aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-06-19 11:00:12 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-06-19 11:10:52 +0200
commitae11753fc0165ee3e724af6f7c3c3cdf2faab1f0 (patch)
treeecac52f28cb8c36e1a1c1436469482e59a26e922 /id
parentc276e33e5ebdebc1c727dbd93ea1f876588a0dec (diff)
downloadmoa-id-spss-ae11753fc0165ee3e724af6f7c3c3cdf2faab1f0.tar.gz
moa-id-spss-ae11753fc0165ee3e724af6f7c3c3cdf2faab1f0.tar.bz2
moa-id-spss-ae11753fc0165ee3e724af6f7c3c3cdf2faab1f0.zip
remove MOA-ID-Proxy project (MOA-ID >= 3.x is not supported any more)
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java219
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java248
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java290
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java260
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java110
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java229
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java187
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java303
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java266
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java128
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java141
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java727
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java472
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java206
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java210
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java1008
-rw-r--r--id/server/pom.xml2
25 files changed, 1 insertions, 5886 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
deleted file mode 100644
index e077e096f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
+++ /dev/null
@@ -1,219 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
- * These include the login type (stateful or stateless), the HTTP authentication type,
- * and information needed to add authentication parameters or headers for a URL connection
- * to the remote online application.
- * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code>
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAConfiguration {
-
- /** Constant for an login method */
- public static final String LOGINTYPE_STATEFUL = "stateful";
- /** Constant for an login method */
- public static final String LOGINTYPE_STATELESS = "stateless";
-
- /** Constant for an auth method */
- public static final String BASIC_AUTH = "basic";
- /** Constant for an auth method */
- public static final String HEADER_AUTH = "header";
- /** Constant for an auth method */
- public static final String PARAM_AUTH = "param";
-
-
- /** Constant for binding */
- public static final String BINDUNG_USERNAME = "userName";
- /** Constant for binding */
- public static final String BINDUNG_FULL = "full";
- /** Constant for binding */
- public static final String BINDUNG_NONE = "none";
- /** Constant for binding */
- public static final String BINDUNG_NOMATCH = "noMatch";
-
- /** login type: stateful or stateless */
- String loginType;
- /** authentication type: basic, header, or param */
- String authType;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type <code>"header-auth"</code>
- */
- Map paramAuthMapping;
- /**
- * mapping of parameter names to AuthenticationData field names
- * in case of authentication type <code>"param-auth"</code>
- */
- Map headerAuthMapping;
- /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */
- String basicAuthUserIDMapping;
- /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */
- String basicAuthPasswordMapping;
- /** Binding for basic authentication */
- String binding;
-
- /**
- * Returns the basicAuthPasswordMapping.
- * @return String
- */
- public String getBasicAuthPasswordMapping() {
- return basicAuthPasswordMapping;
- }
-
- /**
- * Returns the basicAuthUserIDMapping.
- * @return String
- */
- public String getBasicAuthUserIDMapping() {
- return basicAuthUserIDMapping;
- }
-
- /**
- * Returns the headerAuthMapping.
- * @return HashMap
- */
- public Map getHeaderAuthMapping() {
- return headerAuthMapping;
- }
-
- /**
- * Returns the loginType.
- * @return String
- */
- public String getLoginType() {
- return loginType;
- }
-
- /**
- * Returns the paramAuthMapping.
- * @return HashMap
- */
- public Map getParamAuthMapping() {
- return paramAuthMapping;
- }
-
- /**
- * Returns the binding.
- * @return String
- */
- public String getBinding() {
- return binding;
- }
-
- /**
- * Sets the basicAuthPasswordMapping.
- * @param basicAuthPassword The basicAuthPasswordMapping to set
- */
- public void setBasicAuthPasswordMapping(String basicAuthPassword) {
- this.basicAuthPasswordMapping = basicAuthPassword;
- }
-
- /**
- * Sets the basicAuthUserIDMapping.
- * @param basicAuthUserID The basicAuthUserIDMapping to set
- */
- public void setBasicAuthUserIDMapping(String basicAuthUserID) {
- this.basicAuthUserIDMapping = basicAuthUserID;
- }
-
- /**
- * Sets the headerAuthMapping.
- * @param headerAuth The headerAuthMapping to set
- */
- public void setHeaderAuthMapping(HashMap headerAuth) {
- this.headerAuthMapping = headerAuth;
- }
-
- /**
- * Sets the loginType.
- * @param loginType The loginType to set
- */
- public void setLoginType(String loginType) {
- this.loginType = loginType;
- }
-
- /**
- * Sets the paramAuthMapping.
- * @param paramAuth The paramAuthMapping to set
- */
- public void setParamAuthMapping(HashMap paramAuth) {
- this.paramAuthMapping = paramAuth;
- }
-
- /**
- * Returns the authType.
- * @return String
- */
- public String getAuthType() {
- return authType;
- }
-
- /**
- * Sets the authType.
- * @param authLoginType The authType to set
- */
- public void setAuthType(String authLoginType) {
- this.authType = authLoginType;
- }
-
- /**
- * Sets the binding.
- * @param binding The binding to be set.
- */
- public void setBinding (String binding) {
- this.binding = binding;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
deleted file mode 100644
index 00ca5ad57..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ /dev/null
@@ -1,248 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config.proxy;
-
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.legacy.OAParameter;
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Proxy component.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class OAProxyParameter extends OAParameter {
-
-// /**
-// * public URL prefix of the online application
-// */
-// private String publicURLPrefix;
- /**
- * URL of online application configuration file;
- * defaults to relative URL <code>/moaconfig.xml</code>
- */
- private String configFileURL;
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
- * to be used for authenticating the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
- */
- private String loginParameterResolverImpl;
-
- /**
- * Configuration Parameter of LoginParameterResolver
- */
- private String loginParameterResolverConfiguration;
-
- /**
- * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
- * to be used for connecting to the online application;
- * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
- */
- private String connectionBuilderImpl;
- /**
- * session time out to be used in case of a stateless online application
- */
- private int sessionTimeOut;
- /**
- * parameters regarding the connection from the proxy to the online application
- */
- private ConnectionParameter connectionParameter;
- /**
- * parameters for logging into the online application
- */
- private OAConfiguration oaConfiguration;
-
- private String errorRedirctURL;
-
-
- /**
- * Returns the configFileURL.
- * @return String
- */
- public String getConfigFileURL() {
- return configFileURL;
- }
-
- /**
- * Returns the sessionTimeOut.
- * @return int
- */
- public int getSessionTimeOut() {
- return sessionTimeOut;
- }
-
- /**
- * Returns the connectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getConnectionParameter() {
- return connectionParameter;
- }
-
- /**
- * Sets the configFileURL for the proxy.
- * @param oaProxyConfigFileURL The configFileURL to set
- */
- public void setConfigFileURL(String oaProxyConfigFileURL) {
- this.configFileURL = oaProxyConfigFileURL;
- }
-
- /**
- * Sets the sessionTimeOut for the proxy.
- * @param oaProxySessionTimeOut The sessionTimeOut to set
- */
- public void setSessionTimeOut(int oaProxySessionTimeOut) {
- this.sessionTimeOut = oaProxySessionTimeOut;
- }
-
- /**
- * Sets the connectionParameter for the proxy.
- * @param proxyConnectionParameter The connectionParameter to set
- */
- public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
- this.connectionParameter = proxyConnectionParameter;
- }
-
-// /**
-// * Returns the publicURLPrefix.
-// * @return String
-// */
-// public String getPublicURLPrefix() {
-// return publicURLPrefix;
-// }
-//
-// /**
-// * Sets the publicURLPrefix.
-// * @param publicURLPrefix The publicURLPrefix to set
-// */
-// public void setPublicURLPrefix(String url) {
-// this.publicURLPrefix = url;
-// }
-
- /**
- * Returns the connectionBuilderImpl.
- * @return String
- */
- public String getConnectionBuilderImpl() {
- return connectionBuilderImpl;
- }
-
- /**
- * Returns the loginParameterResolverImpl.
- * @return String
- */
- public String getLoginParameterResolverImpl() {
- return loginParameterResolverImpl;
- }
-
- /**
- * Returns the loginParameterResolverConfiguration.
- * @return String
- */
- public String getLoginParameterResolverConfiguration() {
- return loginParameterResolverConfiguration;
- }
-
- /**
- * Sets the connectionBuilderImpl for the proxy.
- * @param connectionBuilderImpl The connectionBuilderImpl to set
- */
- public void setConnectionBuilderImpl(String connectionBuilderImpl) {
- this.connectionBuilderImpl = connectionBuilderImpl;
- }
-
- /**
- * Sets the loginParameterResolverImpl for the proxy.
- * @param loginParameterResolverImpl The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
- this.loginParameterResolverImpl = loginParameterResolverImpl;
- }
-
- /**
- * Sets the loginParameterResolverConfiguration for the proxy.
- * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set
- */
- public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) {
- this.loginParameterResolverConfiguration = loginParameterResolverConfiguration;
- }
-
- /**
- * Returns the oaConfiguration.
- * @return OAConfiguration
- */
- public OAConfiguration getOaConfiguration() {
- return oaConfiguration;
- }
-
- /**
- * Sets the oaConfiguration.
- * @param oaConfiguration The oaConfiguration to set
- */
- public void setOaConfiguration(OAConfiguration oaConfiguration) {
- this.oaConfiguration = oaConfiguration;
- }
-
-/**
- * @return the errorRedirctURL
- */
-public String getErrorRedirctURL() {
- return errorRedirctURL;
-}
-
-/**
- * @param errorRedirctURL the errorRedirctURL to set
- */
-public void setErrorRedirctURL(String errorRedirctURL) {
- this.errorRedirctURL = errorRedirctURL;
-}
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
deleted file mode 100644
index 3220dc90c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ /dev/null
@@ -1,290 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.io.ByteArrayInputStream;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Builds the configuration for MOA-ID Proxy.
