aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorChristian Maierhofer <cmaierhofer@iaik.tugraz.at>2016-06-29 11:16:35 +0200
committerChristian Maierhofer <cmaierhofer@iaik.tugraz.at>2016-06-29 11:16:35 +0200
commitad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f (patch)
tree046064b84e29aada56546439db931fe830cd9eb4 /id/server/modules
parent7717d75918fb63ee7e9d7bf31de2696577b7e991 (diff)
parentb3aa8b6d444e7dee51e1145e3192b191ae24b1d4 (diff)
downloadmoa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.tar.gz
moa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.tar.bz2
moa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.zip
Merge branch 'eIDAS_node_implementation_remote' into moapid-3.2-opb-redis
Conflicts: id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/pom.xml7
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java16
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java6
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java16
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java58
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java9
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java12
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java37
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java24
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml3
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java4
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java23
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java20
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java23
-rw-r--r--id/server/modules/moa-id-module-openID/pom.xml4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java3
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java5
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java3
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java4
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java4
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java10
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java42
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java3
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm2
32 files changed, 261 insertions, 114 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
index f2403a62e..e5b38f9b6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
@@ -23,6 +23,13 @@
</dependency>
<dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ <version>1.2.2.5</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 7122c6577..90ed1c886 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moaspss.logging.LogMsg;
import iaik.asn1.ObjectID;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -167,12 +167,14 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
String infoboxReadRequest = "";
- if (pendingReq.needSingleSignOnFunctionality()) {
- Logger.info("SSO Login requested");
+ String ssoDomainIdentifier = authConfig.getSSOTagetIdentifier();
+ if (MiscUtil.isNotEmpty(ssoDomainIdentifier) &&
+ pendingReq.needSingleSignOnFunctionality()) {
+ Logger.debug("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+
+ if (ssoDomainIdentifier.startsWith(PREFIX_WPBK)) {
isbuisness = true;
} else {
@@ -182,10 +184,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- isbuisness, domainIdentifier);
+ isbuisness, ssoDomainIdentifier);
} else {
- Logger.info("Non-SSO Login requested");
+ Logger.debug("Non-SSO Login requested or SSO not allowed/possible");
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getBusinessService(), oaParam
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 18495381e..ef81af94b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -174,7 +174,7 @@ public class GetIdentityLinkFormBuilder extends Builder {
htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR), false, ALL);
//set redirect target
- if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET))))
+ if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)))
htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG,
oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET), false, ALL);
else
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index e82aa8fbb..e47aff83b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,6 +10,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -75,9 +77,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
-
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
out.flush();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index df101f5b7..4e591ada2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -46,13 +46,6 @@
package at.gv.egovernment.moa.id.auth.validator;
-import iaik.asn1.ObjectID;
-import iaik.asn1.structures.Name;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
@@ -70,6 +63,11 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.structures.Name;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
/**
* This class is used to validate an {@link VerifyXMLSignatureResponse}
@@ -268,9 +266,9 @@ public class VerifyXMLSignatureResponseValidator {
//compare ECDSAPublicKeys
if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
- (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ (idl.getPublicKey()[i] instanceof ECPublicKey)) &&
( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
+ (pubKeySignature instanceof ECPublicKey) ) ) {
try {
ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 2a8d26566..9fbdf5cd7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -55,6 +55,8 @@ import java.net.URLEncoder;
import javax.servlet.http.HttpServletResponse;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -91,7 +93,7 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
@@ -127,7 +129,7 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 80a2734f2..f062ad3c2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -25,14 +25,15 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
@@ -41,35 +42,57 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.AbstractSAMLEngine;
-public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
+@Service("eIDASMetadataProvider")
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider,
+ IGarbageCollectorProcessing, IDestroyableObject {
- private static MOAeIDASChainingMetadataProvider instance = null;
+// private static MOAeIDASChainingMetadataProvider instance = null;
private static Object mutex = new Object();
private MetadataProvider internalProvider;
private Map<String, Date> lastAccess = null;
- public static MOAeIDASChainingMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAeIDASChainingMetadataProvider();
- MOAGarbageCollector.addModulForGarbageCollection(instance);
- }
- }
- }
- return instance;
- }
+// public static MOAeIDASChainingMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAeIDASChainingMetadataProvider();
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+// }
+// }
+// }
+// return instance;
+// }
- private MOAeIDASChainingMetadataProvider() {
+ public MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
}
/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ if (loadedproviders != null) {
+ for (Entry<String, HTTPMetadataProvider> el : loadedproviders.entrySet()) {
+ try {
+ el.getValue().destroy();
+ Logger.debug("Destroy eIDAS Matadataprovider: " + el.getKey() + " finished");
+
+ } catch (Exception e) {
+ Logger.warn("Destroy eIDAS Matadataprovider: " + el.getKey() + " FAILED");
+
+ }
+ }
+ }
+ }
+
