diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-04-08 07:50:20 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-04-08 07:50:20 +0200 |
commit | 50c500dd107d88988cbee8207c91a16b321d6136 (patch) | |
tree | 6abd06e3f126866534e155e40c2f7e933b5357d3 /id/server/modules/moa-id-module-openID | |
parent | ec62813f4c0e8b3002d46f7bc315e7a27d720125 (diff) | |
parent | 41882a0c5601dda478c2749ac99c2087b864c912 (diff) | |
download | moa-id-spss-50c500dd107d88988cbee8207c91a16b321d6136.tar.gz moa-id-spss-50c500dd107d88988cbee8207c91a16b321d6136.tar.bz2 moa-id-spss-50c500dd107d88988cbee8207c91a16b321d6136.zip |
Merge tag 'MOA-ID-3.1.0' into development_preview
JoinUp Release
Diffstat (limited to 'id/server/modules/moa-id-module-openID')
22 files changed, 220 insertions, 237 deletions
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 080d5ae0b..4684c8032 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -73,11 +73,11 @@ </exclusions> </dependency> -<!-- <dependency> + <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>19.0</version> - </dependency> --> + </dependency> <!-- TestNG --> <dependency> diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index e2ac97535..9060f35c5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java deleted file mode 100644 index eb3cfcccb..000000000 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.oauth20; - -public class Pair<P1, P2> { - private final P1 first; - private final P2 second; - - private Pair(final P1 newFirst, final P2 newSecond) { - this.first = newFirst; - this.second = newSecond; - } - - public P1 getFirst() { - return this.first; - } - - public P2 getSecond() { - return this.second; - } - - public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) { - return new Pair<P1, P2>(newFirst, newSecond); - } -} diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index bb180d8e9..9b19e0a4d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -27,14 +27,13 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.Pair; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; @@ -46,6 +45,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -59,13 +60,11 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; -import com.google.gson.JsonPrimitive; - public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { @@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, + final IOAAuthParameters oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index e81132ca7..a43c8fce9 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c4260db82..c6775b692 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 6008eede1..5f32e32a2 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index ad7fe68b9..04f38faf6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index 5c4fe02df..ff19a618a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index d2636c259..eda276df2 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder { return g.buildStringAttribute(this.getName(), "", null); } - public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, IAttributeGenerator<ATT> g) throws AttributeException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 10af9cc32..7de90e98e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 4262d6bb3..3ebadba52 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index da4f76e2d..89209b062 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 04a6ec60b..895037b2e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java index 307615fbd..5dc36868b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -public class OAuth20Exception extends RuntimeException { +public class OAuth20Exception extends MOAIDException { private static final long serialVersionUID = 1L; @@ -33,7 +33,7 @@ public class OAuth20Exception extends RuntimeException { private String errorCode; public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters); this.errorCode = errorCode; this.messageId = messageId; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 88e26da76..803ae388f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,19 +30,21 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; -import at.gv.egovernment.moa.id.protocols.oauth20.Pair; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -51,28 +53,31 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; +@Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); String code = Random.nextRandom(); try { String accessToken = UUID.randomUUID().toString(); - - Logger.debug("Stored session with id: " + code); + + Logger.debug("Build OAuth20SessionObject from authenticationData."); OAuth20SessionObject o = new OAuth20SessionObject(); if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) { o.setScope(oAuthRequest.getScope()); @@ -86,8 +91,9 @@ class OAuth20AuthAction implements IAction { throw new OAuth20ResponseTypeException(); } - // store data in oath session - AssertionStorage.getInstance().put(code, o); + // store data in oath session + + transactionStorage.put(code, o); Logger.debug("Saved OAuth20SessionObject in session with id: " + code); @@ -105,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -113,8 +119,8 @@ class OAuth20AuthAction implements IAction { Logger.warn("An error occur during OpenID-Connect idToken generation.", e); //remove OAuthSessionObject if it already exists - if (AssertionStorage.getInstance().containsKey(code)) { - AssertionStorage.getInstance().remove(code); + if (transactionStorage.containsKey(code)) { + transactionStorage.remove(code); } if (e instanceof OAuth20Exception) { @@ -147,7 +153,7 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index e5d8db873..98fcdc8dc 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,18 +22,21 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.util.Collection; import java.util.HashMap; -import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -42,19 +45,24 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; +@Component("OAuth20AuthRequest") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class OAuth20AuthRequest extends OAuth20BaseRequest { /** * @param req * @throws ConfigurationException */ - public OAuth20AuthRequest(HttpServletRequest req) - throws ConfigurationException { - super(req); + public OAuth20AuthRequest() { + super(); + + //AuthnRequest needs authentication + this.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20AuthAction.class.getName()); } private static final long serialVersionUID = 1L; @@ -179,7 +187,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -201,43 +209,36 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ @Override - public List<Attribute> getRequestedAttributes() { + public Collection<String> getRequestedAttributes() { Map<String, String> reqAttr = new HashMap<String, String>(); for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) reqAttr.put(el, ""); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) + reqAttr.put(el.getName(), ""); - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } + } else if (s.equalsIgnoreCase("eID")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID_gov")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("mandate")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("stork")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) + reqAttr.put(el.getName(), ""); + } - - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); - - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; } + + //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); + return reqAttr.keySet(); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 5fcac0b2f..3ab283db5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,14 +31,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -49,11 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set<String> allowedParameters = new HashSet<String>(); - - public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException { - super(req); - } - + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -76,12 +71,11 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setOAURL(oaURL); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setTarget(oaParam.getTarget()); if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -100,7 +94,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { this.checkAllowedParameters(request); } - private void checkAllowedParameters(final HttpServletRequest request) { + private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException { Logger.debug("Going to check for allowed parameters"); this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION); this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD); @@ -120,29 +114,4 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; - public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception { - OAuth20BaseRequest res; - try { - if (action.equals(OAuth20Protocol.AUTH_ACTION)) { - res = new OAuth20AuthRequest(request); - - } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { - res = new OAuth20TokenRequest(request); - - } else { - throw new OAuth20InvalidRequestException(); - } - - } catch (ConfigurationException e) { - Logger.warn(e.getMessage()); - throw new OAuth20InvalidRequestException(); - - } - - res.setAction(action); - res.setModule(OAuth20Protocol.NAME); - - res.populateParameters(request); - return res; - } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 70c29359e..e6ccc67b7 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.io.IOException; import java.net.URLEncoder; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -9,12 +11,19 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -23,11 +32,8 @@ import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import com.google.gson.JsonObject; - -import java.util.Arrays; - -public class OAuth20Protocol implements IModulInfo { +@Controller +public class OAuth20Protocol extends AbstractAuthProtocolModulController { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -40,14 +46,7 @@ public class OAuth20Protocol implements IModulInfo { PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.BPK_NAME }); - - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); - - static { - actions.put(AUTH_ACTION, new OAuth20AuthAction()); - actions.put(TOKEN_ACTION, new OAuth20TokenAction()); - } - + public String getName() { return NAME; } @@ -56,42 +55,83 @@ public class OAuth20Protocol implements IModulInfo { return PATH; } - public IAction getAction(String action) { - return actions.get(action); - } - - /* - * (non-Javadoc) - * @see - * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse, java.lang.String) + /** + * */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action, - String sessionId, String transactionId) throws MOAIDException { - // validation is done inside creation - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId); - Logger.debug("Created: " + res); - return res; + public OAuth20Protocol() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '/oauth2/auth' and '/oauth2/token'."); } - /* - * (non-Javadoc) - * @see - * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest - * , javax.servlet.http.HttpServletResponse) - */ - public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { - if (!StringUtils.isEmpty(request.getParameter("action"))) { - if (request.getParameter("action").equals(AUTH_ACTION)) { - return getAction(AUTH_ACTION); - } else if (request.getParameter("action").equals(TOKEN_ACTION)) { - return getAction(TOKEN_ACTION); - } + //OpenID Connect auth request + @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); + try { + pendingReq.initialize(req); + pendingReq.setModule(OAuth20Protocol.NAME); + pendingReq.populateParameters(req); + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + } - return null;// getAction(AUTH_ACTION); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + } + //openID Connect tokken request + @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); + try { + pendingReq.initialize(req); + pendingReq.setModule(OAuth20Protocol.NAME); + pendingReq.populateParameters(req); + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + + } + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + + } + /* * (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2238a25e1..9d78418cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,25 +26,32 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonObject; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; - +@Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -53,13 +60,13 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); auth20SessionObject = - AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class); + transactionStorage.get(oAuthRequest.getCode(), OAuth20SessionObject.class); } catch (MOADatabaseException e) { throw new OAuth20UnauthorizedClientException(); @@ -97,7 +104,7 @@ class OAuth20TokenAction implements IAction { // destroy session for clean up Logger.debug("Going to destroy session: " + auth20SessionObject.getCode()); - AssertionStorage.getInstance().remove(auth20SessionObject.getCode()); + transactionStorage.remove(auth20SessionObject.getCode()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index abfe4ce15..f35de9c58 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,16 +22,18 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.List; +import java.util.Collection; import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -39,15 +41,21 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrant import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.logging.Logger; +@Component("OAuth20TokenRequest") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) class OAuth20TokenRequest extends OAuth20BaseRequest { /** * @param req * @throws ConfigurationException */ - public OAuth20TokenRequest(HttpServletRequest req) - throws ConfigurationException { - super(req); + public OAuth20TokenRequest() { + super(); + //AuthnRequest needs authentication + this.setNeedAuthentication(false); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20TokenAction.class.getName()); } private static final long serialVersionUID = 1L; @@ -132,7 +140,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -160,7 +168,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ @Override - public List<Attribute> getRequestedAttributes() { + public Collection<String> getRequestedAttributes() { return null; } } diff --git a/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo deleted file mode 100644 index b653c91c3..000000000 --- a/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo +++ /dev/null @@ -1 +0,0 @@ -at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol
\ No newline at end of file |