- */
-public class ProxyConfigurationBuilder extends ConfigurationBuilder {
-
- /**
- * Default online application configuration file name
- * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
- */
- public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
-
- /** an XPATH-Expression */
- private static final String PROXY_AUTH_XPATH =
- ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
- /** an XPATH-Expression */
- protected static final String ROOTOA = "/" + CONF + "Configuration/";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
- /** an XPATH-Expression */
- private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
- /** an XPATH-Expression */
- private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
- /** an XPATH-Expression */
- private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
-
- private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
- /** an XPATH-Expression */
- private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL";
- /** an XPATH-Expression */
- protected static final String OACONF_LOGIN_TYPE_XPATH =
- ROOTOA + CONF + "LoginType";
- /** an XPATH-Expression */
- protected static final String OACONF_BINDING_TYPE_XPATH =
- ROOTOA + CONF + "Binding";
- /** an XPATH-Expression */
- protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
- ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
- /** an XPATH-Expression */
- protected static final String OACONF_USER_ID_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
- /** an XPATH-Expression */
- protected static final String OACONF_PASSWORD_XPATH =
- ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
- /** an XPATH-Expression */
- protected static final String OACONF_HEADER_AUTH_HEADER_XPATH =
- ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
-
- /**
- * Creates a new <code>MOAConfigurationProvider</code>.
- *
- * @param configElem The root element of the MOA-ID configuration.
- */
- public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) {
- super(configElem, rootConfigDir);
- }
-
- /**
- * Method buildOAConfiguration.
- *
- * Build an {@link OAConfiguration} Object from the given configuration DOM element
- *
- * @param root
- * @return OAConfiguration
- * @throws ConfigurationException
- */
- public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
-
- OAConfiguration oaConfiguration = new OAConfiguration();
-
- //The LoginType hast to be "stateless" or "stateful" to be valid
-
- oaConfiguration.setLoginType(
- XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
-
- oaConfiguration.setBinding(
- XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator paramAuthIter =
- XPathUtils.selectNodeIterator(
- root,
- OACONF_PARAM_AUTH_PARAMETER_XPATH);
- Element paramAuthElem;
- HashMap paramAuthMap = new HashMap();
- while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
- String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
- String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
- if (paramAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- paramAuthMap.put(name, value);
- }
- oaConfiguration.setParamAuthMapping(paramAuthMap);
- // Try to build the BasicAuthParameters
- oaConfiguration.setBasicAuthUserIDMapping(
- XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
- oaConfiguration.setBasicAuthPasswordMapping(
- XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
-
- //Try to build the Parameter Auth Parameters
- NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
-
- Element headerAuthElem;
- HashMap headerAuthMap = new HashMap();
- while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
- String name =
- XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
- String value =
- XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
- // Contains Key (Neue Config-Exception: doppelte werte)
- if (headerAuthMap.containsKey(name))
- throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
- headerAuthMap.put(name, value);
- }
- oaConfiguration.setHeaderAuthMapping(headerAuthMap);
-
- if (paramAuthMap.size() == 0) {
- if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
- oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
- }
- else
- oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
-
- return oaConfiguration;
- }
-
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing information
- * about the proxy component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
-
- List oA_list = new ArrayList();
- NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
-
- for (int i = 0; i < OAIter.getLength(); i++) {
- Element oAElem = (Element) OAIter.item(i);
-
- Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
- if (proxyComponentElem != null) {
- OAProxyParameter oap = new OAProxyParameter();
-
- oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
- oap.setOaType(oAElem.getAttribute("type"));
- oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
- oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_));
- // default session time out: 3600 sec = 1 h
- oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
- oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
- oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
- oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
- oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
- oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null));
-
- ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
- oap.setConnectionParameter(conPara);
-
- OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
- oap.setOaConfiguration(oaConf);
-
- oA_list.add(oap);
- }
- }
- OAProxyParameter[] result =
- new OAProxyParameter[oA_list.size()];
- oA_list.toArray(result);
-
- return result;
-
- }
-
- /**
- * Reads the configuration file of the online application, and creates a DOM tree from it.
- * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
- * uses default configuration file location.
- *
- * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
- * @return Element DOM tree root element
- * @throws ConfigurationException on any exception thrown
- */
- private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
- {
- try {
- String configFileURL = oap.getConfigFileURL();
- if (configFileURL == null) {
- // use default config file URL, when config file URL is not given
- configFileURL = oap.getConnectionParameter().getUrl();
- if (configFileURL.charAt(configFileURL.length() - 1) != '/')
- configFileURL += "/";
- configFileURL += DEFAULT_OA_CONFIG_FILENAME;
- }
- Logger.info("Loading MOA-OA configuration " + configFileURL);
- Element configElem = DOMUtils.parseXmlValidating(
- new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
- return configElem;
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
- }
- }
-
- /**
- * Build a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter buildAuthComponentConnectionParameter()
- {
-
- Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH);
- if (connectionParameter==null) return null;
- return buildConnectionParameter(connectionParameter);
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
deleted file mode 100644
index 66d330d20..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ /dev/null
@@ -1,260 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config.proxy;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.MalformedURLException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * A class providing access to the Proxy Part of the MOA-ID configuration data.
- *
- * <p>Configuration data is read from an XML file, whose location is given by
- * the <code>moa.id.configuration</code> system property.</p>
- * <p>This class implements the Singleton pattern. The <code>reload()</code>
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to <code>getInstance()</code> will return
- * the same <code>ProxyConfigurationProvider</code> all the time. During the
- * processing of a web service request, the current
- * <code>TransactionContext</code> should be used to obtain the
- * <code>ProxyConfigurationProvider</code> local to that request.</p>
- *
- * @author Stefan Knirsch
- */
-public class ProxyConfigurationProvider extends ConfigurationProvider {
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static ProxyConfigurationProvider instance;
-
-
- //
- // configuration data
- //
- /**
- * connection parameters for connection to MOA ID Auth component
- */
- private ConnectionParameter authComponentConnectionParameter;
- /**
- * configuration parameters for online applications
- */
- private OAProxyParameter[] onlineApplicationProxyParameter;
-
- /**
- * Return the single instance of configuration data.
- *
- * @return ProxyConfigurationProvider The current configuration data.
- * @throws ConfigurationException
- */
- public static synchronized ProxyConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return ProxyConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized ProxyConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME);
- if (fileName == null) {
- throw new ConfigurationException("config.20", null);
- }
- Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
-
- instance = new ProxyConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for ProxyConfigurationProvider.
- */
- public ProxyConfigurationProvider(String fileName)
- throws ConfigurationException {
-
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- FileInputStream stream = null;
- Element configElem;
- ProxyConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new FileInputStream(fileName);
- configElem = DOMUtils.parseXmlValidating(stream);
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- }
- catch (IOException e) {
- }
- }
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
- // build the internal datastructures
- builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir);
- authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
-
- onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
- for(int i = 0; i < onlineApplicationProxyParameter.length; i++) {
- onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir));
- }
-
- genericConfiguration = builder.buildGenericConfiguration();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
-
- }
- catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
- public String getTrustedCACertificates() {
-
- return trustedCACertificates;
- }
-
- /**
- * @return the certstoreDirectory
- */
- public String getCertstoreDirectory() {
- if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
- return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
- else
- return null;
- }
-
- /**
- * @return the trustmanagerrevoationchecking
- */
- public boolean isTrustmanagerrevoationchecking() {
- if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
- return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING));
- else
- return true;
- }
-
-
- /**
- * Return a bean containing all information about the ProxyComponent
- * @return The ConnectionParameter for the Proxy Component
- */
- public ConnectionParameter getAuthComponentConnectionParameter() {
- return authComponentConnectionParameter;
- }
-
- /**
- * Build an array of OnlineApplication Parameter Beans containing all
- * information about the proxy component of the online application
- * @return An OAProxyParameter array containing beans
- * with all relevant information for the proxy component of the online
- * application
- */
- public OAProxyParameter[] getOnlineApplicationParameters() {
- return onlineApplicationProxyParameter;
- }
- /**
- * Provides configuration information regarding the online application behind
- * the given URL, relevant to the MOA-ID Proxy component.
- *
- * @param oaURL URL requested for an online application
- * @return an <code>OAProxyParameter</code>, or <code>null</code>
- * if none is applicable
- */
- public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
- OAProxyParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
- return oaParam;
- }
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
deleted file mode 100644
index 708eb3f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * Builder for {@link java.net.URLConnection} objects used to forward requests
- * to the remote online application.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-
-public interface ConnectionBuilder {
-
- /**
- * Builds an HttpURLConnection to a {@link java.net.URL} which is derived
- * from an {@link HttpServletRequest} URL, by substitution of a
- * public URL prefix for the real URL prefix.<br>
- * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but
- * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br>
- * The field settings of the HttpURLConnection are:
- * <ul>
- * <li><code>allowUserInteraction = false</code></li>
- * <li><code>doInput = true</code></li>
- * <li><code>doOutput = true</code></li>
- * <li><code>requestMethod = request.getMethod()</code></li>
- * <li><code>useCaches = false</code></li>
- * </ul>
- *
- * @param request the incoming request which shall be forwarded
- * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix
- * @param realURLPrefix the URL prefix to substitute the public URL prefix
- * @param sslSocketFactory factory to be used for creating an SSL socket in case
- * of a URL for scheme <code>"https:"</code>;
- * <br>if <code>null</code>, the default SSL socket factory would be used
- * @param parameters parameters to be forwarded
- * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to
- * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code>
- * @throws IOException if an I/O exception occurs during opening the connection
- * @see java.net.URL#openConnection()
- * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest request,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters) throws IOException;
-
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param con the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection con);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
deleted file mode 100644
index 6a268b061..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-
-/**
- * Factory delivering a {@link ConnectionBuilder} implementation for
- * an online application, initialized from configuration data.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConnectionBuilderFactory {
-
- /** default connection builder to be used for online application
- * where no special implementation of the <code>ConnectionBuilder</code>
- * interface is configured
- */
- private static ConnectionBuilder defaultConnectionBuilder;
- /** mapping from online application public URL prefix to an implementation
- * of the <code>ConnectionBuilder</code> interface to be used;
- * if no mapping is given for an online application, the
- * <code>DefaultConnectionBuilder</code> will be used */
- private static Map connectionBuilderMap;
-
- /**
- * Initializes the <code>ConnectionBuilder</code> map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultConnectionBuilder = new DefaultConnectionBuilder();
- connectionBuilderMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getConnectionBuilderImpl();
- if (className != null) {
- try {
- ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance();
- connectionBuilderMap.put(publicURLPrefix, cb);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the <code>ConnectionBuilder</code> implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return <code>ConnectionBuilder</code> implementation
- */
- public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) {
- ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix);
- if (cb == null)
- return defaultConnectionBuilder;
- else
- return cb;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
deleted file mode 100644
index 59ef64357..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ /dev/null
@@ -1,229 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.util.Iterator;
-import java.util.Vector;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-
-
-/**
- * Defaultimplementierung von <code>ConnectionBuilder</code>.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /**
- * Constructor for DefaultConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public DefaultConnectionBuilder() throws ConfigurationException {
- //INFO: removed from MOA-ID 2.0 config
- cbDisableHostnameVerification = false;
-// cbDisableHostnameVerification = BoolUtils.valueOf(
-// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
-// "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters)
- throws IOException {
-
- // Bug [#540]
- //String requestedURL = req.getRequestURL().toString();
- String requestedURL = escapeUrl(req.getRequestURL().toString());
-
- // check whether requested URL starts with publicURLPrefix
-
- //Temporary allow http:// urls instead of the https:// in publicURLPrefix
- //if (req.getSession().getAttribute("authorizationkey")==null) {
- // if (! requestedURL.startsWith(publicURLPrefix))
- // throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- // "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
- //}
-
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
- URL url = new URL(realURLString);
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
-
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
- conn.setRequestMethod(req.getMethod());
- conn.setDoInput(true);
- conn.setDoOutput(true);
- //conn.setUseCaches(false);
- //conn.setAllowUserInteraction(true);
- conn.setInstanceFollowRedirects(false);
-
- // JSSE Abhängigkeit
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
-
- return conn;
- }
-
- private static String escapeUrl(String unescapedUrlString) throws RuntimeException {
- try {
- URL unescapedUrl = new URL(unescapedUrlString);
- String protocol = unescapedUrl.getProtocol();
- String fragment = unescapedUrl.getRef();
- String ssp = unescapedUrlString.substring(protocol.length() + 1, unescapedUrlString.length() - ((fragment == null) ? 0 : fragment.length() + 1));
-
- URL url2 = new URI(protocol, ssp, fragment).toURL();
- return url2.toExternalForm();
- } catch (MalformedURLException e) {
- throw new RuntimeException(e);
- } catch (URISyntaxException e) {
- throw new RuntimeException(e);
- }
- }
-
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection conn) {
- conn.disconnect();
- }
-
-
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Vector parameters) {
- String newURL = requestedURL;
- String parameter[] = new String[2];
- String paramValue ="";
- String paramName ="";
- String paramString ="";
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- try {
- parameter = (String[]) iter.next();
- //next two lines work not with OWA-SSL-Login-form
- paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
- paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
-
- } catch (UnsupportedEncodingException e) {
- //UTF-8 should be supported
- }
- paramString = "&" + paramName + "=" + paramValue + paramString;
- }
- if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
-
- // JSSE Abhängigkeit
- private class HostnameNonVerifier implements HostnameVerifier {
-
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
- /*public boolean verify(String arg0, String arg1) {
- return true;
- }*/
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
deleted file mode 100644
index f094dfabf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Implementation of interface <code>LoginParameterResolver</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DefaultLoginParameterResolver implements LoginParameterResolver {
-
-
-
- /**
- * Configuration mehtod (not used)
- */
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- }
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) {
- String useridPredicate = oaConf.getBasicAuthUserIDMapping();
- String userid = resolveValue(useridPredicate, authData, clientIPAddress);
- String passwordPredicate = oaConf.getBasicAuthPasswordMapping();
- String password = resolveValue(passwordPredicate, authData, clientIPAddress);
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- result.put("Authorization", "Basic " + credentials);
- }
- catch (IOException ignore) {
- }
- }
- else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) {
- for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
- String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) {
-
- Map result = new HashMap();
-
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
- for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
- String predicate = (String) oaConf.getParamAuthMapping().get(key);
- String resolvedValue;
- try {
- resolvedValue =
- URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
- } catch (UnsupportedEncodingException e) {
- //ISO-8859-1 is supported
- resolvedValue = null;
- }
- result.put(key, resolvedValue);
- }
- }
-
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; <code>null</code> if unknown name is given
- */
- private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) {
- if (predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if (predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if (predicate.equals(MOADateOfBirth))
- return authData.getFormatedDateOfBirth();
- if (predicate.equals(MOABPK))
- return authData.getBPK();
-
- //AuthData holdes the correct BPK/WBPK
- if (predicate.equals(MOAWBPK))
- return authData.getBPK();
- if (predicate.equals(MOAPublicAuthority))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if (predicate.equals(MOAQualifiedCertificate))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
deleted file mode 100644
index 4d5511ef8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLStreamHandler;
-import java.util.Iterator;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-import com.ibm.webdav.protocol.http.WebDAVURLConnection;
-
-
-/**
- * Defaultimplementierung von <code>ConnectionBuilder</code>.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ElakConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
-
- /** a boolean to indicat if webdav protocol handler was already set */
- private static boolean webdavPHSet = false;
-
- /**
- * The system property name used to register a protocol handler.
- */
- public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs";
-
- /**
- * The package providing the ldap protocol handler.
- */
- public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol";
-
- /**
- * The pipe character used to sepearte different protocol handlers.
- */
- public final static char PIPE_CHAR = '|';
-
-
-
-
-
- /**
- * Constructor for ElakConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public ElakConnectionBuilder() throws ConfigurationException {
-
- //INFO: removed from MOA-ID 2.0 config
- cbDisableHostnameVerification = false;
-// cbDisableHostnameVerification = BoolUtils.valueOf(
-// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
-// "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public HttpURLConnection buildConnection(
- HttpServletRequest req,
- String publicURLPrefix,
- String realURLPrefix,
- SSLSocketFactory sslSocketFactory,
- Vector parameters)
- throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
- if (! requestedURL.startsWith(publicURLPrefix))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
-
-
-
- // in case of GET request, append query string to requested URL;
- // otherwise, HttpURLConnection would perform a POST request
- //FIXME right parameters
- /*
- if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
- requestedURL = appendQueryString(requestedURL, parameters);
- }
- */
- //TODO RSCH check functionality
- if (null != req.getQueryString() && 0 != req.getQueryString().length() ) {
- String query = req.getQueryString();
- requestedURL = requestedURL + "?" + query;
-
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
-
- if(query.indexOf(parameter[0]) >= 0) iter.remove();
- }
- }
-
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
-
-
- Logger.info("Registering WebDAV protocol handler");
- String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME);
- if (protocolHandlers == null) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- } else {
- // check, if WEBDAV protocol handler is already configured
- boolean isConfigured = false;
- StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| ");
- while (tokenizer.hasMoreTokens()) {
- String protocolHandler = tokenizer.nextToken();
- if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) {
- isConfigured = true;
- break;
- }
- }
- // if it has not been configured yet, configure it
- if (!isConfigured) {
- protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers;
- System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
- }
- }
- Logger.info("Registered protocol handlers: " + protocolHandlers);
- Class webdavSH = null;
- try
- {
- webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler");
- }
- catch (ClassNotFoundException e)
- {
- e.printStackTrace();
- }
- URLStreamHandler urlStreamHandler = null;
- try
- {
- urlStreamHandler = (URLStreamHandler) webdavSH.newInstance();
- }
- catch (InstantiationException e1)
- {
- e1.printStackTrace();
- }
- catch (IllegalAccessException e1)
- {
- e1.printStackTrace();
- }
- //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler);
- //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection();
-
-
- URL testURL = new URL(realURLString);
- Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName());
-
- //URL url = new URL(realURLString);
- URL testURL2 = new URL(realURLString);
-
- URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler);
-
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
- WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection();
- HttpURLConnection conn = (HttpURLConnection)webDavConn;
- webDavConn.setRequestMethod(req.getMethod());
- webDavConn.setDoInput(true);
- webDavConn.setDoOutput(true);
- //conn.setUseCaches(false);
- webDavConn.setAllowUserInteraction(true);
- webDavConn.setInstanceFollowRedirects(false);
- // JSSE Abhängigkeit
- if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
- HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
- httpsConn.setSSLSocketFactory(sslSocketFactory);
- if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
- }
- return conn;
- }
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(HttpURLConnection conn) {
- conn.disconnect();
- }
-
- /**
- * @param requestedURL
- * @param parameters
- * @return
- */
- private String appendQueryString(String requestedURL, Vector parameters) {
- String newURL = requestedURL;
- String parameter[] = new String[2];
- String paramValue ="";
- String paramName ="";
- String paramString ="";
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- try {
- parameter = (String[]) iter.next();
- //Following two lines do not work with OWA-SSL-Login-form
- paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
- paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
-
- } catch (UnsupportedEncodingException e) {
- //UTF-8 should be supported
- }
- paramString = "&" + paramName + "=" + paramValue + paramString;
- }
- if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
- return newURL;
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
-//JSSE Abhängigkeit
- private class HostnameNonVerifier implements HostnameVerifier {
-
-
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
-// public boolean verify(String arg0, String arg1) {
-// return true;
-// }
-
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
deleted file mode 100644
index 2bc0fe131..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ /dev/null
@@ -1,266 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.io.IOException;
-import java.net.URL;
-import java.net.URLStreamHandler;
-import java.util.Iterator;
-import java.util.Vector;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-
-import HTTPClient.HTTPConnection;
-import HTTPClient.HttpURLConnection;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-
-/**
- * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>.
