aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:28:22 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:28:22 +0200
commiteb283ed27fce8769886fd124ef1e7938f206d1f3 (patch)
tree7960a0038cf4675f27e6ac6f43e417e7d8b6799f /id/server/modules
parent121e70662f53fe0820823a23784794021fbc7920 (diff)
downloadmoa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.tar.gz
moa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.tar.bz2
moa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.zip
add functionality to support more than one ELGA mandate-service
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java3
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java25
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java179
5 files changed, 144 insertions, 67 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 7cc9df30c..4a28658ff 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -127,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
// make SZR request to the identity link
- CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(signature);
+ CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature);
if (null != response.getErrorResponse()) {
// TODO fix exception parameter
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index c172c3b9c..3f63c207e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -73,7 +73,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
//get mandates from MIS
ConnectionParameterInterface connectionParameters = authConfig
- .getOnlineMandatesConnectionParameter();
+ .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration());
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
authConfig,
connectionParameters);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index afbb87f10..88560eacf 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -72,7 +72,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//perform default task initialization
defaultTaskInitialization(request, executionContext);
- ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
+ ConnectionParameterInterface connectionParameters =
+ authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration());
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
// get identitity link as byte[]
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index fd918c7f4..d65d74c3f 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
import java.security.NoSuchAlgorithmException;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -45,6 +46,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServi
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
@@ -71,9 +74,22 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try{
- // get IDP entityID
- String elgaMandateServiceEntityID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
-
+ // get IDP entityID from Online Application configuration
+ String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
+
+ // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists
+ if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
+ Logger.info("No Online-Application specific ELGA Mandate-Service found. Use first entry in general MOA-ID configuration");
+ List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+ authConfig.getConfigurationWithKey(
+ MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL + "."
+ + ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID));
+
+ if (configuratedEntityIDs.size() > 0)
+ elgaMandateServiceEntityID = configuratedEntityIDs.get(0);
+
+ }
+
if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!");
throw new TaskExecutionException(pendingReq, "Connect ELGA Mandate-Service FAILED",
@@ -88,7 +104,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
Logger.warn("Use not recommended metadata-provider initialization!"
+ " SAML2 'Well-Known-Location' is the preferred methode.");
Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);
- metadataService.initialize(metadataURL);
+ metadataService.addMetadataWithMetadataURL(metadataURL);
}
@@ -189,6 +205,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
//write revisions log entry
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_ENTITYID, elgaMandateServiceEntityID);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue());
} catch (MetadataProviderException e) {
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 36cd2c7e7..4f30509fb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -23,14 +23,17 @@
package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
import java.util.List;
+import java.util.Timer;
import javax.xml.namespace.QName;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
@@ -57,23 +60,22 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Autowired AuthConfiguration authConfig;
- private HTTPMetadataProvider metadataProvider = null;
-
+ private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+ private Timer timer = null;
- public void initialize(String metadataURL) throws MetadataProviderException {
- if (metadataProvider == null) {
- internalInitialize(metadataURL);
-
- } else {
- Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
-
- }
+
+ public ELGAMandateServiceMetadataProvider() {
+ metadataProvider.setRequireValidMetadata(true);
}
+
+ public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException {
+ internalInitialize(metadataURL);
+
+ }
public void destroy() {
- if (metadataProvider != null)
- metadataProvider.destroy();
+ fullyDestroy();
}
@@ -84,38 +86,26 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
*/
@Override
public boolean requireValidMetadata() {
- if (metadataProvider == null) {
- Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
- return false;
-
- } else
return metadataProvider.requireValidMetadata();
+
}
