * @return the keyBoxIdentifier + */ +public String getKeyBoxIdentifier() { + + return keyBoxIdentifier; +} - /** - * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) - */ - public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { - this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; - } - - /** - * Sets the Mandate/Profiles - * @param profiles - */ - public void setMandateProfiles(String profiles) { - this.mandateProfiles = profiles; - } - - /** - * Returns the Mandates/Profiles - * @return - */ - public String getMandateProfiles() { - return this.mandateProfiles; - } +/** + * @return the transformsInfos + */ +public List<String> getTransformsInfos() { + + List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); + return ConfigurationUtils.getTransformInfos(transformations); +} - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; + public OASAML1 getSAML1Parameter() { + return oa_auth.getOASAML1(); } + public OAPVP2 getPVP2Parameter() { + return oa_auth.getOAPVP2(); + } + +///** +// * @return the bkuSelectionTemplateURL +// */ +//public String getBkuSelectionTemplateURL() { +// return bkuSelectionTemplateURL; +//} + /** - * Sets the STORK QAALevel - * @param qaaLevel + * @return the templateURL */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; + public String getTemplateURL() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + if (templates.getTemplate() != null) + return templates.getTemplate().getURL(); + } + return null; } - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; + public String getAditionalAuthBlockText() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + return templates.getAditionalAuthBlockText(); + } + return null; } - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; + public String getBKUURL(String bkutype) { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + if (bkuurls != null) { + if (bkutype.equals(ONLINEBKU)) + return bkuurls.getOnlineBKU(); + else if (bkutype.equals(HANDYBKU)) + return bkuurls.getHandyBKU(); + else if (bkutype.equals(LOCALBKU)) + return bkuurls.getLocalBKU(); + + } + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + return null; + } + + public List<String> getBKUURL() { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + + List<String> list = new ArrayList<String>(); + + if (bkuurls == null) { + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + } else { + list.add(bkuurls.getOnlineBKU()); + list.add(bkuurls.getHandyBKU()); + list.add(bkuurls.getLocalBKU()); + } + return list; } + + + public boolean useSSO() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isUseSSO(); + else + return false; + } + + public String getSingleLogOutURL() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.getSingleLogOutURL(); + else + return null; + } + +///** +// * @return the inputProcessorSignTemplateURL +// */ +//public String getInputProcessorSignTemplateURL() { +// return inputProcessorSignTemplateURL; +//} + +///** +// * @return the verifyInfoboxParameters +// */ +//public VerifyInfoboxParameters getVerifyInfoboxParameters() { +// return verifyInfoboxParameters; +//} + +/** + * @return the mandateProfiles + */ +public String getMandateProfiles() { + + Mandates mandates = oa_auth.getMandates(); + + if (mandates != null) + return mandates.getProfiles(); + else + return null; +} + +/** + * @return the identityLinkDomainIdentifierType + */ +public String getIdentityLinkDomainIdentifierType() { + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getType(); + + return null; +} + +/** + * @return the qaaLevel + */ +public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; +} + +/** + * @return the requestedAttributes + */ +public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 62f85fa3c..1536b907b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -18,6 +18,9 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.XMLObject; import org.w3c.dom.Element; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; @@ -62,18 +65,14 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; + import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; public class BuildFromLegacyConfig { @@ -200,8 +199,9 @@ public class BuildFromLegacyConfig { for (String transformInfo : transformsInfos) { TransformsInfoType transforminfotype = new TransformsInfoType(); transforminfotype.setFilename(""); + //TODO: Transformation is stored in BASE64 - transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes()).getBytes()); + transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes("UTF-8")).getBytes("UTF-8")); auth_transformInfos.add(transforminfotype); } SecurityLayer auth_securityLayer = new SecurityLayer(); @@ -271,31 +271,22 @@ public class BuildFromLegacyConfig { auth_foreign.setSTORK(auth_foreign_stork); //set CPEPS - Map<String, at.gv.egovernment.moa.id.config.stork.CPEPS> map = storkConfig.getCpepsMap(); + Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap(); Set<String> map_keys = map.keySet(); - List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); + List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); for (String key : map_keys) { CPEPS cpep = new CPEPS(); cpep.setCountryCode(map.get(key).getCountryCode()); cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! - List<RequestedAttributeType> cpep_reqs = new ArrayList<RequestedAttributeType>(); + List<String> cpep_reqs = new ArrayList<String>(); + List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes(); for (RequestedAttribute e1 : map1) { - RequestedAttributeType cpep_req = new RequestedAttributeType(); - cpep_req.setIsRequired(e1.isRequired()); - cpep_req.setFriendlyName(e1.getFriendlyName()); - cpep_req.setNameFormat(e1.getNameFormat()); - cpep_req.setName(e1.getName()); - - List<XMLObject> e2s = e1.getAttributeValues(); - List<Object> cpep_req_attr = new ArrayList<Object>(); - for (XMLObject e2 : e2s) { - cpep_req_attr.add(e2); - } - cpep_req.setAttributeValue(cpep_req_attr); + Element element = SAMLUtil.marshallMessage(e1); + cpep_reqs.add(XMLUtil.printXML(element)); } - cpep.setRequestedAttribute(cpep_reqs); + cpep.setAttributeValue(cpep_reqs); auth_foreign_stork_cpeps.add(cpep); } auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); @@ -358,6 +349,7 @@ public class BuildFromLegacyConfig { //SLLayer Version / useIframe oa_auth.setSlVersion(oa.getSlVersion()); oa_auth.setUseIFrame(false); + oa_auth.setUseUTC(oa.getUseUTC()); //BKUURLs @@ -417,7 +409,6 @@ public class BuildFromLegacyConfig { oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); oa_saml1.setUseCondition(oa.getUseCondition()); - oa_saml1.setUseUTC(oa.getUseUTC()); //OA_PVP2 OAPVP2 oa_pvp2 = new OAPVP2(); @@ -494,11 +485,13 @@ public class BuildFromLegacyConfig { ConnectionParameter old) { ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); auth_moaSP_connection.setURL(old.getUrl()); - auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); - ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); - auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); - auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); - auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); + + //TODO: remove from Database config!!!!! +// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); +// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); +// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); +// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); +// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); return auth_moaSP_connection; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java new file mode 100644 index 000000000..c191d7b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java @@ -0,0 +1,98 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +/** + * Encpasulates C-PEPS information according MOA configuration + * + * @author bzwattendorfer + * + */ +public class CPEPS { + + /** Country Code of C-PEPS */ + private String countryCode; + + /** URL of C-PEPS */ + private URL pepsURL; + + /** Specific attributes to be requested for this C-PEPS */ + private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>(); + + /** + * Constructs a C-PEPS + * @param countryCode ISO Country Code of C-PEPS + * @param pepsURL URL of C-PEPS + */ + public CPEPS(String countryCode, URL pepsURL) { + super(); + this.countryCode = countryCode; + this.pepsURL = pepsURL; + } + + /** + * Gets the country code of this C-PEPS + * @return ISO country code + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the country code of this C-PEPS + * @param countryCode ISO country code + */ + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + + /** + * Gets the URL of this C-PEPS + * @return C-PEPS URL + */ + public URL getPepsURL() { + return pepsURL; + } + + /** + * Sets the C-PEPS URL + * @param pepsURL C-PEPS URL + */ + public void setPepsURL(URL pepsURL) { + this.pepsURL = pepsURL; + } + + /** + * Gets the country specific attributes of this C-PEPS + * @return List of country specific attributes + */ + public List<RequestedAttribute> getCountrySpecificRequestedAttributes() { + return countrySpecificRequestedAttributes; + } + + /** + * Sets the country specific attributes + * @param countrySpecificRequestedAttributes List of country specific requested attributes + */ + public void setCountrySpecificRequestedAttributes( + List<RequestedAttribute> countrySpecificRequestedAttributes) { + this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes; + } + + /** + * Adds a Requested attribute to the country specific attribute List + * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add + */ + public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) { + this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 2f138fbfc..c2898f314 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -22,7 +22,7 @@ */ -package at.gv.egovernment.moa.id.config; +package at.gv.egovernment.moa.id.config.legacy; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; @@ -51,12 +51,13 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.legacy.CPEPS; +import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -72,7 +73,6 @@ import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * A class that builds configuration data from a DOM based representation. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java index b1b90f40b..455fde9bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java @@ -22,7 +22,7 @@ */ -package at.gv.egovernment.moa.id.config; +package at.gv.egovernment.moa.id.config.legacy; /** * This bean class is used to store data for various connectionParameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java new file mode 100644 index 000000000..3948522c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -0,0 +1,501 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") + * <br> + * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data + */ + private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; + + /** determines wheter a saml:Condition is added to the SAML assertion or not */ + private boolean useCondition; + + /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ + private int conditionLength; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + + /** + * + * Type for authentication number (e.g. Firmenbuchnummer) + */ + private String identityLinkDomainIdentifierType; + + /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** + * Returns <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code>. + * @return <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code> + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns <code>true</code> if the certificate should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the certificate should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns <code>true</code> if the full mandator data should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the full mandator data should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideFullMandatorData() { + return provideFullMandatorData; + } + + /** + * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + */ + public boolean getUseUTC() { + return useUTC; + } + + /** + * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + */ + public boolean getUseCondition() { + return useCondition; + } + + /** + * Returns the validity time of the SAML assertion (if useCondition is true) in seconds + * @return the validity time of the SAML assertion (if useCondition is true) in seconds + */ + public int getConditionLength() { + return conditionLength; + } + + +/** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or <code>null</code> if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or <code>null</code> if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe <code>null</code>. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) + * to <code>true</code> if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + + +/** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the provideFullMandatorData variable. + * @param provideFullMandatorData The provideFullMandatorData value to set + */ + public void setProvideFullMandatorData(boolean provideFullMandatorData) { + this.provideFullMandatorData = provideFullMandatorData; + } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** + * Sets the useCondition variable + * @param useCondition The useCondition value to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + /** + * Sets the conditionLength variable + * @param conditionLength the conditionLength value to set + */ + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } + + /** + * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + */ + public String getIdentityLinkDomainIdentifierType() { + return identityLinkDomainIdentifierType; + } + + /** + * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) + */ + public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { + this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; + } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } + + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java new file mode 100644 index 000000000..de449cbcf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java @@ -0,0 +1,164 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (<code>true</code> if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * specifies a human readable name of the Online Application + */ + private String friendlyName; + + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns <code>true</code> is the OA is a businss application, otherwise + * <code>false</code>. + * @return <code>true</code> is the OA is a businss application, otherwise + * <code>false</code> + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of <code>businessService</code> + * ({@link #getBusinessService()}) is also set to <code>true</code> + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + + + /** + * Gets the friendly name of the OA + * @return Friendly Name of the OA + */ + public String getFriendlyName() { + return friendlyName; + } + + /** + * Sets the friendly name of the OA + * @param friendlyName + */ + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java new file mode 100644 index 000000000..2d0a91fb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java @@ -0,0 +1,90 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Encapsulates several STORK configuration parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class STORKConfig { + + /** STORK SAML signature creation parameters */ + private SignatureCreationParameter signatureCreationParameter; + + /** STORK SAML signature verification parameters */ + private SignatureVerificationParameter signatureVerificationParameter; + + /** Map of supported C-PEPSs */ + private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); + + + /** + * Constructs a STORK Config object + * @param signatureCreationParameter STORK SAML Signature creation parameters + * @param signatureVerificationParameter STORK SAML Signature verification parameters + * @param cpepsMap Map of supported C-PEPS + */ + public STORKConfig(SignatureCreationParameter signatureCreationParameter, + SignatureVerificationParameter signatureVerificationParameter, + Map<String, CPEPS> cpepsMap) { + super(); + this.signatureCreationParameter = signatureCreationParameter; + this.signatureVerificationParameter = signatureVerificationParameter; + this.cpepsMap = cpepsMap; + } + + public SignatureCreationParameter getSignatureCreationParameter() { + return signatureCreationParameter; + } + + public void setSignatureCreationParameter( + SignatureCreationParameter signatureCreationParameter) { + this.signatureCreationParameter = signatureCreationParameter; + } + + public SignatureVerificationParameter getSignatureVerificationParameter() { + return signatureVerificationParameter; + } + + public void setSignatureVerificationParameter( + SignatureVerificationParameter signatureVerificationParameter) { + this.signatureVerificationParameter = signatureVerificationParameter; + } + + public Map<String, CPEPS> getCpepsMap() { + return cpepsMap; + } + + public void setCpepsMap(Map<String, CPEPS> cpepsMap) { + this.cpepsMap = cpepsMap; + } + + public boolean isSTORKAuthentication(String ccc) { + + if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) + return false; + + if (this.cpepsMap.containsKey(ccc.toUpperCase())) + return true; + else + return false; + + } + + public CPEPS getCPEPS(String ccc) { + if (isSTORKAuthentication(ccc)) + return this.cpepsMap.get(ccc); + else + return null; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java new file mode 100644 index 000000000..fcccf41f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates signature creation parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureCreationParameter { + + /** KeyStore Path */ + private String