- * uses the HTTP(s)Client from Ronald Tschalär.
- * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/
- *
- * @author pdanner
- */
-public class EnhancedConnectionBuilder implements ConnectionBuilder {
-
- /** a boolean to disable the HostnameVerification (default = false)*/
- private static boolean cbDisableHostnameVerification = false;
- /** Name of the Parameter for the Target */
- private static final String PARAM_TARGET = "Target";
- /** Name of the Parameter for the SAMLArtifact */
- private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
- /** Name of the Attribute for marking the session as authenticated*/
- private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
-
- static {
- HTTPConnection.setDefaultTimeout(0);
- try {
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule"));
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule"));
- HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule"));
- //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule"));
- } catch (ClassNotFoundException e) {
-
- }
- }
-
- /**
- * Constructor for OWAConnectionBuilder.
- * @throws ConfigurationException on any config error
- */
- public EnhancedConnectionBuilder() throws ConfigurationException {
-
- //INFO: removed from MOA-ID 2.0 config
- cbDisableHostnameVerification = false;
-// cbDisableHostnameVerification = BoolUtils.valueOf(
-// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
-// "ProxyComponent.DisableHostnameVerification"));
- //TODO MOA-ID BRZ undocumented feature
- if (cbDisableHostnameVerification)
- Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
- */
- public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException {
-
- String requestedURL = req.getRequestURL().toString();
- // check whether requested URL starts with publicURLPrefix
-
- if (! requestedURL.startsWith(publicURLPrefix.substring(0,5)))
- throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
- "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
-
- String query = req.getQueryString();
- if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) {
- query = removeParameter(query, PARAM_SAMLARTIFACT);
- query = removeParameter(query, PARAM_TARGET);
- req.getSession().removeAttribute(ATT_AUTHDATAFETCHED);
- }
- if (null != query && 0 != query.length() ) {
- requestedURL = requestedURL + "?" + query;
-
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
- if(query.indexOf(parameter[0]) >= 0) iter.remove();
- }
- }
-
- // build real URL in online application
- String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
-
- // build real URL in online application
- URLStreamHandler urlStreamHandler = null;
-
- //URL url = new URL(realURLString);
- if (realURLString.startsWith("https")) {
- urlStreamHandler = new HTTPClient.https.Handler();
- } else{
- urlStreamHandler = new HTTPClient.http.Handler();
- }
- URL url = new URL(null, realURLString, urlStreamHandler);
- Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
-
- HttpURLConnection conn = (HttpURLConnection)url.openConnection();
-
- conn.setRequestMethod(req.getMethod());
- conn.setDoInput(true);
- conn.setDoOutput(true);
- //conn.setUseCaches(false);
- //conn.setAllowUserInteraction(true);
- conn.setInstanceFollowRedirects(false);
-
- if (realURLString.startsWith("https") && sslSocketFactory != null) {
- conn.setSSLSocketFactory(sslSocketFactory);
- //Not available in HTTPClient
- //if (cbDisableHostnameVerification)
- // conn.setHostnameVerifier(new HostnameNonVerifier());
- }
-
- return conn;
-
- }
-
- /**
- * Disconnects the HttpURLConnection if necessary.
- * The implementation of the Connectionbuilder decides wether
- * if this should be happen or not.
- *
- * @param conn the HttpURLConnection which is normaly to be closed
- */
- public void disconnect(java.net.HttpURLConnection conn) {
- // In HTTPClient there must not be an diconnect!
- // conn.disconnect();
- }
-
- /**
- * @author Stefan Knirsch
- * @version $Id$
- * A private class to change the standard HostName verifier to disable the
- * Hostname Verification Check
- */
- // JSSE Abhängigkeit
- private class HostnameNonVerifier implements HostnameVerifier {
-
-
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
-
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
-// public boolean verify(String arg0, String arg1) {
-// return true;
-// }
-
- }
-
- /**
- * Removes parameters from the query-URL recursively
- *
- * @param query the query from which the parameter is to be removed
- * @param parameter the parameter to be removed
- * @return the parameterclean query
- */
- private String removeParameter(String query, String parameter) {
- return removeParameter(query, parameter, true);
- }
-
- /**
- * Removes one parameter from the query-URL recursively
- *
- * @param query the query from which the parameter is to be removed
- * @param parameter the parameter to be removed
- * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences
- * @return the parameterclean query
- */
- private String removeParameter(String query, String parameter, boolean remove) {
- String result = query;
- if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) {
- String param = parameter;
- int capEnd=0;
- if (!param.endsWith("=")) param=param+"=";
- if (query.startsWith(param)) {
- //remove leading
- result="";
- } else {
- if (!param.startsWith("&")) param="&"+param;
- capEnd = query.indexOf(param);
- if (capEnd!=-1) {
- //leading part
- result=query.substring(0, capEnd);
- }
- }
- if (capEnd!=-1) {
- //trailing part
- capEnd += param.length();
- int capBegin = -1;
- if (capEnd <query.length()) capBegin = query.indexOf("&", capEnd);
- if (capBegin!=-1) {
- if (capBegin<query.length()) {
- result=result + query.substring(capBegin);
- if (result.startsWith("&")) result = result.substring(1); //if now is leading part
- }
- }
- }
- result = removeParameter(result, parameter, !query.equals(result));
- }
- return result;
- }
-
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
deleted file mode 100644
index d432f8c41..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-
-/**
- * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
- * to the remote online application.
- * Utilizes {@link OAConfiguration} and {@link AuthenticationData}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public interface LoginParameterResolver {
-
- /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
- * naming predicates used by the <code>LoginParameterResolver</code>. */
- public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOABPK = "MOABPK";
- /** Constant used in <code>MOAIDConfiguration-1.3.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAWBPK = "MOAWBPK";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOABKZ = "MOABKZ";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAStammzahl = "MOAStammzahl";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
- /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAIPAddress = "MOAIPAddress";
-
- /**
- * Returns authentication headers to be added to a URLConnection.
- *
- * @param oaConf configuration data
- * @param authData authentication data
- * @param clientIPAddress client IP address
- * @param businessService boolean value for recognizing (w)bPK-mode
- * @param publicURLPrefix to distinguish different online applications
- * @return A map, the keys being header names and values being corresponding header values.
- * <br>In case of authentication type <code>"basic-auth"</code>, header fields
- * <code>username</code> and <code>password</code>.
- * <br>In case of authentication type <code>"header-auth"</code>, header fields
- * derived from parameter mapping and authentication data provided.
- * <br>Otherwise, an empty map.
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
-
- /**
- * Returns request parameters to be added to a URLConnection.
- *
- * @param oaConf configuration data
- * @param authData authentication data
- * @param clientIPAddress client IP address
- * @param businessService boolean value for recognizing (w)bPK-mode
- * @param publicURLPrefix to distinguish different online applications
- * @return A map, the keys being parameter names and values being corresponding parameter values.
- * <br>In case of authentication type <code>"param-auth"</code>, parameters
- * derived from parameter mapping and authentication data provided.
- * <br>Otherwise, an empty map.
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
-
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
deleted file mode 100644
index 1767185c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class LoginParameterResolverException extends MOAIDException {
-
- /**
- *
- */
- private static final long serialVersionUID = 3924645289077681081L;
-
- /**
- * Constructor for LoginParameterResolverException.
- * @param messageId
- * @param parameters
- */
- public LoginParameterResolverException(
- String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for LoginParameterResolverException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public LoginParameterResolverException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
deleted file mode 100644
index 0b43630ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-
-/**
- * Factory delivering a {@link LoginParameterResolver} implementation for
- * an online application, initialized from configuration data.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class LoginParameterResolverFactory {
-
- /** default login parameter resolver to be used for online application
- * where no special implementation of the <code>LoginParameterResolver</code>
- * interface is configured
- */
- private static LoginParameterResolver defaultLoginParameterResolver;
- /** mapping from online application public URL prefix to an implementation
- * of the <code>LoginParameterResolver</code> interface to be used;
- * if no mapping is given for an online application, the
- * <code>DefaultLoginParameterResolver</code> will be used */
- private static Map loginParameterResolverMap;
-
- /**
- * Initializes the <code>LoginParameterResolver</code> map from the configuration data.
- * @throws ConfigurationException when the configuration cannot be read,
- * or when a class name configured cannot be instantiated
- */
- public static void initialize() throws ConfigurationException {
- defaultLoginParameterResolver = new DefaultLoginParameterResolver();
- loginParameterResolverMap = new HashMap();
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
- String publicURLPrefix = oaParam.getPublicURLPrefix();
- String className = oaParam.getLoginParameterResolverImpl();
- String configuration = oaParam.getLoginParameterResolverConfiguration();
- if (className != null) {
- try {
- Class lprClass = Class.forName(className);
- LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
-
- Class[] argumentTypes = { String.class, Boolean.class };
- Method confMethod = lprClass.getMethod( "configure", argumentTypes );
-
- Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) };
- confMethod.invoke( lpr, arguments );
-
- loginParameterResolverMap.put(publicURLPrefix, lpr);
- }
- catch (InvocationTargetException lpex) {
- throw new ConfigurationException("config.11", new Object[] {className}, lpex);
- }
- catch (Throwable ex) {
- throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
- }
- }
- }
- }
-
- /**
- * Gets the <code>LoginParameterResolver</code> implementation to be used for the given
- * online application.
- * @param publicURLPrefix public URL prefix of the online application
- * @return <code>LoginParameterResolver</code> implementation
- */
- public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) {
- LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix);
- if (lpr == null)
- return defaultLoginParameterResolver;
- else
- return lpr;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
deleted file mode 100644
index 91df96027..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
-import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Web application initializer
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDProxyInitializer {
-
- /**
- * Initializes the web application components which need initialization:
- * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
- */
- public static void initialize()
- throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
-
- Logger.setHierarchy("moa.id.proxy");
-
- // Restricts TLS cipher suites
- System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- }
- catch (ClassNotFoundException e) {
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
- }
-
- // Initializes the SSLSocketFactory store
- SSLUtils.initialize();
-
- // Initializes IAIKX509TrustManager logging
- String log4jConfigURL = System.getProperty("log4j.configuration");
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
-
- // Loads the configuration
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();
-
- // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
- // using configuration data
- ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
- if (connParamAuth!=null) {
- if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
- }
- } else {
- throw new ConfigurationException("config.16", null);
- }
-
- // Initializes the Axis secure socket factories for use in calling the online applications,
- // using configuration data
- OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAProxyParameter oaParam = oaParams[i];
- ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL());
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- }
-
- // Initializes the ConnectionBuilderFactory from configuration data
- ConnectionBuilderFactory.initialize();
-
- // Initializes the LoginParameterResolverFactory from configuration data
- LoginParameterResolverFactory.initialize();
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
deleted file mode 100644
index df8a9bd4e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- * Reason for this exception: the dedicated LoginParameterResolver does
- * not allow access to the desired ressource.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class NotAllowedException extends MOAIDException {
-
- /**
- *
- */
- private static final long serialVersionUID = -265024674370936886L;
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for NotAllowedException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public NotAllowedException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
deleted file mode 100644
index a5c632077..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ /dev/null
@@ -1,727 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import iaik.security.provider.IAIK;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * XMLLoginParameterResolver an implementation of implementation of interface
- * <code>LoginParameterResolver</code>
- * This implementation used to map identities stored in an XML file to parameters
- * which are given to OAs.
- *
- * @author Rudolf Schamberger
- * @version $Id$
- */
-public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver {
-
- //file which is parsed and interpreted for paremeter resolving.
- private String identityFile;
-
- private Cipher blowfishCipher;
- private Key key;
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- //TODO XMLLPR decrypt
- public String getPlainUN() {
- //Security.addProvider();
-
-
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or <code>null</code> not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or <code>null</code> not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or <code>null</code> not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or <code>null</code> not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a <code>String</code> representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param2 = Param2;
- this.Param3 = Param3;
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object.
- **/
- public XMLLoginParameterResolverEncryptedData() {
- bPKMap = new HashMap();
- namedMap = new HashMap();
- }
-
- /**
- * configuration method
- * @param configuration enabled enable user mapping to parameter set for the parameter set.
- */
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- File idFile;
- Element rootElement;
-
- Security.addProvider(new IAIK());
- try {
- blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK");
-
- } catch (NoSuchPaddingException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()});
- } catch (NoSuchProviderException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()});
- } catch (NoSuchAlgorithmException e) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()});
- }
-
- String plaintext = "start";
- String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim");
- String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim");
- Logger.debug("plaintext: " + plaintext);
- Logger.debug("encrypted: " + encrypted);
- Logger.debug("decrypted: " + decrypted);
-
- //make file name absolut (if it is relative to main config file)
- //TODO MOAID XMLLPR check
- String moaIDConfigFileName = System.getProperty(ConfigurationProvider.PROXY_CONFIG_PROPERTY_NAME);
- String rootConfigFileDir = new File(moaIDConfigFileName).getParent();
- this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir);
-
- if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) {
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
- }
- try {
- rootElement = readXMLFile(identityFile);
- } catch (IOException lex) {
- Logger.error(lex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
-
- } catch (SAXException sex) {
- Logger.error(sex.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() });
- } catch (ParserConfigurationException e) {
- // TODO XMLPR Auto-generated catch block
- Logger.error(e.toString());
- throw new LoginParameterResolverException("config.11",
- new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() });
- }
- buildInfo(rootElement, businessService.booleanValue());
- isConfigured = true;
- }
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext
- * @param plaintext
- * @param bPK
- * @param masterSecret
- * @return encrypted data (blowfish encrypted, base64 encoded)
- * @throws LoginParameterResolverException
- */
- public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
-
- blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param);
- byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8"));
- return Base64Utils.encode(cipherText);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
- /**
- * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext
- * @param ciphertext (blowfish encrypted, base64encoded)
- * @param bPK
- * @param masterSecret
- * @return decrypted Data (plaintext)
- * @throws LoginParameterResolverException
- */
- public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException
- {
- try {
- String keyString = bPK + masterSecret;
- key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
- IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
- blowfishCipher.init(Cipher.DECRYPT_MODE, key, param);
- byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true));
- return new String(plaintext);
- } catch (UnsupportedEncodingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidKeyException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (BadPaddingException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalBlockSizeException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IllegalStateException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (InvalidAlgorithmParameterException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- } catch (IOException e) {
- throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
- }
- }
-
-
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationHeaders(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
- Map result = new HashMap();
-
- if (!isConfigured) {
- //TODO XMLLPR
- throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" +
- identityFile + "' is not configured!", null);
- }
-
- //get the Identity of the user
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- LPRParams params = null;
- boolean userFound = false;
-
- //try (w)bPK and named search
- params = bPKIdentitySearch(bPK, wType);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //HTTP 401 - Basic Authentication
- if (oaConf.getAuthType().equals("basic")) {
- userid = (null != params.getUN()) ? params.getUN() : "";
- password = (null != params.getPW()) ? params.getPW() : "";
-
- try {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8"));
- Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- } catch (IOException ignore) {
- throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"});
- }
- } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication
- String key;
- String resolvedValue;
- //TODO MOAID XMLLPR select value through OA-ConfigFile;
- if(null != params.getUN()) result.put("UN", params.getUN());
- if(null != params.getPW()) result.put("UN", params.getPW());
- if(null != params.getParam1()) result.put("UN", params.getParam1());
- if(null != params.getParam2()) result.put("UN", params.getParam2());
- if(null != params.getParam3()) result.put("UN", params.getParam3());
-
- } else {
- throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"});
- }
-
- return result;
- }
-
- /**
- * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
- */
- public Map getAuthenticationParameters(
- OAConfiguration oaConf,
- SAML1AuthenticationData authData,
- String clientIPAddress,
- boolean businessService,
- String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
-
- Map result = new HashMap();
-
- if (!isConfigured) {
- Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
- return result;
- }
-
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- LPRParams params = null;
-
- //try (w)bPK and named search
- params = bPKIdentitySearch(bPK, wType);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //TODO MOAID XMLLPR URLEncoder.encode
- if (oaConf.getAuthType().equals("param")) {
- try {
- if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1"));
- if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1"));
- if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1"));
- if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1"));
- if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1"));
- } catch (UnsupportedEncodingException e) {
- // ISO-8859-1 is supported
- throw new LoginParameterResolverException("URLEncoder error", null);
- }
- } else {
- throw new LoginParameterResolverException("AuthType not supported", null);
- }
- return result;
- }
-
- /**
- * Resolves a login header or parameter value.
- * @param predicate header or parameter predicate name from online application configuration
- * @param authData authentication data for current login
- * @param clientIPAddress client IP address
- * @return header or parameter value resolved; <code>null</code> if unknown name is given
- */
- private static String resolveValue(
- String predicate,
- SAML1AuthenticationData authData,
- String clientIPAddress) {
- if (predicate.equals("MOAGivenName"))
- return authData.getGivenName();
- if (predicate.equals("MOAFamilyName"))
- return authData.getFamilyName();
- if (predicate.equals("MOADateOfBirth"))
- return authData.getFormatedDateOfBirth();
- if (predicate.equals("MOABPK"))
- return authData.getBPK();
-
- //AuthData holdes the correct BPK/WBPK
- if (predicate.equals("MOAWBPK"))
- return authData.getBPK();
- if (predicate.equals("MOAPublicAuthority"))
- if (authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if (predicate.equals("MOABKZ"))
- return authData.getPublicAuthorityCode();
- if (predicate.equals("MOAQualifiedCertificate"))
- if (authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if (predicate.equals("MOAStammzahl"))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if (predicate.equals("MOAIPAddress"))
- return clientIPAddress;
- else
- return null;
- }
-
- /**
- * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element.
- * @param fileName of the configuration file.
- */
- private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException {
- Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName);
-
- InputStream stream = null;
- Element configElem;
-
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return configElem;
- }
-
- /**
- * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file.
- * @param root document root element.
- */
- private void buildInfo(Element root, boolean businessService) {
- NodeList idList = root.getElementsByTagName(XSD_IDELEM);
- NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM);
- String wType ="";
- if (businessService) wType = "w";
- for (int i = 0; i < idList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
-
- for (int i = 0; i < paramList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName());
-
- for (int i = 0; i < idList.getLength(); i++) {
- Element tmpElem = (Element) idList.item(i);
- NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM);
- for (int j = 0; j < tmpList.getLength(); j++)
- Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName());
-
- //Search for NamedIdentity Elements
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," +
- tmpElem.getAttribute(XSD_BIRTHDATEATTR);
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- //TODO XMLLPR remove
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else {
-
- //(w)bPKIdentity Elements
- if (businessService) {
- tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM);
- } else {
- tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
- }
- if (1 == tmpList.getLength()) {
- tmpElem = (Element) tmpList.item(0);
- String tmpStr = "";
- if (businessService) {
- tmpStr = tmpElem.getAttribute(XSD_WBPKATTR);
- } else {
- tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
- }
- boolean tmpBool = false;
- if (tmpElem.getFirstChild() != null
- && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element) paramList.item(i);
- Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
- " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
- " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
- " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
- " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
- tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
- tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else {
- if (businessService) {
- Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found");
- } else {
- Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
- }
- }
- }
- }
-
- Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug(wType + "bPKMap:" + bPKMap.toString());
- }
-
-
-
-
- /**
- * searches for a given bPK and returns the appropriate LPRParams structure
- * @param bPK search argument
- * @return LPRParams if bPK could be found in internal mappings or null otherwise.