+ /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
@@ -196,7 +219,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
}
- timer = new Timer();
+ timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
@@ -405,5 +428,4 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
if (observer != null)
observer.onEvent(this);
}
-
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 5d7430dd7..a56e6c3cd 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -87,12 +87,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// replace data
Element idlassertion = identityLink.getSamlAssertion();
- // - set bpk/wpbk;
+ // - set fake baseID;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
- String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
+ String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+ //build personal identifier which looks like a baseID
+// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID");
+// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID);
+// prIdentification.getFirstChild().setNodeValue(fakeBaseID);
// - set last name
Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c82636a8f..2f10df540 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -33,14 +33,18 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -68,6 +72,8 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("GenerateAuthnRequestTask")
public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -125,7 +131,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
pAttList.add(newAttribute);
}
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//build eIDAS AuthnRequest
EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
@@ -176,8 +182,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Logger.debug("Template merge done");
Logger.debug("Sending html content: " + writer.getBuffer().toString());
-
- response.setContentType("text/html;charset=UTF-8");
+
+ response.setContentType(MediaType.HTML_UTF_8.toString());
response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
revisionsLogger.logEvent(oaConfig, pendingReq,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index fae06031a..daa4d8b02 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.StatusCode;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -11,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
@@ -29,6 +31,8 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("ReceiveAuthnResponseTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
@@ -48,7 +52,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//validate SAML token
EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index eeb8305cf..68640caf7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -42,7 +42,7 @@ public class SAMLEngineUtils {
private static EIDASSAMLEngine eIDASEngine = null;
- public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+ public static synchronized EIDASSAMLEngine createSAMLEngine(MOAeIDASChainingMetadataProvider moaeIDASMetadataProvider) throws EIDASEngineException{
if (eIDASEngine == null) {
try {
@@ -56,7 +56,7 @@ public class SAMLEngineUtils {
//set metadata management to eIDAS SAMLengine
engine.setMetadataProcessor(
new MOAeIDASMetadataProviderDecorator(
- MOAeIDASChainingMetadataProvider.getInstance()));
+ moaeIDASMetadataProvider));
//set MOA specific extension processor
ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 563c3a18c..4dffba575 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -29,7 +30,7 @@ public class EIDASData extends RequestImpl {
private String remoteRelayState;
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 24134f1d9..fc935e2ef 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -34,6 +34,7 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -74,6 +75,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
public static final String PATH = "eidas";
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
public EIDASProtocol() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
@@ -166,11 +169,13 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
Logger.warn("No eIDAS SAMLRequest found in http request.");
throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
}
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
-
+
try {
+ //decode SAML2 token
+ byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//validate SAML token
EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
@@ -193,23 +198,33 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
pendingReq.setEidasRequest(samlReq);
- //validate destination against metadata
+ //validate Destination against MOA-ID-Auth configuration
String reqDestination = samlReq.getDestination();
- if (MiscUtil.isNotEmpty(reqDestination)) {
+ if (MiscUtil.isEmpty(reqDestination) ||
+ !reqDestination.startsWith(pendingReq.getAuthURL())) {
+ Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ throw new eIDASAuthnRequestValidationException("stork.01",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+
+ }
+
+ //validate AssertionConsumerServiceURL against metadata
+ String reqAssertionConsumerServiceURL = samlReq.getAssertionConsumerServiceURL();
+ if (MiscUtil.isNotEmpty(reqAssertionConsumerServiceURL)) {
boolean isValid = false;
- List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+ List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider)
.getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
- if (reqDestination.equals(el.getLocation()))
+ if (reqAssertionConsumerServiceURL.equals(el.getLocation()))
isValid = true;
}
if (!isValid) {
- Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ Logger.info("eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute");
throw new eIDASAuthnRequestValidationException("stork.01",
- new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute"});
}
}
@@ -279,11 +294,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
+ new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
engine,
eidasReq.getEidasRequest());
eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index b4db5c83d..3fc13406c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -23,10 +23,12 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -50,6 +52,8 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
@Service("EidasMetaDataRequest")
public class EidasMetaDataRequest implements IAction {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -103,7 +107,7 @@ public class EidasMetaDataRequest implements IAction {
public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
String metadata="invalid metadata";
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
MetadataGenerator generator = new MetadataGenerator();
MetadataConfigParams mcp=new MetadataConfigParams();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 9943cc5fb..2beb419fb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnResponse;
import eu.eidas.auth.commons.EIDASStatusCode;
import eu.eidas.auth.commons.EIDASUtil;
@@ -68,6 +69,7 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
public class eIDASAuthenticationRequest implements IAction {
@Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -86,20 +88,21 @@ public class eIDASAuthenticationRequest implements IAction {
// TODO make use of proper builder
switch(current.getKey()) {
- case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
- case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
- case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
-
- //TODO: change bPK builder !!!!!!