keyStorePath; + + /** KeyStore Password */ + private String keyStorePassword; + + /** Signing Key Name */ + private String keyName; + + /** Signing Key Password */ + private String keyPassword; + + /** + * Gets the KeyStore Path + * @return File Path to KeyStore + */ + public String getKeyStorePath() { + return keyStorePath; + } + + /** + * Sets the KeyStore Path + * @param keyStorePath Path to KeyStore + */ + public void setKeyStorePath(String keyStorePath) { + this.keyStorePath = keyStorePath; + } + + /** + * Gets the KeyStore Password + * @return Password to KeyStore + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * Sets the KeyStore Password + * @param keyStorePassword Password to KeyStore + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * Gets the Signing Key Name + * @return Siging Key Name + */ + public String getKeyName() { + return keyName; + } + + /** + * Sets the Signing Key Name + * @param keyName Signing Key Name + */ + public void setKeyName(String keyName) { + this.keyName = keyName; + } + + /** + * Gets the Signing Key Password + * @return Signing Key Password + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * Sets the Signing Key Password + * @param keyPassword Signing Key Password + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java new file mode 100644 index 000000000..d01c8e541 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates Signature Verification data for STORK according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureVerificationParameter { + + /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ + private String trustProfileID; + + /** + * Gets the MOA-SP TrustProfileID + * @return TrustProfileID of MOA-SP for STORK signature verification + */ + public String getTrustProfileID() { + return trustProfileID; + } + + /** + * Sets the MOA-SP TrustProfileID + * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification + */ + public void setTrustProfileID(String trustProfileID) { + this.trustProfileID = trustProfileID; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java new file mode 100644 index 000000000..a482da430 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java @@ -0,0 +1,411 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "<code>Stellvertretungen</code>" + * for "<code>Mandates</code>" or "<code>GDAToken</code>" for + * "<code>EHSPToken</code>". + * <br>If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the <code>identity link</code> should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; i<nodeList.getLength(); i++) { + applicationSpecificParams_.appendChild((Node) nodeList.item(i)); + } + } + } catch (TransformerException e) { + //Do nothing + } + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return <code>True</code> if the identity link should be passed to the verifying + * application, otherwise <code>false</code>. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink <code>True</code> if the identity link should be passed to + * the verifying application, otherwise <code>false</code>. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + * + * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the + * verifying application, otherwise <code>false</code>. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be + * passed to the verifying application, otherwise <code>false</code>. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return <code>True</code> if the infobox is required to be returned by the BKU, + * otherwise <code>false</code>. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required <code>True</code> if the infobox is required to be returned by the + * BKU, otherwise <code>false</code>. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe <code>null</code>. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" <Infobox Identifier=\""); + buffer.append(identifier_); + buffer.append("\" required=\""); + buffer.append(required_); + buffer.append("\" provideStammzahl=\""); + buffer.append(provideStammzahl_); + buffer.append("\" provideIdentityLink=\""); + buffer.append(provideIdentityLink_); + buffer.append("\">"); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" <FriendlyName>"); + buffer.append(friendlyName_); + buffer.append("</FriendlyName>"); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" <TrustProfileID>"); + buffer.append(trustProfileID_); + buffer.append("</TrustProfileID>"); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" <ValidatorClass>"); + buffer.append(validatorClassName_); + buffer.append("</ValidatorClass>"); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" <SchemaLocations>"); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" <Schema namespace=\""); + Schema schema = (Schema)it.next(); + buffer.append(schema.getNamespace()); + buffer.append("\" schemaLocation=\""); + buffer.append(schema.getSchemaLocation()); + buffer.append("\"/>\n"); + } + buffer.append(" </SchemaLocations>"); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" </Infobox>"); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java new file mode 100644 index 000000000..c7f5aa7ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the <code>PushInfobox</code> parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index ed0de8ebe..d14d570ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.config.proxy; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.OAParameter; /** * Configuration parameters belonging to an online application, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index 219b0f8ba..094e7162e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -33,9 +33,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 86ae93a4b..1c9c1caa8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -33,7 +33,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 485a44421..4b4364555 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,9 +3,32 @@ */
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,83 @@ import at.gv.egovernment.moa.util.StringUtils; public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private STORK stork;
+ private Properties props;
+ private Map<String, CPEPS> cpepsMap;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
-
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
+ public STORKConfig(STORK stork, Properties props) {
+ this.stork = stork;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
}
public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
- }
-
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+
+ return new SignatureCreationParameter(props);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
+ return null;
+ }
+
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+ return null;
+ }
+
+ return new SignatureVerificationParameter(sigverify.getTrustProfileID());
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java index 1f66b7752..ee4fc1e20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,24 @@ package at.gv.egovernment.moa.id.config.stork; */
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props) {
+ this.props = props;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +58,7 @@ public class SignatureCreationParameter { * @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +66,7 @@ public class SignatureCreationParameter { * @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +74,6 @@ public class SignatureCreationParameter { * @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java index 2d8402e4d..211c7dde4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -14,6 +14,10 @@ public class SignatureVerificationParameter { /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter { return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 4c5b82db8..a453010da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -11,11 +11,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -58,6 +61,10 @@ public class DispatcherServlet extends AuthServlet{ protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + boolean isValidSSOSession = false; + boolean useSSOOA = false; + try { Logger.info("REQUEST: " + req.getRequestURI()); Logger.info("QUERY : " + req.getQueryString()); @@ -191,10 +198,19 @@ public class DispatcherServlet extends AuthServlet{ return; } + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParam == null) { + //TODO: Find a better place for this!! + req.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + RequestStorage.setPendingRequest(httpSession, protocolRequest); AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + SSOManager ssomanager = SSOManager.getInstance(); //get SSO Cookie for Request @@ -215,10 +231,8 @@ public class DispatcherServlet extends AuthServlet{ } } - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); - - //TODO: load useSSO from config! - boolean useSSOOA = true; + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + useSSOOA = oaParam.useSSO(); if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -257,22 +271,26 @@ public class DispatcherServlet extends AuthServlet{ moduleAction.processRequest(protocolRequest, req, resp); - //save SSO session usage in Database - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); + RequestStorage.removePendingRequest(httpSession); + + if (useSSOOA || isValidSSOSession) { + //save SSO session usage in Database + String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } } else { - ssomanager.deleteSSOSessionID(req, resp); + authmanager.logout(req, resp); } - - RequestStorage.removePendingRequest(httpSession); - - + //authmanager.logout(req, resp); } catch (Throwable e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index e1a8673b7..10ff4bfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl */ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { this.conf=conf; - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + if (certStoreRootDirParam == null) throw new ConfigurationException( - "config.08", new Object[] {paramName}); + "config.08", new Object[] {"CertStoreDirectory"}); rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); File f = new File(rootDirectory); if (!f.isDirectory()) throw new ConfigurationException( - "config.05", new Object[] {paramName}); + "config.05", new Object[] {"CertStoreDirectory"}); parameters = new CertStoreParameters[] { this }; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index d04c0b3d5..7c2a9d533 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -2,21 +2,15 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.Arrays; import java.util.List; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; @@ -202,11 +196,10 @@ public class AuthenticationManager extends AuthServlet { setNoCachingHeadersInHttpRespone(request, response); - //TODO:move this to config!!! - final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); + List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols(); //is legacy allowed - boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); + boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); @@ -265,12 +258,9 @@ public class AuthenticationManager extends AuthServlet { .getOnlineApplicationParameter(target.getOAURL()); if (oaParam == null) { - //TODO: Find a better place for this!! - request.