- */
- LPRParams bPKIdentitySearch(String bPK, String wType) {
- //search for mapping with (w)bPK of the user
- Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK);
- LPRParams params = (LPRParams) bPKMap.get(bPK);
- if (null == params) {
- Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!");
- return null;
- } else if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled");
- return null;
- }
-
- /**
- * searches for a given namedIdentity and returns the appropriate LPRParams structure
- * @param surName surname search argument
- * @param givenName givenname search argument
- * @param dateOfBirth dateofbirth search argument
- * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise.
- */
- LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
- Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth);
- //try first a search with surname, givenname and birthdate
- LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth);
- if (null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!");
- //try a search with surname, givenname only
- params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
- if(null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!");
- return null;
- }
- }
-
- if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled");
- return null;
- }
-
- //public static final String XSD_MAPPING = "Mapping";
- //public static final String XSD_DOCELEM = "MOAIdentities";
- public static final String XSD_IDELEM = "Identity";
- public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- public static final String XSD_BPKIDELEM = "bPKIdentity";
- public static final String XSD_WBPKIDELEM = "wbPKIdentity";
- public static final String XSD_PARAMELEM = "Parameters";
- public static final String XSD_SURNAMEATTR = "SurName";
- public static final String XSD_GIVENNAMEATTR = "GivenName";
- public static final String XSD_BIRTHDATEATTR = "BirthDate";
- public static final String XSD_BIRTHDATEBLANKATTR = "any";
- public static final String XSD_BPKATTR = "bPK";
- public static final String XSD_WBPKATTR = "wbPK";
- public static final String XSD_UNATTR = "UN";
- public static final String XSD_PWATTR = "PW";
- public static final String XSD_PARAM1ATTR = "Param1";
- public static final String XSD_PARAM2ATTR = "Param2";
- public static final String XSD_PARAM3ATTR = "Param3";
- private Map bPKMap;
- private Map namedMap;
- private boolean isConfigured = false;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
deleted file mode 100644
index 740421024..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ /dev/null
@@ -1,472 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy;
-
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import java.io.IOException;
-import java.util.*;
-
-import org.apache.xerces.parsers.DOMParser;
-import org.w3c.dom.*;
-
-// Referenced classes of package at.gv.egovernment.moa.id.proxy:
-//
-// TODO MOA-ID test full functionality
-
-public class XMLLoginParameterResolverPlainData
- implements LoginParameterResolver
-{
- private String configuration;
-
- /**
- * inner class used to store mapped parameters
- */
- class LPRParams {
-
- /**
- * getter method for parameter Enabled.
- * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
- */
- public boolean getEnabled() {
- return enabled.booleanValue();
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getUN() {
- return UN;
- }
-
- /**
- * getter method for parameter UN (username)
- * @return Parameter UN or <code>null</code> not set.
- */
- public String getPlainUN() {
- return UN;
- }
-
-
- /**
- * getter method for parameter PW (password)
- * @return Parameter PW or <code>null</code> not set.
- */
- public String getPW() {
- return PW;
- }
-
- /**
- * getter method for generic parameter Param1
- * @return Parameter Param1 or <code>null</code> not set.
- */
- public String getParam1() {
- return Param1;
- }
-
- /**
- * getter method for generic parameter Param2
- * @return Parameter Param2 or <code>null</code> not set.
- */
- public String getParam2() {
- return Param2;
- }
-
- /**
- * getter method for generic parameter Param3
- * @return Parameter Param3 or <code>null</code> not set.
- */
- public String getParam3() {
- return Param3;
- }
-
- /**
- * Returns a string representation of LPRParams
- *
- * @return a <code>String</code> representation of this object.
- * @see XMLLoginParameterResolver.LPRParams
- */
- public String toString() {
- return "Enabled: "
- + enabled.toString()
- + "UN: '"
- + UN
- + "' PW: '"
- + PW
- + "' Param1: '"
- + Param1
- + "' Param2: '"
- + Param2
- + "' Param3: '"
- + Param3
- + "'\n";
- }
-
- //private member variables used to store the parameters
- private Boolean enabled = null;
- private String UN = null;
- private String PW = null;
- private String Param1 = null;
- private String Param2 = null;
- private String Param3 = null;
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
- * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
- * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
- this.enabled = new Boolean(enabled);
- this.UN = UN;
- this.PW = PW;
- this.Param1 = Param1;
- this.Param2 = Param2;
- this.Param3 = Param3;
- }
-
- /**
- * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
- *
- * @param enabled enable user mapping to parameter set for the parameter set.
- * @param UN username used in HTTP 401 - BasicAuthentication
- * @param PW password used in HTTP 401 - BasicAuthentication
- **/
- LPRParams(boolean enabled, String UN, String PW) {
- this(enabled, UN, PW, null, null, null);
- }
- }
-
- //TODO document
- public XMLLoginParameterResolverPlainData()
- {
- bPKMap = new HashMap();
- namedMap = new HashMap();
-
- }
-
- //TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("basic"))
- {
- String famName = resolveValue(MOAFamilyName, authData, clientIPAddress);
- String givenName = resolveValue(MOAGivenName, authData, clientIPAddress);
- String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress);
- String bPK ="";
- String wType= "";
- if (businessService) {
- bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
- wType = "w";
- } else {
- bPK = resolveValue(MOABPK, authData, clientIPAddress);
- }
- String userid = "";
- String password = "";
- String param1 = "";
- String param2 = "";
- String param3 = "";
-
- LPRParams params = null;
- boolean userFound = false;
-
- //first step: search for (w)bPK entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK);
- params = (LPRParams)bPKMap.get(bPK);
- if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!");
- else
- if(params.getEnabled())
- { //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- } else
- {
- Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled");
- }
- if(!userFound) //secound step: search for name entry in user list
- {
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth);
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth);
- if(params == null) {
- Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!");
- //try also with wildcard ("*") birthdate
- params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*");
- if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!");
- }
-
- if(null != params && params.getEnabled())
- {
- Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- }
- }
- if(!userFound) //third step: search for default user in user list
- {
- //third step: search for (w)bPK for the default user entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user");
- params = (LPRParams)bPKMap.get("default");
- if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!");
- else
- if(params.getEnabled())
- { //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
- userid = params.getUN();
- password = params.getPW();
- param1 = params.getParam1();
- param2 = params.getParam2();
- param3 = params.getParam3();
- userFound = true;
- } else
- {
- Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled");
- }
- }
-
- if(!userFound) //if user is not found then throw NotAllowedException exception
- {
- //TODO MOA-ID proove this with testcases!
- Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login");
- throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { });
- }
- try //if user was found: generate Authorization header entry with associated credemtials
- {
- String userIDPassword = userid + ":" + password;
- String credentials = Base64Utils.encode(userIDPassword.getBytes());
- Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials);
- result.put("Authorization", "Basic " + credentials);
- }
- catch(IOException ignore) { }
- } else
- if(oaConf.getAuthType().equals("header"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getHeaderAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
- {
- Map result = new HashMap();
- if(oaConf.getAuthType().equals("param"))
- {
- String key;
- String resolvedValue;
- for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
- {
- key = (String)iter.next();
- String predicate = (String)oaConf.getParamAuthMapping().get(key);
- resolvedValue = resolveValue(predicate, authData, clientIPAddress);
- }
-
- }
- return result;
- }
-
- private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress)
- {
- if(predicate.equals(MOAGivenName))
- return authData.getGivenName();
- if(predicate.equals(MOAFamilyName))
- return authData.getFamilyName();
- if(predicate.equals(MOADateOfBirth))
- return authData.getFormatedDateOfBirth();
- if(predicate.equals(MOABPK))
- return authData.getBPK();
-
- //AuthData holds the correct BPK/WBPK
- if(predicate.equals(MOAWBPK))
- return authData.getBPK();
- if(predicate.equals(MOAPublicAuthority))
- if(authData.isPublicAuthority())
- return "true";
- else
- return "false";
- if(predicate.equals(MOABKZ))
- return authData.getPublicAuthorityCode();
- if(predicate.equals(MOAQualifiedCertificate))
- if(authData.isQualifiedCertificate())
- return "true";
- else
- return "false";
- if(predicate.equals(MOAStammzahl))
- return authData.getIdentificationValue();
- if (predicate.equals(MOAIdentificationValueType))
- return authData.getIdentificationType();
- if(predicate.equals(MOAIPAddress))
- return clientIPAddress;
- else
- return null;
- }
-
- private Document readXMLFile(String fileName) throws LoginParameterResolverException
- {
- Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName);
- DOMParser parser = new DOMParser();
- try
- {
- parser.setFeature("http://xml.org/sax/features/validation", true);
- parser.setFeature("http://apache.org/xml/features/validation/schema", true);
- parser.parse(fileName);
- return parser.getDocument();
- }
- catch(Exception e)
- {
- String msg = e.toString();
- throw new LoginParameterResolverException("proxy.13", new Object[] {"<noURL>: XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg});
- }
- }
-
- private void buildInfo(Document doc, boolean businessService)
- {
- Element root = doc.getDocumentElement();
- NodeList idList = root.getElementsByTagName("Identity");
- NodeList paramList = root.getElementsByTagName("Parameters");
- String wType ="";
- if (businessService) wType = "w";
- for(int i = 0; i < idList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName());
-
- for(int i = 0; i < paramList.getLength(); i++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName());
-
- for(int i = 0; i < idList.getLength(); i++)
- {
- Element tmpElem = (Element)idList.item(i);
- NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity");
- for(int j = 0; j < tmpList.getLength(); j++)
- Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName());
-
- if(1 == tmpList.getLength())
- {
- tmpElem = (Element)tmpList.item(0);
- String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate");
- boolean tmpBool = false;
- if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element)paramList.item(i);
- Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW"));
- namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
- } else
- {
- tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity");
- if(1 == tmpList.getLength())
- {
- tmpElem = (Element)tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(wType + "bPK");
- boolean tmpBool = false;
- if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
- tmpBool = true;
- Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
- tmpElem = (Element)paramList.item(i);
- Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1"));
- bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
- } else
- {
- Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found");
- }
- }
- }
-
- Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug(wType + "bPKMap:" + bPKMap.toString());
- }
-
- //public static final String XSD_DOCELEM = "MOAIdentities";
- //public static final String XSD_IDELEM = "Identity";
- //public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- //public static final String XSD_BPKIDELEM = "bPKIdentity";
- //public static final String XSD_PARAMELEM = "Parameters";
- //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration";
- private Map bPKMap;
- private Map namedMap;
-
-
- public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
- Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration);
- this.configuration = configuration;
- String fileName = configuration;
- if(fileName == null) {
- fileName = "file:conf/moa-id/Identities.xml";
- Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName);
- }
- Document doc = readXMLFile(fileName);
- buildInfo(doc, businessService.booleanValue() );
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
deleted file mode 100644
index 73f4d1f1f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.builder;
-
-import java.text.MessageFormat;
-import java.util.Calendar;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-
-/**
- * Builder for the <code>&lt;samlp:Request&gt;</code> used for querying
- * the authentication data <code>&lt;saml:Assertion&gt;</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLRequestBuilder implements Constants {
- /** samlp-Request template */
- private static final String REQUEST =
- "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" +
- "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" +
- "</samlp:Request>";
-
- /**
- * Constructor for SAMLRequestBuilder.
