aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
commitd23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch)
tree2195fbe110c392728b3009aa545363540a94294e /id/server/moa-id-commons
parent86aa898406f539fd06129360c58c654afc62e904 (diff)
parentf923a89436377f581c6e2ab6637024aa068bf9fb (diff)
downloadmoa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server/moa-id-commons')
-rw-r--r--id/server/moa-id-commons/pom.xml4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java26
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java3
11 files changed, 116 insertions, 28 deletions
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 55a7e7be9..7ec1ddf73 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -270,13 +270,13 @@
</dependency>
- <dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
+ <artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index a787cea00..4dd0a857f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes;
public interface AuthConfiguration extends ConfigurationProvider{
+ public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore";
public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 5df4a4163..00b39daec 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,7 +22,6 @@
*/
package at.gv.egovernment.moa.id.commons.api;
-import java.io.Serializable;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.List;
@@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{
*/
public List<String> foreignbPKSectorsRequested();
+
+ /**
+ * Get a List of sectors for that this service provider requires additional unencrypted bPKs
+ *
+ * @return list of sectors, or null if no sectors are defined
+ */
+ public List<String> additionalbPKSectorsRequested();
+
+
+
+
} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 4555f61d2..4adff7f19 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (oa.getIseIDDemoModeActive() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString());
+
if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
-
+ if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY);
+
+
+
+
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
@@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)))
+ dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)));
+ else
+ dbOA.setIseIDDemoModeActive(false);
+
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)))
+ dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS));
+
+
//store BKU-URLs
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index a6315fe2c..1be97c49d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+ public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs";
+ public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode";
public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index e37873a72..510fd0581 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,15 @@ public class OnlineApplication
@XmlTransient
protected String mandateServiceSelectionTemplateURL = null;
- @XmlTransient
+ @XmlTransient
protected String foreignbPKTargetList = null;
+ @XmlTransient
+ protected String additionalbPKTargetList = null;
+ @XmlTransient
+ protected Boolean iseIDDemoModeActive = false;
+
public String getForeignbPKTargetList() {
return foreignbPKTargetList;
@@ -128,6 +133,25 @@ public class OnlineApplication
this.foreignbPKTargetList = foreignbPKTargetList;
}
+
+
+
+ public String getAdditionalbPKTargetList() {
+ return additionalbPKTargetList;
+ }
+
+ public void setAdditionalbPKTargetList(String additionalbPKTargetList) {
+ this.additionalbPKTargetList = additionalbPKTargetList;
+ }
+
+ public Boolean getIseIDDemoModeActive() {
+ return iseIDDemoModeActive;
+ }
+
+ public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) {
+ this.iseIDDemoModeActive = iseIDDemoModeActive;
+ }
+
/**
* @return the saml2PostBindingTemplateURL
*/
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 4c6cd16c0..7114552b4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,7 +37,6 @@ import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
-import com.fasterxml.jackson.annotation.JsonCreator;
@@ -57,7 +56,6 @@ public class AssertionStore implements Serializable{
- @JsonCreator
public AssertionStore(){
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
index 7121c4a2a..31c66376c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
@@ -72,8 +72,9 @@ public class HttpClientWithProxySupport {
String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$
String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$
if (MiscUtil.isNotEmpty(user) && pass != null) {
- CredentialsProvider credsProvider = new BasicCredentialsProvider();
- credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+ CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider();
+ proxyCredsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+ clientBuilder.setDefaultCredentialsProvider(proxyCredsProvider);
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index bdadf681d..6c8c092ed 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,7 +34,6 @@ import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIException;
-import sun.security.ssl.ProtocolVersion;
/**
* @author tlenz
@@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @throws MOAHttpProtocolSocketFactoryException
*/
public MOAHttpProtocolSocketFactory (
- String url,
+ String url,
+ boolean useStandardJavaTrustStore,
String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder,
boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
- internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
this.verifyHostName = verifyHostName;
@@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @param verifyHostName Enables / Disables hostName verfication
* @throws MOAHttpProtocolSocketFactoryException
*/
- public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+ public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore,
+ String certStoreDirectory,
+ String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder,
boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
- internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
this.verifyHostName = verifyHostName;
}
- private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+ private void internalInitialize(String url, boolean useStandardJavaTrustStore,
+ String certStoreDirectory,
+ String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
try {
this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
- url,
+ url,
+ useStandardJavaTrustStore,
certStoreDirectory,
trustStoreURL,
acceptedServerCertURL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index e6efca4ea..8aaf94fad 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -108,8 +108,29 @@ public class SSLUtils {
}
}
+ /**
+ * Get SSLSocketFactory with TrustStore and KeyStore implementations
+ *
+ * @param url URL of the Service that should be connected
+ * @param useStandardJavaTrustStore Flag to use standard JVM truststore
+ * @param certStoreRootDirParam Path to certStore, if own truststore is used
+ * @param trustStoreURL Path to truststore, if own truststore is used
+ * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used
+ * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used
+ * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used
+ * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used
+ * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null
+ * @param clientKeyStorePassword KeyStore password
+ * @param clientKeyStoreType KeyStore type
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ * @throws SSLConfigurationException
+ * @throws PKIException
+ */
public static SSLSocketFactory getSSLSocketFactory(
- String url,
+ String url,
+ boolean useStandardJavaTrustStore,
String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
@@ -130,14 +151,19 @@ public class SSLUtils {
return ssf;
}
-
- TrustManager[] tms = getTrustManagers(
- certStoreRootDirParam,
- chainingMode,
- trustStoreURL,
- acceptedServerCertURL,
- checkRevocation,
- revocationMethodOrder);
+
+ //initialize own trust-store implementation
+ TrustManager[] tms = null;
+ if (!useStandardJavaTrustStore) {
+ tms = getTrustManagers(
+ certStoreRootDirParam,
+ chainingMode,
+ trustStoreURL,
+ acceptedServerCertURL,
+ checkRevocation,
+ revocationMethodOrder);
+
+ }
KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 47abbf29a..b3655c0c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -398,8 +398,7 @@ public interface Constants {
/* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
- public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
-
+ public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
/* Prefix and Schema for SAML2 Entity Attributes */
public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr";