aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-21 13:16:38 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-21 13:16:38 +0100
commit05212e955f2c44bd3150b47d9d534c5a73eb71d1 (patch)
tree134bb2660d9af4bf749da3a5f4af22716bf0645a /id/server
parent902bfea4afd98046fd1327942b8f5de96edaceb3 (diff)
downloadmoa-id-spss-05212e955f2c44bd3150b47d9d534c5a73eb71d1.tar.gz
moa-id-spss-05212e955f2c44bd3150b47d9d534c5a73eb71d1.tar.bz2
moa-id-spss-05212e955f2c44bd3150b47d9d534c5a73eb71d1.zip
add global QC check deactivation for testing
Diffstat (limited to 'id/server')
-rw-r--r--id/server/doc/handbook/config/config.html68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java5
3 files changed, 58 insertions, 26 deletions
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 9aed46fd1..58214bb44 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -52,29 +52,30 @@
<li><a href="#uebersicht_bekanntmachung">Bekanntmachung der Konfigurationsdatei</a></li>
<li><a href="#basisconfig_moa_id_auth_param">Konfigurationsparameter</a>
<ol>
- <li><a href="#basisconfig_moa_id_auth_param_general">Allgemeine Konfigurationsparameter</a></li>
- <li><a href="#basisconfig_moa_id_auth_param_services">Externe Services</a>
-<ol>
- <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li>
- <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li>
- <li><a href="#">Foreign Identities</a></li>
- </ol>
- </li>
- <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a>
-<ol>
- <li><a href="#basisconfig_moa_id_auth_param_protocol_pvp21">PVP 2.1</a></li>
- <li><a href="#basisconfig_moa_id_auth_param_protocol_openid">OpenID Connect</a></li>
- </ol>
- </li>
- <li><a href="#basisconfig_moa_id_auth_param_database">Datenbank </a>
-<ol>
- <li><a href="#basisconfig_moa_id_auth_param_database_conf">Konfiguration</a></li>
- <li><a href="#basisconfig_moa_id_auth_param_database_session">Session Informationen</a></li>
- <li><a href="#basisconfig_moa_id_auth_param_database_info">Statistikdaten</a></li>
- </ol>
- </li>
- </ol>
- </li>
+ <li><a href="#basisconfig_moa_id_auth_param_general">Allgemeine Konfigurationsparameter</a></li>
+ <li><a href="#basisconfig_moa_id_auth_param_services">Externe Services</a>
+ <ol>
+ <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li>
+ <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li>
+ <li><a href="#">Foreign Identities</a></li>
+ </ol>
+ </li>
+ <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a>
+ <ol>
+ <li><a href="#basisconfig_moa_id_auth_param_protocol_pvp21">PVP 2.1</a></li>
+ <li><a href="#basisconfig_moa_id_auth_param_protocol_openid">OpenID Connect</a></li>
+ </ol>
+ </li>
+ <li><a href="#basisconfig_moa_id_auth_param_database">Datenbank </a>
+ <ol>
+ <li><a href="#basisconfig_moa_id_auth_param_database_conf">Konfiguration</a></li>
+ <li><a href="#basisconfig_moa_id_auth_param_database_session">Session Informationen</a></li>
+ <li><a href="#basisconfig_moa_id_auth_param_database_info">Statistikdaten</a></li>
+ </ol>
+ </li>
+ <li> <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li>
+</ol>
+</li>
</ol>
</li>
<li><a href="#uebersicht_logging">Konfiguration des Loggings</a></li>
@@ -839,6 +840,27 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
</table>
<p>&nbsp;</p>
<p>Die Beispielkonfiguration beinhaltet noch zus&auml;tzliche Konfigurationsparameter f&uuml;r den Datenbankzugriff der einzelnen Schema welche direkt aus der Beispielkonfiguration &uuml;bernommen werden k&ouml;nnen. Eine detaillierte Beschreibung der einzelnen Einstellungsparameter kann der <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> entnommen werden.</p>
+<h4><a name="basisconfig_moa_id_auth_param_testing" id="uebersicht_bekanntmachung15"></a>2.2.2.5 Testing</h4>
+ <p>Diese Parameter dienen auf Testsystemen zur Deaktivierung einzelner Verarbeitungs- oder Pr&uuml;fschritte. Standardm&auml;&szlig;ig ist jeweils die sichere Variante aktiviert.</p>
+ <table width="1247" border="1">
+ <tr>
+ <th width="281" scope="col">Name</th>
+ <th width="261" scope="col">Beispielwert</th>
+ <th width="683" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>configuration.validation.certificate.QC.ignore</td>
+ <td><p>true / false</p></td>
+ <td><p>Deaktiviert die QC Pr&uuml;fung von Signaturzertifikaten. Da manche Testzertifikate oder Testkarten keine QC Erweiterung aufweisen und somit eine Anmeldung mit diesen Zertifikaten nicht m&ouml;glich ist, kann die QC Pr&uuml;fung je Instanz deaktiviert werden.</p>
+ <p><strong>Defaultwert:</strong> false</p></td>
+ </tr>
+ <tr>
+ <td>protocols.pvp2.assertion.encryption.active</td>
+ <td>true / false</td>
+ <td><p>Mit diesem Parameter kann die Verschl&uuml;sselung der PVP2.1 Assertion f&uuml;r diese MOA-ID-Auth Instanz vollst&auml;ndig deaktiviert werden.</p>
+ <p><strong>Defaultwert:</strong> true</p></td>
+ </tr>
+ </table>
<p>&nbsp;</p>
<h2><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h2>
<p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework f&uuml;r Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt nicht direkt durch die einzelnen Module, sondern &uuml;ber eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span> mitgeteilt wird. Der Name der <span class="term">System Property </span> lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span> ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B. </p>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 5f39abf73..ccaa7bbbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -101,12 +103,13 @@ public class VerifyXMLSignatureResponseValidator {
* manifest has to be ignored (identityLink validation if
* the OA is a business service) or not
* @throws ValidateException on any validation error
+ * @throws ConfigurationException
*/
public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
boolean ignoreManifestValidationResult)
- throws ValidateException {
+ throws ValidateException, ConfigurationException {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
@@ -130,8 +133,10 @@ public class VerifyXMLSignatureResponseValidator {
throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
}
- //check QC
- if (!verifyXMLSignatureResponse.isQualifiedCertificate())
+ //check QC
+ if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() &&
+ !whatToCheck.equals(CHECK_IDENTITY_LINK) &&
+ !verifyXMLSignatureResponse.isQualifiedCertificate())
throw new ValidateException("validator.71", null);
if (ignoreManifestValidationResult) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8d1fc7979..8b5c8d796 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1003,6 +1003,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return Boolean.valueOf(prop);
}
+ public boolean isCertifiacteQCActive() {
+ String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
+ return !Boolean.valueOf(prop);
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration