use MOA SSL SocketFactory for AttributQueryRequests

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-05-07 17:17:18 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-05-07 17:17:18 +0200
commit: 14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71 (patch)
tree: 499005ff90caebcf2e1227bbcf53cee0d9a73d9d /id/server/idserverlib/src/main
parent: 9ade292185a7cd7ebfd0aad27a48324433737bfe (diff)
download: moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.gz
moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.bz2
moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.zip
3 files changed, 43 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 33c150927..a1a51f6c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,6 +32,7 @@ import java.util.List;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
@@ -61,12 +62,16 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -173,18 +178,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				authdata.setBPK(interfIDP.getUserNameID());
 
 			} else {						
+				//get attributes from interfederated IDP
+				OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp,  reqAttributes);
+				
 				//mark attribute request as used 				
 				try {
-					interfIDP.setAttributesRequested(true);
-					MOASessionDBUtils.saveOrUpdate(interfIDP);
+					if (idp.isInterfederationSSOStorageAllowed()) {
+						interfIDP.setAttributesRequested(true);
+						MOASessionDBUtils.saveOrUpdate(interfIDP);
+						
+					} else {
+						MOASessionDBUtils.delete(interfIDP);
+					}
 										
 				} catch (MOADatabaseException e) {
 					Logger.error("MOASession interfederation information can not stored to database.", e);
 					
 				}
-
-				//get attributes from interfederated IDP
-				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, reqAttributes);
 			}
 			
 		} else {
@@ -217,13 +228,14 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 	 * @param oaParam
 	 * @param protocolRequest
 	 * @param interfIDP
+	 * @param idp 
 	 * @param reqQueryAttr 
 	 * @throws ConfigurationException 
 	 */
 	private static void getAuthDataFromInterfederation(
 			AuthenticationData authdata, AuthenticationSession session,
 			IOAAuthParameters oaParam, IRequest req,
-			InterfederationSessionStore interfIDP, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
+			InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
 		
 		try {		
 			List<Attribute> attributs = null;
@@ -243,9 +255,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				attributs = req.getRequestedAttributes();
 				
 			}
-			
-			//collect attributes by using BackChannel communication				
-			String endpoint = oaParam.getIDPAttributQueryServiceURL();
+
+			//collect attributes by using BackChannel communication
+			String endpoint = idp.getIDPAttributQueryServiceURL();			
 			if (MiscUtil.isEmpty(endpoint)) {
 				Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
 				throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
@@ -265,6 +277,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			soapContext.setOutboundMessage(soapRequest);
 			 
 			HttpClientBuilder clientBuilder = new HttpClientBuilder();
+			if (endpoint.startsWith("https")) {
+				try {
+					SecureProtocolSocketFactory sslprotocolsocketfactory = 
+							new MOAHttpProtocolSocketFactory(
+									PVPConstants.SSLSOCKETFACTORYNAME, 
+									AuthConfigurationProvider.getInstance().getCertstoreDirectory(), 
+									AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+									null,
+									ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), 
+									AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+					clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+					
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}				
+			}
+			
 			HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
 			
 			//send request to IDP				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index dafaf6279..47c297914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants;
 
 public interface PVPConstants {
 	
+	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
+	
 	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
 	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
 	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 5c8e181a7..f29c0eaef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +339,7 @@ public class MOAMetadataProvider implements MetadataProvider {
 			if (metadataURL.startsWith("https:")) {
 				try {
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							"MOAMetaDataProvider", 
+							PVPConstants.SSLSOCKETFACTORYNAME, 
 							AuthConfigurationProvider.getInstance().getCertstoreDirectory(), 
 							AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
 							null,
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-05-07 17:17:18 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-05-07 17:17:18 +0200
commit	14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71 (patch)
tree	499005ff90caebcf2e1227bbcf53cee0d9a73d9d /id/server/idserverlib/src/main
parent	9ade292185a7cd7ebfd0aad27a48324433737bfe (diff)
download	moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.gz moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.tar.bz2 moa-id-spss-14b0f46d1aa0b266547ac43dfc7a4ed2256cfc71.zip