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
*/
@Override
- public void setRequireValidMetadata(boolean requireValidMetadata) {
- if (metadataProvider == null) {
- Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
-
- } else
- metadataProvider.setRequireValidMetadata(requireValidMetadata);;
-
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ metadataProvider.setRequireValidMetadata(requireValidMetadata);
+
}
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
*/
@Override
- public MetadataFilter getMetadataFilter() {
- if (metadataProvider == null) {
- Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
- return null;
-
- } else
+ public MetadataFilter getMetadataFilter() {
return metadataProvider.getMetadataFilter();
+
}
/* (non-Javadoc)
@@ -131,14 +121,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
*/
@Override
- public XMLObject getMetadata() throws MetadataProviderException {
- if (metadataProvider == null) {
- Logger.error("ELGA Mandate-Service metadata-provider is not initialized");
- throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
-
- }
-
+ public XMLObject getMetadata() throws MetadataProviderException {
return metadataProvider.getMetadata();
+
}
/* (non-Javadoc)
@@ -146,12 +131,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
*/
@Override
public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
- if (metadataProvider == null) {
- Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
- throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
-
- } else
- return metadataProvider.getEntitiesDescriptor(name);
+ return metadataProvider.getEntitiesDescriptor(name);
+
}
/* (non-Javadoc)
@@ -159,9 +140,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
*/
@Override
public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
- if (metadataProvider == null)
- internalInitialize(entityID);
-
+ try {
+ //search if metadata is already loaded
+ EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+
+ if (entityDesc != null)
+ return entityDesc;
+ else
+ Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ELGA Mandate-Service
+ internalInitialize(entityID);
+
+ //search again after reload (re)initialization
try {
EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
if (entityDesc == null) {
@@ -183,9 +179,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
*/
@Override
public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
- if (metadataProvider == null)
- internalInitialize(entityID);
+ try {
+ //search if metadata is already loaded
+ List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName);
+
+ if (role != null)
+ return role;
+ else
+ Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ELGA Mandate-Service
+ internalInitialize(entityID);
+ //search again after reload (re)initialization
return metadataProvider.getRole(entityID, roleName);
}
@@ -194,39 +205,84 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
*/
@Override
public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
- throws MetadataProviderException {
- if (metadataProvider == null)
- internalInitialize(entityID);
+ throws MetadataProviderException {
+ try {
+ //search if metadata is already loaded
+ RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol);
+
+ if (role != null)
+ return role;
+ else
+ Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ELGA Mandate-Service
+ internalInitialize(entityID);
+ //search again after reload (re)initialization
return metadataProvider.getRole(entityID, roleName, supportedProtocol);
}
- private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
- if (metadataProvider == null) {
- Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+ private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+
+ //check if metadata with EntityID already exists in chaining metadata provider
+ boolean addNewMetadata = true;
+ try {
+ addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null);
+
+ } catch (MetadataProviderException e) {}
+
+ //switch between metadata refresh and add new metadata
+ if (addNewMetadata) {
+ //Metadata provider seems not loaded --> Add new metadata provider
+ Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service");
String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
if (MiscUtil.isEmpty(trustProfileID)) {
Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
}
-
+
+ //initialize Timer if it is null
+ if (timer == null)
+ timer = new Timer(true);
+
//create metadata validation filter chain
MetadataFilterChain filter = new MetadataFilterChain();
filter.addFilter(new SchemaValidationFilter(true));
filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- metadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL,
filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ timer);
- if (metadataProvider == null) {
+ if (idpMetadataProvider == null) {
Logger.error("Create ELGA Mandate-Service Client FAILED.");
- throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+ throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadata provider.");
}
- metadataProvider.setRequireValidMetadata(true);
+ idpMetadataProvider.setRequireValidMetadata(true);
+ metadataProvider.addMetadataProvider(idpMetadataProvider);
+
+ } else {
+ //Metadata provider seems already loaded --> start refresh process
+ List<MetadataProvider> loadedProvider = metadataProvider.getProviders();
+ for (MetadataProvider el : loadedProvider) {
+ if (el instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider prov = (HTTPMetadataProvider)el;
+ if (prov.getMetadataURI().equals(metdataURL))
+ prov.refresh();
+
+ } else
+ Logger.warn("ELGA Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
+
+ }
}
}
@@ -240,5 +296,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
}
+ if (timer != null)
+ timer.cancel();
+
}
}