aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-openID/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
commitc9370266c7553db65e9d18f7fe2a0230ab94d912 (patch)
tree041eaa2f9b715205bf377b586d4e8381887b2951 /id/server/modules/moa-id-module-openID/src/main/java
parent98cdf5c84739362a2d41702f538c370fa3d2c86e (diff)
downloadmoa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.gz
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.bz2
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.zip
refactor authentication process to use service-provider configuration from pending-request
Diffstat (limited to 'id/server/modules/moa-id-module-openID/src/main/java')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java29
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java52
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java15
5 files changed, 52 insertions, 54 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index bb180d8e9..1f9d9e3a0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,14 +27,12 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -59,13 +59,12 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonPrimitive;
-
public final class OAuth20AttributeBuilder {
private OAuth20AttributeBuilder() {
@@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+ final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
for (IAttributeBuilder b : builders) {
try {
//TODO: better solution requires more refactoring :(
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
}
public static void addScopeOpenId(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData,
+ final IOAAuthParameters oaParam, final IAuthData authData,
final OAuth20AuthRequest oAuthRequest) {
addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
}
public static void addScopeProfile(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
}
public static void addScopeEID(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
}
public static void addScopeEIDGov(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
}
public static void addScopeMandate(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
}
public static void addScopeSTORK(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index d2636c259..d08a3b4f0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder {
return g.buildStringAttribute(this.getName(), "", null);
}
- public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
IAttributeGenerator<ATT> g) throws AttributeException {
if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index fcde874b4..17d0738e3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -36,8 +36,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -153,7 +152,7 @@ class OAuth20AuthAction implements IAction {
private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+ IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index ecef9b0a3..416445fa6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -212,38 +212,30 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-
- for (String s : scope.split(" ")) {
- if (s.equalsIgnoreCase("profile")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
- reqAttr.put(el.getName(), "");
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
- } else if (s.equalsIgnoreCase("eID")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("eID_gov")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("mandate")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("stork")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
- reqAttr.put(el.getName(), "");
-
- }
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
}
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
-
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 52204d7f6..22ceda4f1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController {
*/
public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
// validation is done inside creation
- OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
- Logger.debug("Created: " + res);
- return res;
+
+ try {
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
+ Logger.debug("Created: " + res);
+ return res;
+
+ } catch (OAuth20Exception e) {
+ Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
+ throw new InvalidProtocolRequestException(e.getMessage(), null);
+
+ }
}
/*