aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-openID
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-14 16:30:49 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-14 16:30:49 +0200
commit6b38531ef2a829e3dab513ae8c679511a848421d (patch)
treed783a3e7cef0e5c0154e49766be2d56a52644894 /id/server/modules/moa-id-module-openID
parent3b26a365d832d4b0664777d2c348606247022564 (diff)
downloadmoa-id-spss-6b38531ef2a829e3dab513ae8c679511a848421d.tar.gz
moa-id-spss-6b38531ef2a829e3dab513ae8c679511a848421d.tar.bz2
moa-id-spss-6b38531ef2a829e3dab513ae8c679511a848421d.zip
untested, but without dependency problems
Diffstat (limited to 'id/server/modules/moa-id-module-openID')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java13
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java16
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java8
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java49
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java8
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java25
6 files changed, 56 insertions, 63 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 46381fb3d..d97c8f7cf 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeB
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
}
public static void addScopeOpenId(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData,
+ final ISPConfiguration oaParam, final IAuthData authData,
final OAuth20AuthRequest oAuthRequest) {
addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
}
public static void addScopeProfile(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData) {
+ final ISPConfiguration oaParam, final IAuthData authData) {
addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
}
public static void addScopeEID(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData) {
+ final ISPConfiguration oaParam, final IAuthData authData) {
addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
}
public static void addScopeEIDGov(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData) {
+ final ISPConfiguration oaParam, final IAuthData authData) {
addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
}
public static void addScopeMandate(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData) {
+ final ISPConfiguration oaParam, final IAuthData authData) {
addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
}
public static void addScopeSTORK(final JsonObject jsonObject,
- final IOAAuthParameters oaParam, final IAuthData authData) {
+ final ISPConfiguration oaParam, final IAuthData authData) {
addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 0189bc97d..5d461afc8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -33,11 +33,11 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -67,7 +67,7 @@ class OAuth20AuthAction implements IAction {
IAuthData authData) throws MOAIDException {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
- String responseType = oAuthRequest.getResponseType();
+ String responseType = oAuthRequest.getResponseType();
revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
@@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction {
//TODO: maybe add bPK / wbPK to SLO information
- SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule());
+ SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule());
return sloInformation;
}
@@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction {
private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
- IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
+ ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration();
- OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
+ OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
StringBuilder resultScopes = new StringBuilder();
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 1528cfb28..40701d91d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,10 +28,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
@@ -180,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
// check if client id and redirect uri are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
+ ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -192,7 +192,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
- } catch (ConfigurationException e) {
+ } catch (EAAFConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index ff802136f..e04d719d9 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -19,8 +19,8 @@ import com.google.gson.JsonObject;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -30,7 +30,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -49,7 +48,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
PVPConstants.BPK_NAME
});
- public String getName() {
+ public String getName() {
return NAME;
}
@@ -68,22 +67,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//OpenID Connect auth request
@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
- public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
- if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
- Logger.info("OpenID-Connect is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+// Logger.info("OpenID-Connect is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//
+// }
OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
try {
- pendingReq.initialize(req);
+ pendingReq.initialize(req, authConfig);
pendingReq.setModule(OAuth20Protocol.NAME);
pendingReq.populateParameters(req);
- } catch (OAuth20Exception e) {
+ } catch (EAAFException e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+ throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
}
@@ -102,22 +101,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//openID Connect tokken request
@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
- public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
- if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
- Logger.info("OpenID-Connect is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+// Logger.info("OpenID-Connect is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//
+// }
OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
try {
- pendingReq.initialize(req);
+ pendingReq.initialize(req, authConfig);
pendingReq.setModule(OAuth20Protocol.NAME);
pendingReq.populateParameters(req);
- } catch (OAuth20Exception e) {
+ } catch (EAAFException e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+ throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
}
@@ -149,18 +148,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
String errorUri = protocolRequest.getAuthURL()
+"/" + OAuth20Constants.ERRORPAGE;
String moaError = null;
-
- ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
-
+
if (e instanceof OAuth20Exception) {
errorCode = ((OAuth20Exception) e).getErrorCode();
errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
- moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+ moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
} else {
errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
- moaError = errorUtils.getResponseErrorCode(e);
+ moaError = statusMessager.getResponseErrorCode(e);
}
String paramRedirect = null;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 239665801..f3dcbd295 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -31,10 +31,10 @@ import org.springframework.stereotype.Service;
import com.google.gson.JsonObject;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -55,7 +55,7 @@ class OAuth20TokenAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
IAuthData authData) throws MOAIDException {
-
+
OAuth20SessionObject auth20SessionObject = null;
try {
OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index cada39a3a..e14914512 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,19 +22,16 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
-import java.util.Collection;
-
import javax.servlet.http.HttpServletRequest;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
// check if client id and secret are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
throw new OAuth20AccessDeniedException();
@@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
this.setOnlineApplicationConfiguration(oaParam);
}
- catch (ConfigurationException e) {
+ catch (EAAFConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
@@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
}
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
- */
- @Override
- public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
- return null;
- }
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+// */
+// @Override
+// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+// return null;
+// }
}