- case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
+ case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+ case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
+ case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
+ case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
+
}
- if("".equals(newValue))
+ if(MiscUtil.isEmpty(newValue))
current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+
else {
current.getValue().getValue().clear();
current.getValue().getValue().add(newValue);
current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+
}
}
@@ -116,7 +119,7 @@ public class eIDASAuthenticationRequest implements IAction {
String token = null;
try {
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
@@ -125,7 +128,7 @@ public class eIDASAuthenticationRequest implements IAction {
if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
+ new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
engine,
eidasRequest.getEidasRequest());
eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
@@ -137,8 +140,9 @@ public class eIDASAuthenticationRequest implements IAction {
token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
- } catch(Exception e) {
+ } catch(Exception e) {
e.printStackTrace();
+
}
revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 5d79d082a..20395f210 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -14,6 +14,9 @@
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
+
+ <bean id="eIDASMetadataProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider"/>
<!-- Authentication Process Tasks -->
<bean id="GenerateAuthnRequestTask"
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 29bc5ee12..5720e4827 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -80,7 +82,7 @@ public class ELGAMandateMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
- resp.setContentType("text/xml");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
resp.getOutputStream().close();
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 5604b7640..07bde7762 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -149,16 +149,21 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
//load MOASession object
defaultTaskInitialization(request, executionContext);
+
+ /**
+ * Mandate Reference-Value is generated from ELGA MandateServie -->
+ * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService
+ * But MOA-ID refernece-value is also validated in 'inResponseTo' attribute from ELGA MandateService response
+ */
//validate receive mandate reference-value
- //TODO: update if ReferenceValue Discussion is finished
- String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
- if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
- Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
- throw new AssertionValidationExeption("sp.pvp2.07",
- new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
-
- }
+// String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
+// if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
+// Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
+// throw new AssertionValidationExeption("sp.pvp2.07",
+// new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+// PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
+//
+// }
Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 6a7858575..fd918c7f4 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -150,9 +150,25 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
+ //build subjectNameID with bPK-Type Prefix
+ String bPKPrefix = null;
+ if (configTarget.startsWith(Constants.URN_PREFIX_WBPK))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_WBPK + "+").length());
+
+ else if (configTarget.startsWith(Constants.URN_PREFIX_CDID))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ if (bPKPrefix == null) {
+ throw new MOAIDException("service.10",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Configurated bPK-Type is wrong."});
+
+ }
+
//set bPK of representative as SAML2 subjectNameID
- authnReqConfig.setSubjectNameID(representativeBPK );
- authnReqConfig.setSubjectNameIDQualifier(configTarget);
+ authnReqConfig.setSubjectNameID(bPKPrefix + ":" + representativeBPK );
+
+ //is not recommended from ELGA
+ //authnReqConfig.setSubjectNameIDQualifier(configTarget);
//set MandateReferenceValue as RequestID
authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index c9485104b..36cd2c7e7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -36,6 +36,7 @@ import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
@@ -51,7 +52,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider {
+public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+ implements IDestroyableObject {
@Autowired AuthConfiguration authConfig;
@@ -69,6 +71,13 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
}
+ public void destroy() {
+ if (metadataProvider != null)
+ metadataProvider.destroy();
+
+ }
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
@@ -220,4 +229,16 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
metadataProvider.setRequireValidMetadata(true);
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ if (metadataProvider != null) {
+ metadataProvider.destroy();
+
+ }
+
+ }
}
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index 4684c8032..2bd3b6b4f 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -41,13 +41,13 @@
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
- <version>1.21.0</version>
+ <version>1.22.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.21.0</version>
+ <version>1.22.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 98fcdc8dc..258b77b98 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -209,7 +210,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index f35de9c58..50638ebf8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -26,6 +26,7 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -168,7 +169,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
return null;
}
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index f9cb4c636..78cbd788d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -49,8 +49,9 @@ public class SSOTransferAuthenticationData implements IAuthData {
public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException {
this.authSession = authSession;
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
+ String domainIdentifier = authConfig.getSSOTagetIdentifier();
+ if (domainIdentifier != null)
+ isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index dd133e4fb..003ce8c21 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.google.common.net.MediaType;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
@@ -216,7 +217,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
SSOTransferConstants.SSOCONTAINER_KEY_STATUS,
"OK");
response.setStatus(HttpServletResponse.SC_OK);
- response.setContentType("text/html;charset=UTF-8");
+ response.setContentType(MediaType.HTML_UTF_8.toString());
PrintWriter out = new PrintWriter(response.getOutputStream());
out.print(responseMsg.toString());
out.flush();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 98240a636..02356d74a 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -80,7 +82,7 @@ public class FederatedAuthMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
- resp.setContentType("text/xml");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
resp.getOutputStream().close();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index d581e7e75..f5896bc25 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -62,7 +62,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -95,7 +95,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP SAML2 entitydescriptor
- EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ EntityDescriptor idpEntity = metadataProvider.