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); } - - + else { //check if an MOASession exists and if not create an new MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index eeb0afae2..1e863ec81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -10,7 +10,7 @@ import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -57,7 +57,7 @@ public class SSOManager { public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List<OldSSOSessionIDStore> result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 2c4b7c4c5..f3df7a4df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.IOException; +import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import javax.servlet.http.HttpServletRequest; @@ -11,7 +13,11 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -19,6 +25,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; @@ -65,12 +72,13 @@ public class GetArtifactAction implements IAction { //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), // useUTC, false); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, oaParam, target); - String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session, oaParam, authData); + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); String redirectURL = oaURL; session.getOAURLRequested(); @@ -85,8 +93,15 @@ public class GetArtifactAction implements IAction { httpResp.setContentType("text/html"); httpResp.setStatus(302); + +// if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { +// String url = "RedirectServlet?"+RedirectServlet.REDIRCT_GETPARAM+"="+redirectURL; +// httpResp.addHeader("Location", url); +// +// } else { + httpResp.addHeader("Location", redirectURL); +// } - httpResp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); // CONFIRMATION FOR SSO! @@ -128,7 +143,13 @@ public class GetArtifactAction implements IAction { } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } //catch (MOADatabaseException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } protected static String addURLParameter(String url, String paramname, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 784dec0df..c8a9a24ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -113,7 +113,9 @@ public class GetAuthenticationDataService implements Constants { String samlArtifact = DOMUtils.getText(samlArtifactElem); try { - AuthenticationData authData = SAML1AuthenticationServer.getSaml1AuthenticationData(samlArtifact); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); useUTC = authData.getUseUTC(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index e79954daa..1b516fe19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -6,18 +6,32 @@ import java.io.File; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Date; +import java.util.List; +import java.util.Vector; + +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -26,10 +40,21 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { + private static SAML1AuthenticationServer instance; + + public static SAML1AuthenticationServer getInstace() { + if (instance == null) + instance = new SAML1AuthenticationServer(); + + return instance; + } + //private static Map authenticationDataStore = new HashMap(); private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); @@ -48,7 +73,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * * @return <code>AuthenticationData</code> */ - public static AuthenticationData getSaml1AuthenticationData(String samlArtifact) + public AuthenticationData getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); @@ -71,17 +96,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } + + //removed from MOA-ID 2.0 config +// try { +// String boolStr = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.KeepAssertion"); +// if (null != boolStr && boolStr.equalsIgnoreCase("true")) +// keepAssertion = true;// Only allowed for debug purposes!!! +// +// } catch (ConfigurationException ex) { +// throw new AuthenticationException("1205", new Object[] { +// samlArtifact, ex.toString() }); +// } if (!keepAssertion) { authenticationDataStore.remove(samlArtifact); } @@ -96,7 +123,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return authData; } - public static String BuildSAMLArtifact(AuthenticationSession session, + public String BuildSAMLArtifact(AuthenticationSession session, OAAuthParameter oaParam, AuthenticationData authData) throws ConfigurationException, BuildException, AuthenticationException { @@ -112,14 +139,17 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // conditionLength); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); + //Load SAML1 Parameter from OA config + OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + + boolean useCondition = saml1parameter.isUseCondition(); + int conditionLength = saml1parameter.getConditionLength().intValue(); try { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { + if (saml1parameter.isProvideCertificate()) { byte[] signerCertificate = session.getEncodedSignerCertificate(); if (signerCertificate != null) { @@ -131,19 +161,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } //set prPersion - boolean provideStammzahl = oaParam.getProvideStammzahl(); + boolean provideStammzahl = saml1parameter.isProvideStammzahl(); String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), provideStammzahl); //set Authblock - String authBlock = oaParam.getProvideAuthBlock() ? session + String authBlock = saml1parameter.isProvideAUTHBlock() ? session .getAuthBlock() : ""; //set IdentityLink for assortion - String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + String ilAssertion = saml1parameter.isProvideIdentityLink() ? session.getIdentityLink() .getSerializedSamlAssertion() : ""; - if (!oaParam.getProvideStammzahl()) { + if (!saml1parameter.isProvideStammzahl()) { ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() .getIdentificationValue(), ""); } @@ -151,16 +181,87 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String samlAssertion; if (session.getUseMandate()) { + List oaAttributes = session.getExtendedSAMLAttributesOA();; + + if (saml1parameter.isProvideFullMandatorData()) { + + try { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + session.getMISMandate(), oaParam.getBusinessService(), + saml1parameter.isProvideStammzahl()); + + if (extendedSAMLAttributes != null) { + + String identifier = "MISService"; + String friendlyName ="MISService"; + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[] { + friendlyName, String.valueOf((i + 1)) }); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[] { + identifier, String.valueOf((i + 1)) }); + } + } + } + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } + } + + String mandateDate = generateMandateDate(session, oaParam); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, - session.getMandateData(), + mandateDate, authBlock, ilAssertion, session.