- */
- public SAMLRequestBuilder() {
- super();
- }
-
- /**
- * Builds the <code>&lt;samlp:Request&gt;</code>.
- * @param requestID request ID
- * @param samlArtifactBase64 SAML artifact, encoded BASE64
- * @return the DOM element
- */
- public Element build(String requestID, String samlArtifactBase64) throws BuildException {
- try {
- String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
- String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
- Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return requestElem;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"samlp:Request", ex.toString()},
- ex);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
deleted file mode 100644
index 26da33e34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ /dev/null
@@ -1,206 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.invoke;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
-import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
-import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Invoker of
- * <ul>
- * <li>either the GetAuthenticationData web service of MOA-ID Auth</li>
- * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li>
- * </ul>
- * depending of the configuration.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class GetAuthenticationDataInvoker {
- /** Create a new QName object for the webservice endpoint */
- private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
-
- /** invoked object for API call of MOA-ID Auth */
- private static Object apiServer = null;
- /** invoked method for API call of MOA-ID Auth */
- private static Method apiMethod = null;
-
- /**
- * Invokes the service passing domain model objects.
- * @param samlArtifact SAML artifact
- * @return AuthenticationData object
- * @throws ServiceException on any exception thrown
- */
- /**
- * Get authentication data from the MOA-ID Auth component,
- * either via API call or via web service call.
- * @param samlArtifact SAML artifact to be used as a parameter
- * @return AuthenticationData
- * @throws MOAIDException
- */
- public SAML1AuthenticationData getAuthenticationData(String samlArtifact)
- throws MOAIDException {
-
- ConnectionParameter authConnParam =
- ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
-
- //Removed for MOA-ID 2.x
-// if (authConnParam == null) {
-// try {
-// if (apiServer == null) {
-// Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
-// Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
-// apiServer = getInstanceMethod.invoke(null, (Object[]) null);
-// apiMethod = serverClass.getMethod(
-// "getAuthenticationData", new Class[] {String.class});
-// }
-// AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
-// return authData;
-// }
-// catch (InvocationTargetException ex) {
-// Throwable targetEx = ex.getTargetException();
-// if (targetEx instanceof AuthenticationException)
-// throw (AuthenticationException) targetEx;
-// else
-// throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
-// }
-// catch (Throwable ex) {
-// throw new ProxyException("proxy.09", new Object[] {ex.toString()});
-// }
-// }
-// else {
- Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
- Element samlpResponse = getAuthenticationData(samlpRequest);
- SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
- SAMLStatus status = srp.parseStatusCode();
- if (! "samlp:Success".equals(status.getStatusCode())) {
- if ("samlp:Responder".equals(status.getStatusCode())) {
- Logger.info("MOA-ID authentication process failed.");
- String code = status.getStatusCode();
- if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
- code += "(" + status.getSubStatusCode() + ")";
-
- throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()});
-
- } else {
- // on error status throw exception
- String code = status.getStatusCode();
- if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
- code += "(" + status.getSubStatusCode() + ")";
-
- throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
- }
- }
- return srp.parseAuthenticationData();
-// }
- }
-
- /**
- * Invokes the service passing DOM elements.
- * @param request request DOM element
- * @return response DOM element
- * @throws ServiceException on any exception thrown
- */
- public Element getAuthenticationData(Element request) throws ServiceException {
- try {
- Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
- Call call = service.createCall();
- SOAPBodyElement body =
- new SOAPBodyElement(request);
- SOAPBodyElement[] params = new SOAPBodyElement[] {body};
- Vector responses;
- SOAPBodyElement response;
-
- String endPoint;
- ConnectionParameter authConnParam =
- ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
-
- //If the ConnectionParameter do NOT exist, we throw an exception ....
- if (authConnParam!=null) {
- endPoint = authConnParam.getUrl();
- call.setTargetEndpointAddress(endPoint);
- responses = (Vector) call.invoke(SERVICE_QNAME, params);
- response = (SOAPBodyElement) responses.get(0);
- return response.getAsDOM();
- }
- else
- {
- throw new ServiceException("service.01", null);
- }
- }
- catch (Exception ex) {
- throw new ServiceException("service.00", new Object[] {ex.toString()}, ex);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
deleted file mode 100644
index ebda8dae0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.parser;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parser for the <code>&lt;saml:Assertion&gt;</code> returned by the
- * <code>GetAuthenticationData</code> web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthenticationDataAssertionParser implements Constants {
-
- /** Prefix for SAML-Xpath-expressions */
- private static String SAML = SAML_PREFIX + ":";
- /** Prefix for PersonData-Xpath-expressions */
- private static String PR = PD_PREFIX + ":";
- /** Prefix for Attribute MajorVersion in an Xpath-expression */
- private static String MAJOR_VERSION_XPATH =
- "@MajorVersion";
- /** Prefix for Attribute MinorVersion in an Xpath-expression */
- private static String MINOR_VERSION_XPATH =
- "@MinorVersion";
- /** Prefix for Attribute AssertionID in an Xpath-expression */
- private static String ASSERTION_ID_XPATH =
- "@AssertionID";
- /** Prefix for Attribute Issuer in an Xpath-expression */
- private static String ISSUER_XPATH =
- "@Issuer";
- /** Prefix for Attribute IssueInstant in an Xpath-expression */
- private static String ISSUE_INSTANT_XPATH =
- "@IssueInstant";
- /** Prefix for Element AttributeStatement in an Xpath-expression */
- private static String ATTRIBUTESTATEMENT_XPATH =
- SAML + "AttributeStatement/";
- /** Prefix for Element NameIdentifier in an Xpath-expression */
- private static String PK_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Subject/" +
- SAML + "NameIdentifier";
- private static String NAME_QUALIFIER_XPATH =
- PK_XPATH + "/@NameQualifier";
- /** Prefix for Element Person in an Xpath-expression */
- private static String PERSONDATA_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"PersonData\"]/" +
- SAML + "AttributeValue/" +
- PR + "Person/";
- /** Prefix for Element Value in an Xpath-expression */
- private static String IDENTIFICATION_VALUE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Value";
- private static String IDENTIFICATION_TYPE_XPATH =
- PERSONDATA_XPATH +
- PR + "Identification/" +
- PR + "Type";
- /** Prefix for Element GivenName in an Xpath-expression */
- private static String GIVEN_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "GivenName";
- /** Prefix for Element FamilyName in an Xpath-expression */
- private static String FAMILY_NAME_XPATH =
- PERSONDATA_XPATH +
- PR + "Name/" +
- PR + "FamilyName";
- /** Prefix for Element DateOfBirth in an Xpath-expression */
- private static String DATE_OF_BIRTH_XPATH =
- PERSONDATA_XPATH +
- PR + "DateOfBirth";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String IS_QUALIFIED_CERT_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" +
- SAML + "AttributeValue";
- /** Prefix for Element AttributeValue in an Xpath-expression */
- private static String PUBLIC_AUTHORITY_XPATH =
- ATTRIBUTESTATEMENT_XPATH +
- SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" +
- SAML + "AttributeValue";
- /** Element samlAssertion represents the SAML:Assertion */
- private Element samlAssertion;
-
- /**
- * Constructor
- * @param samlAssertion samlpResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
- */
- public AuthenticationDataAssertionParser(Element samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Parses the <code>&lt;saml:Assertion&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any error
- */
- public SAML1AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- try {
- SAML1AuthenticationData authData = new SAML1AuthenticationData();
- //ÄNDERN: NUR der Identification-Teil
- authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
- authData.setMajorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
- authData.setMinorVersion(new Integer(
- XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue());
- authData.setAssertionID(
- XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, ""));
- authData.setIssuer(
- XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
- authData.setIssueInstant(
- XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
- String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
-
- if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- //bPK
- authData.setBPK(pkValue);
- authData.setBPKType(Constants.URN_PREFIX_BPK);
-
- } else {
- //wbPK
- authData.setBPK(pkValue);
- authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
- }
- authData.setIdentificationValue(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
- authData.setIdentificationType(
- XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
- authData.setGivenName(
- XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
- authData.setFamilyName(
- XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, ""));
- authData.setDateOfBirth(
- XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, ""));
- authData.setQualifiedCertificate(BoolUtils.valueOf(
- XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, "")));
- String publicAuthority =
- XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null);
- if (publicAuthority == null) {
- authData.setPublicAuthority(false);
- authData.setPublicAuthorityCode("");
- }
- else {
- authData.setPublicAuthority(true);
- if (! publicAuthority.equalsIgnoreCase("true"))
- authData.setPublicAuthorityCode(publicAuthority);
- }
- return authData;
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
deleted file mode 100644
index cec8dbe6c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.parser;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.SAMLStatus;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parser for the <code>&lt;samlp:Response&gt;</code> returned by the
- * <code>GetAuthenticationData</code> web service.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SAMLResponseParser implements Constants {
- /** Element containing the samlResponse */
- private Element samlResponse;
- /** Xpath prefix for reaching SAMLP Namespaces */
- private static String SAMLP = SAMLP_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching PersonData Namespaces */
- private static String PR = PD_PREFIX + ":";
- /** Xpath expression for reaching the SAMLP:Response element */
- private static final String ROOT =
- "/" + SAMLP + "Response/";
- /** Xpath expression for reaching the SAMLP:Status element */
- private static final String STATUS_XPATH =
- ROOT +
- SAMLP + "Status/";
- /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */
- private static final String STATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */
- private static final String SUBSTATUSCODE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusCode/" +
- SAMLP + "StatusCode/@Value";
- /** Xpath expression for reaching the SAMLP:StatusMessage element */
- private static final String STATUSMESSAGE_XPATH =
- STATUS_XPATH +
- SAMLP + "StatusMessage";
- /** Xpath expression for reaching the SAML:Assertion element */
- private static String ASSERTION_XPATH =
- ROOT +
- SAML + "Assertion";
-
- /**
- * Constructor
- * @param samlResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
- */
- public SAMLResponseParser(Element samlResponse) {
- this.samlResponse = samlResponse;
- }
-
- /**
- * Parses the <code>&lt;samlp:StatusCode&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any parsing error
- */
- public SAMLStatus parseStatusCode()
- throws ParseException {
-
- SAMLStatus status = new SAMLStatus();
- try {
- status.setStatusCode(
- XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, ""));
- status.setSubStatusCode(
- XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, ""));
- status.setStatusMessage(
- XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, ""));
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return status;
- }
-
- /**
- * Parses the <code>&lt;saml:Assertion&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
- * @return <code>AuthenticationData</code> object
- * @throws ParseException on any parsing error
- */
- public SAML1AuthenticationData parseAuthenticationData()
- throws ParseException {
-
- Element samlAssertion;
- try {
- samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData();
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
deleted file mode 100644
index e7340850c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -886733697373217942L;
-
-/**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- try {
- MOAIDProxyInitializer.initialize();
-
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
- Logger.info(message);
-
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as <code>doGet</code>.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
-}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
deleted file mode 100644
index d4d4fa7a1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-
-/**
- * Exception thrown while proxying a request to the online application
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyException extends MOAIDException {
-
- /**
- *
- */
- private static final long serialVersionUID = -2498996404868930153L;
-
-/**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- */
- public ProxyException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Constructor for ProxyException.
