aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-08-27 11:32:05 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-08-27 11:32:05 +0200
commitbb1b12ac5b240629e16ea1c7a50891e99f4adc14 (patch)
tree5a77e4fd20a6c22f34be8d7546c01199fe343bb9 /id/server/idserverlib/src/main/java
parentea10821a16993913222f12e1b919fe3d48c29b30 (diff)
downloadmoa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.gz
moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.bz2
moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.zip
Use test- and productive TrustStore configurations in one IDP instance
- every service configuration could select its preferred TrustStore
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java118
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java18
6 files changed, 161 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 63bdab919..e2b0f78a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -353,7 +353,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
.build(identityLink, authConf
- .getMoaSpIdentityLinkTrustProfileID());
+ .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
// invokes the call
Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
@@ -586,63 +586,63 @@ public class AuthenticationServer extends MOAIDAuthConstants {
return createXMLSignatureRequest;
}
- /**
- * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses response enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies signature by calling the MOA SP component</li>
- * <li>Returns the signer certificate</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @throws BKUException
- */
- public X509Certificate verifyXMLSignature(String sessionID,
- Map<String, String> createXMLSignatureResponseParameters)
- throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ValidateException, ServiceException, BKUException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
-
- String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
- .get(PARAM_XMLRESPONSE);
-
- if (isEmpty(xmlCreateXMLSignatureResponse))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
-
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- // parses the <CreateXMLSignatureResponse>
- CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
- xmlCreateXMLSignatureResponse);
- CreateXMLSignatureResponse createXMLSignatureResponse = p
- .parseResponseDsig();
-
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .buildDsig(createXMLSignatureResponse, authConf
- .getMoaSpAuthBlockTrustProfileID());
-
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- return verifyXMLSignatureResponse.getX509certificate();
-
- }
+// /**
+// * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+// * security layer implementation.<br>
+// * <ul>
+// * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+// * <li>Parses response enclosed in
+// * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+// * <li>Verifies signature by calling the MOA SP component</li>
+// * <li>Returns the signer certificate</li>
+// * </ul>
+// *
+// * @param sessionID ID of associated authentication session data
+// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
+// * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+// * @throws BKUException
+// */
+// public X509Certificate verifyXMLSignature(String sessionID,
+// Map<String, String> createXMLSignatureResponseParameters)
+// throws AuthenticationException, BuildException, ParseException,
+// ConfigurationException, ValidateException, ServiceException, BKUException {
+//
+// if (isEmpty(sessionID))
+// throw new AuthenticationException("auth.10", new Object[]{
+// REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
+//
+// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
+// .get(PARAM_XMLRESPONSE);
+//
+// if (isEmpty(xmlCreateXMLSignatureResponse))
+// throw new AuthenticationException("auth.10", new Object[]{
+// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
+//
+// AuthConfiguration authConf = AuthConfigurationProviderFactory
+// .getInstance();
+//
+// // parses the <CreateXMLSignatureResponse>
+// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
+// xmlCreateXMLSignatureResponse);
+// CreateXMLSignatureResponse createXMLSignatureResponse = p
+// .parseResponseDsig();
+//
+// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+// .buildDsig(createXMLSignatureResponse, authConf
+// .getMoaSpAuthBlockTrustProfileID());
+//
+// // invokes the call
+// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+// .verifyXMLSignature(domVerifyXMLSignatureRequest);
+//
+// // parses the <VerifyXMLSignatureResponse>
+// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+// domVerifyXMLSignatureResponse).parseData();
+//
+// return verifyXMLSignatureResponse.getX509certificate();
+//
+// }
/**
* Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
@@ -1122,7 +1122,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
// debug output
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index d8f1a28c5..c98a7d537 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -35,7 +35,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
public OAAuthParameter getOnlineApplicationParameter(String oaURL);
- public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException;
+ public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException;
@@ -44,8 +44,8 @@ public interface AuthConfiguration extends ConfigurationProvider{
public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException;
public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException;
-
- public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException;
+
+ public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
public List<String> getTransformsInfos() throws ConfigurationException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 92d0856ba..b68f42086 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -188,6 +188,9 @@ public interface IOAAuthParameters {
List<String> getTestCredentialOIDs();
+ boolean isUseIDLTestTrustStore();
+ boolean isUseAuthBlockTestTestStore();
+
PrivateKey getBPKDecBpkDecryptionKey();
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 8f3091e42..fdd125156 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -888,4 +888,30 @@ public List<Integer> getReversionsLoggingEventCodes() {
return null;
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore()
+ */
+@Override
+public boolean isUseIDLTestTrustStore() {
+ String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE);
+ if (MiscUtil.isNotEmpty(value))
+ return Boolean.parseBoolean(value);
+ else
+ return false;
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore()
+ */
+@Override
+public boolean isUseAuthBlockTestTestStore() {
+ String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE);
+ if (MiscUtil.isNotEmpty(value))
+ return Boolean.parseBoolean(value);
+ else
+ return false;
+}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index cb9ac890d..702cd3ce3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -334,7 +334,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return a string with a url-reference to the VerifyAuthBlock trust profile ID.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
*/
- public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
+ public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+ if (useTestTrustStore)
+ return getMoaSpAuthBlockTestTrustProfileID();
+ else
+ return getMoaSpAuthBlockTrustProfileID();
+ }
+
+ private String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD);
@@ -344,7 +351,39 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return null;
}
}
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpAuthBlockTestTrustProfileID()
+ */
+ private String getMoaSpAuthBlockTestTrustProfileID()
+ throws ConfigurationException {
+ try {
+ return configuration.getStringValue(
+ MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST);
+
+ } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
+ Logger.warn("Test-AuthBlock validation trustprofile can not be read from configuration.", e);
+ return null;
+ }
+ }
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTestTrustProfileID()
+ */
+ private String getMoaSpIdentityLinkTestTrustProfileID()
+ throws ConfigurationException {
+ try {
+ return configuration.getStringValue(
+ MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST);
+
+ } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
+ Logger.warn("Test-IdentityLink validation trustprofile can not be read from configuration.", e);
+ return null;
+ }
+ }
+
+
/**
* Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component.
*
@@ -446,7 +485,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}.
*/
- public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
+ private String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD);
@@ -1060,4 +1099,15 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean)
+ */
+ @Override
+ public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore)
+ throws ConfigurationException {
+ if (useTestTrustStore)
+ return getMoaSpIdentityLinkTestTrustProfileID();
+ else
+ return getMoaSpIdentityLinkTrustProfileID();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index e59ac827b..386e04f45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -468,4 +468,22 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
// TODO Auto-generated method stub
return null;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore()
+ */
+ @Override
+ public boolean isUseIDLTestTrustStore() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore()
+ */
+ @Override
+ public boolean isUseAuthBlockTestTestStore() {
+ // TODO Auto-generated method stub
+ return false;
+ }
}