diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:28:22 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:28:22 +0200 |
commit | eb283ed27fce8769886fd124ef1e7938f206d1f3 (patch) | |
tree | 7960a0038cf4675f27e6ac6f43e417e7d8b6799f /id/server/modules | |
parent | 121e70662f53fe0820823a23784794021fbc7920 (diff) | |
download | moa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.tar.gz moa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.tar.bz2 moa-id-spss-eb283ed27fce8769886fd124ef1e7938f206d1f3.zip |
add functionality to support more than one ELGA mandate-service
Diffstat (limited to 'id/server/modules')
5 files changed, 144 insertions, 67 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 7cc9df30c..4a28658ff 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -127,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); // make SZR request to the identity link - CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(signature); + CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); if (null != response.getErrorResponse()) { // TODO fix exception parameter diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index c172c3b9c..3f63c207e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -73,7 +73,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { //get mandates from MIS ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(); + .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( authConfig, connectionParameters); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index afbb87f10..88560eacf 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -72,7 +72,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //perform default task initialization defaultTaskInitialization(request, executionContext); - ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); + ConnectionParameterInterface connectionParameters = + authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); // get identitity link as byte[] diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index fd918c7f4..d65d74c3f 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; import java.security.NoSuchAlgorithmException; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -45,6 +46,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServi import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; @@ -71,9 +74,22 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ - // get IDP entityID - String elgaMandateServiceEntityID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); - + // get IDP entityID from Online Application configuration + String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + + // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists + if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { + Logger.info("No Online-Application specific ELGA Mandate-Service found. Use first entry in general MOA-ID configuration"); + List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + authConfig.getConfigurationWithKey( + MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL + "." + + ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)); + + if (configuratedEntityIDs.size() > 0) + elgaMandateServiceEntityID = configuratedEntityIDs.get(0); + + } + if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!"); throw new TaskExecutionException(pendingReq, "Connect ELGA Mandate-Service FAILED", @@ -88,7 +104,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL); - metadataService.initialize(metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); } @@ -189,6 +205,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); //write revisions log entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_ENTITYID, elgaMandateServiceEntityID); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue()); } catch (MetadataProviderException e) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 36cd2c7e7..4f30509fb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -23,14 +23,17 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import java.util.Timer; import javax.xml.namespace.QName; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; @@ -57,23 +60,22 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide @Autowired AuthConfiguration authConfig; - private HTTPMetadataProvider metadataProvider = null; - + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; - public void initialize(String metadataURL) throws MetadataProviderException { - if (metadataProvider == null) { - internalInitialize(metadataURL); - - } else { - Logger.info("ELGA Mandate-Service metadata-provider is already initialized."); - - } + + public ELGAMandateServiceMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } public void destroy() { - if (metadataProvider != null) - metadataProvider.destroy(); + fullyDestroy(); } @@ -84,38 +86,26 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public boolean requireValidMetadata() { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - return false; - - } else return metadataProvider.requireValidMetadata(); + } /* (non-Javadoc) * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) */ @Override - public void setRequireValidMetadata(boolean requireValidMetadata) { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - - } else - metadataProvider.setRequireValidMetadata(requireValidMetadata);; - + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + } /* (non-Javadoc) * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() */ @Override - public MetadataFilter getMetadataFilter() { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - return null; - - } else + public MetadataFilter getMetadataFilter() { return metadataProvider.getMetadataFilter(); + } /* (non-Javadoc) @@ -131,14 +121,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() */ @Override - public XMLObject getMetadata() throws MetadataProviderException { - if (metadataProvider == null) { - Logger.error("ELGA Mandate-Service metadata-provider is not initialized"); - throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized"); - - } - + public XMLObject getMetadata() throws MetadataProviderException { return metadataProvider.getMetadata(); + } /* (non-Javadoc) @@ -146,12 +131,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized"); - - } else - return metadataProvider.getEntitiesDescriptor(name); + return metadataProvider.getEntitiesDescriptor(name); + } /* (non-Javadoc) @@ -159,9 +140,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); - + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + + //search again after reload (re)initialization try { EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); if (entityDesc == null) { @@ -183,9 +179,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); + try { + //search if metadata is already loaded + List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + //search again after reload (re)initialization return metadataProvider.getRole(entityID, roleName); } @@ -194,39 +205,84 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) - throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + //search again after reload (re)initialization return metadataProvider.getRole(entityID, roleName, supportedProtocol); } - private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { - if (metadataProvider == null) { - Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service"); + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); } - + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + //create metadata validation filter chain MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new SchemaValidationFilter(true)); filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); - metadataProvider = createNewHTTPMetaDataProvider(metdataURL, + HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL, filter, - ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING); + ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, + timer); - if (metadataProvider == null) { + if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); - throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider."); + throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadata provider."); } - metadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List<MetadataProvider> loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("ELGA Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } } } @@ -240,5 +296,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide } + if (timer != null) + timer.cancel(); + } } |