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), - session.getExtendedSAMLAttributesOA(), + oaAttributes, useCondition, conditionLength); @@ -180,21 +281,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } + //is removed from MOA-ID 2.0 config +// String assertionFile = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.WriteAssertionToFile"); +// if (!ParepUtils.isEmpty(assertionFile)) +// try { +// ParepUtils.saveStringToFile(samlAssertion, new File( +// assertionFile)); +// } catch (IOException e) { +// throw new BuildException("builder.00", new Object[] { +// "AuthenticationData", e.toString() }, e); +// } + + //TODO: get sourceID from oaConfig!!! String samlArtifact = new SAMLArtifactBuilder().build( session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + saml1parameter.getSourceID()); storeAuthenticationData(samlArtifact, authData); @@ -209,6 +313,157 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private String generateMandateDate(AuthenticationSession session, + OAAuthParameter oaParam + ) throws AuthenticationException, BuildException, + ParseException, ConfigurationException, ServiceException, + ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[] { + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); + + //AuthenticationSession session = getSession(sessionID); + // AuthConfigurationProvider authConf = + // AuthConfigurationProvider.getInstance(); + + IdentityLink tempIdentityLink = null; + + Element mandate = session.getMandate(); + + if (session.getUseMandate()) { + tempIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils + .extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, + "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical + && oaParam.getBusinessService() + && identificationType != null + && Constants.URN_PREFIX_BASEID + .equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the + // BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK( + identificationValue, session.getDomainIdentifier()); + ParepUtils + .HideStammZahlen(prPerson, true, null, null, true); + } + + tempIdentityLink.setDateOfBirth(dateOfBirth); + tempIdentityLink.setFamilyName(familyName); + tempIdentityLink.setGivenName(givenName); + tempIdentityLink.setIdentificationType(identificationType); + tempIdentityLink.setIdentificationValue(identificationValue); + tempIdentityLink.setPrPerson(prPerson); + try { + tempIdentityLink.setSamlAssertion(session.getIdentityLink() + .getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + + } + + } + + Element mandatePerson = tempIdentityLink.getPrPerson(); + + String mandateData = null; + try { + + boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); + + String oatargetType; + + if(oaParam.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { + + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, oaParam.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); + } + } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); + } + + + mandateData = DOMUtils.serializeNode(mandatePerson); + + } catch (TransformerException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } catch (IOException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + return mandateData; + } + + + + /** * Stores authentication data indexed by the assertion handle contained in * the given saml artifact. @@ -220,7 +475,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @throws AuthenticationException * when SAML artifact is invalid */ - private static void storeAuthenticationData(String samlArtifact, + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 850f2438a..e1bd38d68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public DefaultConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 49e3c09b8..1243960ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public ElakConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index d4a3e4634..9bbef8aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public EnhancedConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 61f38412e..e075c99ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -33,7 +33,7 @@ import java.security.GeneralSecurityException; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; @@ -91,8 +91,10 @@ public class MOAIDProxyInitializer { ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); + + //TODO: einkommentieren!!!! + //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + //AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); @@ -104,8 +106,10 @@ public class MOAIDProxyInitializer { for (int i = 0; i < oaParams.length; i++) { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + if (oaConnParam.isHTTPSURL()); + + //TODO: einkommentieren!!!! + //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index fa455b4ef..6cb7ffdfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 6a497f174..ddaab7a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; @@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet { // setup SSLSocketFactory for communication with the online application if (oaConnParam.isHTTPSURL()) { try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + + //TODO: einkommentieren!!!! + //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } catch (Throwable ex) { throw new ProxyException( "proxy.05", diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 9933142e3..b01a6a36e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -11,7 +11,7 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; @@ -52,7 +52,7 @@ public class AssertionStorage { //store AssertionStore element to Database try { - MOASessionUtil.saveOrUpdate(element); + MOASessionDBUtils.saveOrUpdate(element); Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); } catch (MOADatabaseException e) { @@ -85,7 +85,7 @@ public class AssertionStorage { Date expioredate = new Date(now - authDataTimeOut); List<AssertionStore> results; - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { session.beginTransaction(); @@ -98,7 +98,7 @@ public class AssertionStorage { if (results.size() != 0) { for(AssertionStore result : results) { try { - MOASessionUtil.delete(result); + MOASessionDBUtils.delete(result); Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + " after assertion timeout."); @@ -115,7 +115,7 @@ public class AssertionStorage { try { AssertionStore element = searchInDatabase(artifact); - MOASessionUtil.delete(element); + MOASessionDBUtils.delete(element); } catch (MOADatabaseException e) { Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact @@ -130,7 +130,7 @@ public class AssertionStorage { private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { MiscUtil.assertNotNull(artifact, "artifact"); Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; synchronized (session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index faff2955b..90c938e7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -18,7 +18,7 @@ import org.hibernate.Transaction; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.commons.db.MOASessionUtil; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -62,7 +62,7 @@ public class AuthenticationSessionStoreage { //store AssertionStore element to Database try { - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); Log.info("MOASession with sessionID=" + id + " is stored in Database"); } catch (MOADatabaseException e) { @@ -83,7 +83,7 @@ public class AuthenticationSessionStoreage { //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { @@ -96,7 +96,7 @@ public class AuthenticationSessionStoreage { public static void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; @@ -168,7 +168,7 @@ public class AuthenticationSessionStoreage { //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - MOASessionUtil.saveOrUpdate(dbsession); + MOASessionDBUtils.saveOrUpdate(dbsession); return id; @@ -203,7 +203,7 @@ public class AuthenticationSessionStoreage { try { - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; synchronized (session) { @@ -284,11 +284,24 @@ public class AuthenticationSessionStoreage { } } + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + + + } + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { MiscUtil.assertNotNull(SSOId, "moasessionID"); Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; @@ -327,16 +340,18 @@ public class AuthenticationSessionStoreage { } - public static void clean(long now, long authDataTimeOut) { - Date expioredate = new Date(now - authDataTimeOut); + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now - authDataTimeOutCreated); + Date expioredateupdate = new Date(now - authDataTimeOutUpdated); List<AuthenticatedSessionStore> results; - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); - query.setTimestamp("timeout", expioredate); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); results = query.list(); session.getTransaction().commit(); } @@ -344,7 +359,7 @@ public class AuthenticationSessionStoreage { if (results.size() != 0) { for(AuthenticatedSessionStore result : results) { try { - MOASessionUtil.delete(result); + MOASessionDBUtils.delete(result); Logger.info("Authenticated session with sessionID=" + result.getSessionid() + " after session timeout."); @@ -361,7 +376,7 @@ public class AuthenticationSessionStoreage { private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); - Session session = MOASessionUtil.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 6c8365e67..be8e475f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -177,7 +178,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ * @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI"); // if non parameter is given return true
@@ -202,9 +203,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ }
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -228,10 +227,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ } catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -270,7 +266,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ else { //check against configured trustet template urls AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List trustedTemplateURLs = authConf.getTrustedTemplateURLs(); + List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); boolean b = trustedTemplateURLs.contains(template); if (b) { Logger.debug("Parameter Template erfolgreich ueberprueft"); @@ -486,9 +482,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ try { if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + if (MiscUtil.isEmpty(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + if (MiscUtil.isEmpty(templateURL)) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 705b4e881..a6619fc11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -154,9 +154,7 @@ public class SSLUtils { PKIConfiguration cfg = null; if (! PKIFactory.getInstance().isAlreadyConfigured()) cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 1f5f1ea20..979744edb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
+ +import java.io.Serializable; -public class MISMandate {
-
+public class MISMandate implements Serializable{
+ + private static final long serialVersionUID = 1L; + final static private String OID_NOTAR = "1.2.40.0.10.3.1";
final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 7ee3b4e84..8970abc10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -109,16 +109,7 @@ public class MISSimpleClient { ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i); - -// try { -// String s = DOMUtils.serializeNode(mandate); -// System.out.println("\n\n Mandate: \n" + s); -// } catch (IOException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } - -
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) { // System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
|