getEntityDescriptor(idpEntityID);
if (idpEntity == null) {
Logger.warn("Requested IDP " + idpEntityID
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 1c3134b77..f739940c8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -90,7 +90,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
/* (non-Javadoc)
@@ -125,7 +125,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//decode PVP response object
msg = (InboundMessage) decoder.decode(
- request, response, MOAMetadataProvider.getInstance(), true,
+ request, response, metadataProvider, true,
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
@@ -135,7 +135,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//validate response signature
if(!msg.isVerified()) {
- samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -247,7 +247,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes();
+ Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
//check if SAML2 Assertion contains a minimal set of attributes
if (!extractor.containsAllRequiredAttributes()) {
@@ -267,7 +267,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//check if all attributes are include
if (!extractor.containsAllRequiredAttributes(
- pendingReq.getRequestedAttributes())) {
+ pendingReq.getRequestedAttributes(metadataProvider))) {
Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 323edee8d..0463bf8d9 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -26,6 +26,13 @@
</dependency>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index b01ea666d..893799b5d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -66,9 +66,12 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -122,7 +125,8 @@ public class GetAuthenticationDataService extends AbstractController implements
private static final String CONTEXT_SOAP_STATUSCODE = "statusCode";
private static final String CONTEXT_SOAP_ASSERTION = "assertion";
- @RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.POST})
+ @RequestMapping(value = {"/services/GetAuthenticationData", "/services"},
+ method = {RequestMethod.POST})
public void getAuthenticationData(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
InputStream is = null;
@@ -136,13 +140,13 @@ public class GetAuthenticationDataService extends AbstractController implements
String respString = DOMUtils.serializeNode(soapResp, true);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ASSERTION, respString);
evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS);
} catch (ParserConfigurationException | SAXException | IOException | TransformerException e) {
Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom());
@@ -153,7 +157,7 @@ public class GetAuthenticationDataService extends AbstractController implements
} catch (SAML1AssertionResponseBuildException e) {
Logger.error("SAML1 GetAuthenticationData response build failed..", e);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant());
context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID());
@@ -187,17 +191,17 @@ public class GetAuthenticationDataService extends AbstractController implements
if (wsdl_param != null) {
//print wsdl
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_WSDL);
} else if (xsd_param != null){
//print xsd
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_XSD);
} else {
//print plain info
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO);
}
@@ -223,13 +227,23 @@ public class GetAuthenticationDataService extends AbstractController implements
}
}
- //get first child from body --> should be the SAML1 Request element
- Element saml1Req;
- if (saml1ReqList.item(0).getFirstChild() instanceof Element)
- saml1Req = (Element) saml1ReqList.item(0).getFirstChild();
-
- else {
- throw new SAXException("First child of 'soap-env:Body' element has a wrong type.");
+ //get the first child from body which is of type Element (SAML1 Request element)
+ Element saml1Req = null;
+
+ Node reqObj = saml1ReqList.item(0).getFirstChild();
+ while (reqObj != null) {
+ if (reqObj instanceof Element) {
+ saml1Req = (Element) reqObj;
+ break;
+
+ } else {
+ reqObj = reqObj.getNextSibling();
+
+ }
+ }
+
+ if (saml1Req == null) {
+ throw new SAXException("Every child of 'soap-env:Body' element has a wrong type.");
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 42fafc01e..1d3525626 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -81,7 +82,7 @@ public class SAML1RequestImpl extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm
index dfc11820f..858479904 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm
+++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm
@@ -1,6 +1,6 @@
<html>
<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
</head>
<body>
<h1>GetAuthenticationData</h1>