diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-27 11:32:05 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-27 11:32:05 +0200 |
commit | bb1b12ac5b240629e16ea1c7a50891e99f4adc14 (patch) | |
tree | 5a77e4fd20a6c22f34be8d7546c01199fe343bb9 /id/server/idserverlib | |
parent | ea10821a16993913222f12e1b919fe3d48c29b30 (diff) | |
download | moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.gz moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.bz2 moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.zip |
Use test- and productive TrustStore configurations in one IDP instance
- every service configuration could select its preferred TrustStore
Diffstat (limited to 'id/server/idserverlib')
6 files changed, 161 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 63bdab919..e2b0f78a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -353,7 +353,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() @@ -586,63 +586,63 @@ public class AuthenticationServer extends MOAIDAuthConstants { return createXMLSignatureRequest; } - /** - * Processes an <code><CreateXMLSignatureResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><CreateXMLSignatureResponse></code></li> - * <li>Parses response enclosed in - * <code><CreateXMLSignatureResponse></code></li> - * <li>Verifies signature by calling the MOA SP component</li> - * <li>Returns the signer certificate</li> - * </ul> - * - * @param sessionID ID of associated authentication session data - * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU - * including the <code><CreateXMLSignatureResponse></code> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map<String, String> createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); - - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - // parses the <CreateXMLSignatureResponse> - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } +// /** +// * Processes an <code><CreateXMLSignatureResponse></code> sent by the +// * security layer implementation.<br> +// * <ul> +// * <li>Validates given <code><CreateXMLSignatureResponse></code></li> +// * <li>Parses response enclosed in +// * <code><CreateXMLSignatureResponse></code></li> +// * <li>Verifies signature by calling the MOA SP component</li> +// * <li>Returns the signer certificate</li> +// * </ul> +// * +// * @param sessionID ID of associated authentication session data +// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU +// * including the <code><CreateXMLSignatureResponse></code> +// * @throws BKUException +// */ +// public X509Certificate verifyXMLSignature(String sessionID, +// Map<String, String> createXMLSignatureResponseParameters) +// throws AuthenticationException, BuildException, ParseException, +// ConfigurationException, ValidateException, ServiceException, BKUException { +// +// if (isEmpty(sessionID)) +// throw new AuthenticationException("auth.10", new Object[]{ +// REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); +// +// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters +// .get(PARAM_XMLRESPONSE); +// +// if (isEmpty(xmlCreateXMLSignatureResponse)) +// throw new AuthenticationException("auth.10", new Object[]{ +// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); +// +// AuthConfiguration authConf = AuthConfigurationProviderFactory +// .getInstance(); +// +// // parses the <CreateXMLSignatureResponse> +// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( +// xmlCreateXMLSignatureResponse); +// CreateXMLSignatureResponse createXMLSignatureResponse = p +// .parseResponseDsig(); +// +// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP +// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() +// .buildDsig(createXMLSignatureResponse, authConf +// .getMoaSpAuthBlockTrustProfileID()); +// +// // invokes the call +// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() +// .verifyXMLSignature(domVerifyXMLSignatureRequest); +// +// // parses the <VerifyXMLSignatureResponse> +// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( +// domVerifyXMLSignatureResponse).parseData(); +// +// return verifyXMLSignatureResponse.getX509certificate(); +// +// } /** * Processes an <code><CreateXMLSignatureResponse></code> sent by the @@ -1122,7 +1122,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index d8f1a28c5..c98a7d537 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -35,7 +35,7 @@ public interface AuthConfiguration extends ConfigurationProvider{ public OAAuthParameter getOnlineApplicationParameter(String oaURL); - public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException; + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; @@ -44,8 +44,8 @@ public interface AuthConfiguration extends ConfigurationProvider{ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException; public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException; - - public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException; + + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; public List<String> getTransformsInfos() throws ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 92d0856ba..b68f42086 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -188,6 +188,9 @@ public interface IOAAuthParameters { List<String> getTestCredentialOIDs(); + boolean isUseIDLTestTrustStore(); + boolean isUseAuthBlockTestTestStore(); + PrivateKey getBPKDecBpkDecryptionKey(); /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 8f3091e42..fdd125156 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -888,4 +888,30 @@ public List<Integer> getReversionsLoggingEventCodes() { return null; } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ +@Override +public boolean isUseIDLTestTrustStore() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return false; +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ +@Override +public boolean isUseAuthBlockTestTestStore() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return false; +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index cb9ac890d..702cd3ce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -334,7 +334,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return a string with a url-reference to the VerifyAuthBlock trust profile ID. * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. */ - public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return getMoaSpAuthBlockTestTrustProfileID(); + else + return getMoaSpAuthBlockTrustProfileID(); + } + + private String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { try { return configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD); @@ -344,7 +351,39 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return null; } } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpAuthBlockTestTrustProfileID() + */ + private String getMoaSpAuthBlockTestTrustProfileID() + throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Test-AuthBlock validation trustprofile can not be read from configuration.", e); + return null; + } + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTestTrustProfileID() + */ + private String getMoaSpIdentityLinkTestTrustProfileID() + throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Test-IdentityLink validation trustprofile can not be read from configuration.", e); + return null; + } + } + + /** * Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component. * @@ -446,7 +485,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return String with a url-reference to the VerifyIdentityLink trust profile ID * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}. */ - public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + private String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { try { return configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD); @@ -1060,4 +1099,15 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean) + */ + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) + throws ConfigurationException { + if (useTestTrustStore) + return getMoaSpIdentityLinkTestTrustProfileID(); + else + return getMoaSpIdentityLinkTrustProfileID(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index e59ac827b..386e04f45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -468,4 +468,22 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ // TODO Auto-generated method stub return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } } |