diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-20 15:11:13 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-20 15:11:13 +0200 |
commit | 139926faa31ae3ed34dc0083fee503d439112281 (patch) | |
tree | bf69a673df4a222653b47c0b8da88588065e2271 /id/server/modules | |
parent | 1f8f686bee862ae95e32fc79664d82dcc21f708f (diff) | |
download | moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2 moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip |
refactor PVP2 S-Profile implementation and perform first tests
Diffstat (limited to 'id/server/modules')
53 files changed, 315 insertions, 215 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 2b2a8cab6..ef3e71874 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -26,7 +26,9 @@ import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -65,14 +67,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moaspss.logging.LogMsg; @@ -1033,7 +1033,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setForeigner(false); //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); + session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index a904242e1..8e80fbbbb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; import java.text.MessageFormat; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.FileUtils; /** * Builder for the <code><VerifyXMLSignatureRequest></code> structure diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index ec1de6155..37f24ea72 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -138,7 +138,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { moasession.setIdentityLink(identitylink); // set QAA Level four in case of card authentifcation - moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); authServer.getForeignAuthenticationData(moasession); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index b170d9e89..ab53671f2 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 44c3992d0..96be0279a 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -57,6 +57,7 @@ import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 7bb07df74..b3327a3d5 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -63,13 +63,13 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 9ce987956..90810a7f4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz @@ -94,7 +94,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); try { String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 74cf665ca..bad1f4e41 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egiz.eaaf.core.impl.data.Trible; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index d743b57e3..5e4745f7c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -35,12 +35,12 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.samlengineconfig.BinaryParameter; import eu.eidas.samlengineconfig.EngineInstance; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java index 384d6be0b..f7a6ff495 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java @@ -34,10 +34,10 @@ import java.util.List; import java.util.Map.Entry; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import eu.eidas.samlengineconfig.ConfigurationParameter; import eu.eidas.samlengineconfig.InstanceConfiguration; import eu.eidas.samlengineconfig.StringParameter; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 94cd04ca7..aca818532 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -11,6 +12,9 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; -import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.engine.AbstractProtocolEngine; @Service("eIDASMetadataProvider") -public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, - IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{ +public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, + IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - private Timer timer = null; + @Autowired(required=true) IConfiguration basicConfig; + + private Timer timer = null; private MetadataProvider internalProvider; private Map<String, Date> lastAccess = null; - -// public static MOAeIDASChainingMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAeIDASChainingMetadataProvider(); -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// } -// } -// } -// return instance; -// } - - public MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap<String, Date>(); @@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider } protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); - if (!metadataToLoad.isEmpty()) { - Logger.info("Load static configurated eIDAS metadata ... "); - for (String metaatalocation : metadataToLoad.values()) { - String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir()); - Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); - refreshMetadataProvider(absMetadataLocation); + try { + Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + if (!metadataToLoad.isEmpty()) { + Logger.info("Load static configurated eIDAS metadata ... "); + for (String metaatalocation : metadataToLoad.values()) { + String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory()); + Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); + refreshMetadataProvider(absMetadataLocation); + } + + Logger.info("Load static configurated eIDAS metadata finished "); } - Logger.info("Load static configurated eIDAS metadata finished "); - } + } catch (MalformedURLException e) { + Logger.warn("MOA-ID configuration error." , e); + throw new ConfigurationException("MOA-ID configuration error.", null, e); + + } } @@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider filter.addFilter(new MOASPMetadataSignatureFilter( authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); - return createNewMoaMetadataProvider(metadataURL, filter, + return createNewSimpleMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", - timer, AbstractProtocolEngine.getSecuredParserPool()); + timer, AbstractProtocolEngine.getSecuredParserPool(), + createHttpClient(metadataURL)); } @@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider if (observer != null) observer.onEvent(this); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + if (basicConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java index 9adc221e5..3851ead2d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java @@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.MetadataFetcherI; import eu.eidas.auth.engine.metadata.MetadataSignerI; @@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI { * @return true if refresh was successful, otherwise false */ public boolean refreshMetadata(String entityId) { - if (this.metadataprovider instanceof IMOARefreshableMetadataProvider ) - return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); + if (this.metadataprovider instanceof IRefreshableMetadataProvider ) + return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); else return false; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index a87d971d8..0e8bf2a5a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -47,10 +47,11 @@ import com.google.common.net.MediaType; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 8e840e2c1..6d20caa4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeRegistries; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index 8add8e206..1b1b15567 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -35,10 +35,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java index 30e1e4505..3075ab9cf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java @@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; import java.util.regex.Matcher; import java.util.regex.Pattern; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index ce5f4dc6b..42ca6e507 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -47,10 +47,10 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; @@ -87,7 +87,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; public static final String NAME = EIDASProtocol.class.getName(); - public static final String PATH = "eidas"; + public static final String PATH = "id_eidas"; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -105,9 +105,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement return NAME; } - public String getPath() { - return PATH; - } + @Override + public String getAuthProtocolIdentifier() { + return PATH; + } //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index bbd132a3b..bfdb46a11 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -32,6 +32,8 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -39,9 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.ContactData; @@ -59,6 +59,7 @@ public class EidasMetaDataRequest implements IAction { @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) @@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction { //add organisation information from PVP metadata information Organization pvpOrganisation = null; try { - pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation(); + pvpOrganisation = pvpConfiguration.getIDPOrganisation(); eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder(); - List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts(); + List<ContactPerson> contacts = pvpConfiguration.getIDPContacts(); if (contacts != null && contacts.size() >= 1) { ContactPerson contact = contacts.get(0); technicalContact.givenName(contact.getGivenName().getName()); @@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build()); - } catch (ConfigurationException | NullPointerException e) { + } catch (NullPointerException | EAAFException e) { Logger.warn("Can not load Organisation or Contact from Configuration", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index 14b1d06b6..5a8fcb846 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -28,9 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 6c3bfc569..1176ba251 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -28,10 +28,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 82d0facd4..f6a67db9d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -41,15 +41,15 @@ import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index 24d24db2c..5dcd9499e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -23,12 +23,12 @@ package at.gv.egovernment.moa.id.protocols.eidas.validator; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.protocol.IAuthenticationResponse; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index 7ca4590bb..72c95d9c7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -26,7 +26,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java index 5743590f9..482d8ef85 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java @@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon private String authURL; private ELGAMandatesCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) { + public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index b67d263fc..6954b9feb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -38,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index aaed6655b..d52cd750a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -36,12 +36,13 @@ import com.google.common.net.MediaType; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandatesCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public ELGAMandateMetadataController() { super(); @@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new ELGAMandatesMetadataConfiguration(authURL, credentialProvider); + new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 12f2bde60..ce5f654da 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -41,26 +41,26 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("ReceiveElgaMandateResponseTask") public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { - + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired ELGAMandatesCredentialProvider credentialProvider; @Autowired ELGAMandateServiceMetadataProvider metadataProvider; @@ -85,17 +85,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { try { IDecoder decoder = null; - MOAURICompare comperator = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_POST); Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT); Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding."); @@ -131,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //write ELGA mandate information into MOASession AssertionAttributeExtractor extractor = @@ -217,7 +217,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); } catch (Exception e) { @@ -239,13 +239,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP-2.1 assertion processing... "); Response samlResp = (Response) msg.getResponse(); //validate 'inResponseTo' attribute String authnReqID = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class); + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class); String inResponseTo = samlResp.getInResponseTo(); if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 70dc87df9..0b0c74777 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -37,8 +37,10 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -47,12 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -193,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set MandateReferenceValue as RequestID authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, authnReqConfig.getRequestID()); //set SubjectConformationDate diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 07f618c10..e8cfae10a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -22,11 +22,15 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; +import java.net.MalformedURLException; import java.util.List; import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Service("ELGAMandate_MetadataProvider") -public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider +public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider implements IDestroyableObject { - + @Autowired(required=true) AuthConfiguration moaAuthConfig; + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); private Timer timer = null; @@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter.addFilter(new SchemaValidationFilter(true)); filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); - MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, timer, - new BasicParserPool()); + new BasicParserPool(), + createHttpClient(metdataURL)); if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); @@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide timer.cancel(); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index c8fe55e51..dd4e5d340 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 9060f35c5..76e7f0901 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index d97c8f7cf..190ef9e9d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -35,17 +35,18 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; -import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; @@ -62,7 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java index cd7b8312d..17ed6b40d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey; import org.apache.commons.lang.StringUtils; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; public final class OAuth20SignatureUtil { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 5d461afc8..b00675e7c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -40,11 +40,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index e04d719d9..98f6f2d5c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -51,8 +51,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme public String getName() { return NAME; } - - public String getPath() { + + @Override + public String getAuthProtocolIdentifier() { return PATH; } diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java index 35bbac6e7..824d64171 100644 --- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java +++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java @@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; -import at.gv.egovernment.moa.util.KeyStoreUtils; - import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 2766eab05..92a08e411 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -22,6 +22,8 @@ import com.google.gson.JsonElement; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -32,8 +34,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.KeyStoreUtils; @Service public class JsonSecurityUtils implements IJOSETools{ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 9f910d598..04ac1fd57 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -75,8 +75,10 @@ import com.google.gson.JsonParser; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -94,12 +96,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index f1075f060..c7e42c8ab 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; @@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 189fcd2f6..4a5511df4 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -99,7 +99,18 @@ import com.google.gson.JsonObject; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -116,17 +127,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -141,6 +143,9 @@ import iaik.x509.X509Certificate; @Service("SSOContainerUtils") public class SSOContainerUtils { + @Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration; + @Autowired(required=true) private PVP2AssertionBuilder assertionBuilder; + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + "1.2.40.0.10.2.1.1.261.xx.xx"; @@ -272,7 +277,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); @@ -296,7 +301,7 @@ public class SSOContainerUtils { } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); - } + } Credential credential = credentials.getIDPAssertionSigningCredential(); if (credential == null) { @@ -340,7 +345,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { - String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + String entityID = pvpConfiguration.getIDPEntityId(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -369,7 +374,7 @@ public class SSOContainerUtils { IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); - Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + Assertion assertion = assertionBuilder.buildGenericAssertion( entityID, entityID, new DateTime(date.getTime()), @@ -405,7 +410,7 @@ public class SSOContainerUtils { return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { + } catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) { Logger.warn("SSO container generation FAILED.", e); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 8ca087e1d..a2441bc1f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.util.BigIntegers; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.util.Base64Utils; import iaik.security.random.SeedGenerator; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index 1fff56f8d..a1b8631dc 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; -import java.util.Iterator; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo private String authURL; private FederatedAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) { + public FederatedAuthMetadataConfiguration(String authURL, + FederatedAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java index 000590923..6cbe558e7 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java @@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; /** * @author tlenz diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index 399845643..6a733adb8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -36,12 +36,13 @@ import com.google.common.net.MediaType; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired FederatedAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public FederatedAuthMetadataController() { super(); @@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new FederatedAuthMetadataConfiguration(authURL, credentialProvider); + new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index 717099a8d..20fd5ebc4 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; @@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { @Autowired PVPAuthnRequestBuilder authnReqBuilder; @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; + @Autowired(required=true) ILoALevelMapper loaMapper; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { //build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); - } catch (MOAIDException | MetadataProviderException e) { + } catch (MetadataProviderException e) { throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e); } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { @@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { pendingReq.getClass().isInstance(storkRequst)) { try { - secClass = LoALevelMapper.getInstance().mapToSecClass( + secClass = loaMapper.mapToSecClass( PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index c20342a11..bb7f735aa 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; @@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { - IDecoder decoder = null; - MOAURICompare comperator = null; + IDecoder decoder = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding."); } else { @@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); @@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { if (spConfig.isInderfederationIDP()) { //SP is a federated IDP --> answer only with nameID and wait for attribute-Query pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); + MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); + MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); + MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. addFederatedSessionInformation(pendingReq, @@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP21 assertion processing... "); Response samlResp = (Response) msg.getResponse(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index 9ef02935b..38568cdd8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 3452da003..92bcce24b 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -32,11 +32,11 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction { new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; - + } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 85e2107c6..73d99d93b 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,12 +72,12 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -338,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(templateURL); - + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); BufferedReader reader = new BufferedReader(new InputStreamReader(is )); StringWriter writer = new StringWriter(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index c53d1c98d..51d722dc4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -52,6 +52,7 @@ import java.util.List; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends MOAAuthenticationData { private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; - public SAML1AuthenticationData() { + public SAML1AuthenticationData(LoALevelMapper loaMapper) { + super(loaMapper); this.setMajorVersion(1); this.setMinorVersion(0); this.setAssertionID(Random.nextRandom()); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 1be3e3daa..73afec4e0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; @@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -490,7 +490,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the - // BKU + // BKU //load IdentityLinkDomainType from OAParam Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 54b137ce1..aa3fce249 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -94,10 +94,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement return NAME; } - public String getPath() { + @Override + public String getAuthProtocolIdentifier() { return PATH; + } - @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 60d64a3ac..9ba1c4dd3 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -31,10 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; public class TestManager{ |