- * @param messageId
- * @param parameters
- * @param wrapped
- */
- public ProxyException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
deleted file mode 100644
index 9447f2e35..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ /dev/null
@@ -1,1008 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.proxy.servlet;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
-import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
-import at.gv.egovernment.moa.id.proxy.NotAllowedException;
-import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Servlet requested for logging in at an online application,
- * and then for proxying requests to the online application.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ProxyServlet extends HttpServlet {
- /**
- *
- */
- private static final long serialVersionUID = 6838184868735988125L;
-/** Name of the Parameter for the Target */
- private static final String PARAM_TARGET = "Target";
- /** Name of the Parameter for the SAMLArtifact */
- private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
- /** Name of the Parameter for the ErrorMessage */
- private static final String PARAM_ERRORMASSAGE = "error";
-
- /** Name of the Attribute for marking the session as authenticated*/
- private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
- /** Name of the Attribute for the PublicURLPrefix */
- private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix";
- /** Name of the Attribute for the RealURLPrefix */
- private static final String ATT_REAL_URLPREFIX = "RealURLPrefix";
- /** Name of the Attribute for the SSLSocketFactory */
- private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory";
- /** Name of the Attribute for the LoginHeaders */
- private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
- /** Name of the Attribute for the LoginParameters */
- private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
- /** Name of the Attribute for the SAMLARTIFACT */
- private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
- /** Name of the Attribute for the state of the browser request for login dialog*/
- private static final String ATT_BROWSERREQU = "BrowserLoginRequest";
- /** Name of the Attribute for the state of the browser request for login dialog*/
- private static final String ATT_OA_CONF = "oaConf";
- /** Name of the Attribute for the Logintype of the OnlineApplication*/
- private static final String ATT_OA_LOGINTYPE = "LoginType";
- /** Name of the Attribute for the number of the try to login into the OnlineApplication*/
- private static final String ATT_OA_LOGINTRY = "LoginTry";
- /** Maximum permitted login tries */
- private static final int MAX_OA_LOGINTRY = 3;
- /** Name of the Attribute for authorization value for further connections*/
- private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey";
- /** Name of the Attribute for user binding */
- private static final String ATT_OA_USER_BINDING = "UserBinding";
- /** For extended internal debug messages */
- private static final boolean INTERNAL_DEBUG = false;
- /** Message to be given if browser login failed */
- private static final String RET_401_MSG = "<html><head><title>Ein Fehler ist aufgetreten</title></head><body><h1>Fehler bei der Anmeldung</h1><p>Bei der Anmeldung ist ein Fehler aufgetreten.</p><p>Fehler bei der Anmeldung. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.<br><b>Abbruch durch den Benutzer.</b><br></p></body></html>";
-
- /**
- * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
- */
- protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-
- Logger.debug("getRequestURL:" + req.getRequestURL().toString());
-
- String artifact = req.getParameter(PARAM_SAMLARTIFACT);
- artifact = StringEscapeUtils.escapeHtml(artifact);
-
- try {
- if (artifact != null) {
- // check if SAML Artifact was already used in this session (in case of page reload)
- HttpSession session = req.getSession();
- if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
- if (session.getAttribute(ATT_BROWSERREQU)==null) {
- tunnelRequest(req, resp);
- }else{
- login(req, resp); //login after browser login dialog
- }
- } else
- // it is the first time that the SAML Artifact was used
- login(req, resp);
- }
- else
- tunnelRequest(req, resp);
- }
- catch (MOAIDException ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(ex.getMessage(), ex, req, resp);
- }
- }
-
- /**
- * Login to online application at first call of servlet for a user session.<br/>
- * <ul>
- * <li>Acquires authentication data from the MOA-ID Auth component.</li>
- * <li>Reads configuration data for the online application.</li>
- * <li>Resolves login parameters.</li>
- * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li>
- * <li>For a stateless online application, stores data in the HttpSession.</li>
- * <li>Tunnels the request to the online application.</li>
- * </ul>
- * @param req
- * @param resp
- * @throws ConfigurationException when wrong configuration is encountered
- * @throws ProxyException when wrong configuration is encountered
- * @throws BuildException while building the request for MOA-ID Auth
- * @throws ServiceException while invoking MOA-ID Auth
- * @throws ParseException while parsing the response from MOA-ID Auth
- */
- private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
-
- HttpSession session = req.getSession();
- String samlArtifact = "";
- Map loginHeaders = null;
- Map loginParameters = null;
- String publicURLPrefix = "";
- String realURLPrefix = "";
- SSLSocketFactory ssf = null;
- String urlRequested = req.getRequestURL().toString();
- OAConfiguration oaConf = null;
- String loginType = "";
- String binding = "";
-
- if (session.getAttribute(ATT_BROWSERREQU)==null) {
-
- // read configuration data
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
- if (oaParam == null) {
- throw new ProxyException("proxy.02", new Object[] { urlRequested });
- }
-
- samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
- Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
- // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
- // boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
-
- // get authentication data from the MOA-ID Auth component
- SAML1AuthenticationData authData;
- try {
- authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
-
- } catch (ServiceException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
-
- } catch (ProxyException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
-
- } catch (MOAIDException ex) {
- String errorURL = oaParam.getErrorRedirctURL();
- if (MiscUtil.isNotEmpty(errorURL)) {
- generateErrorAndRedirct(resp, errorURL, ex.getMessage());
- return;
-
- } else {
- Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage.");
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
- }
- }
- session.setAttribute(ATT_AUTHDATAFETCHED, "true");
-
- publicURLPrefix = oaParam.getPublicURLPrefix();
- Logger.debug("OA: " + publicURLPrefix);
- oaConf = oaParam.getOaConfiguration();
- ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- realURLPrefix = oaConnParam.getUrl();
-
- // resolve login parameters to be forwarded to online application
- LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
- String clientIPAddress = req.getRemoteAddr();
- boolean businessService = oaParam.getBusinessService();
- try {
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
- } else {
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- //extract user-defined bindingValue
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- if (headerKey.equalsIgnoreCase("binding")) {
- binding = (String) loginHeaders.get(headerKey);
- }
- for (int i = 1; i <= 3; i++) {
- if (headerKey.equalsIgnoreCase("param" + i)) {
- int sep = headerKeyValue.indexOf("=");
- if (sep>-1) {
- if (sep>0) {
- String value = "";
- if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1);
- if (loginParameters == null) loginParameters = new HashMap();
- loginParameters.put(headerKeyValue.substring(0,sep) , value);
- }
- } else {
- loginParameters.put(headerKey, "");
- }
- }
- }
- }
- loginHeaders.remove("binding");
- loginHeaders.remove("param1");
- loginHeaders.remove("param2");
- loginHeaders.remove("param3");
- }
- } catch (LoginParameterResolverException ex) {
- String errorURL = oaParam.getErrorRedirctURL();
- if (MiscUtil.isNotEmpty(errorURL)) {
- generateErrorAndRedirct(resp, errorURL,
- MOAIDMessageProvider.getInstance().getMessage("proxy.13",
- new Object[] { publicURLPrefix }));
- return;
-
- } else
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
-
- } catch (NotAllowedException e) {
- String errorURL = oaParam.getErrorRedirctURL();
- if (MiscUtil.isNotEmpty(errorURL)) {
- generateErrorAndRedirct(resp, errorURL,
- MOAIDMessageProvider.getInstance().getMessage("proxy.15",
- new Object[] { }));
- return;
-
- } else
- throw new ProxyException("proxy.15", new Object[] { });
- }
-
- // setup SSLSocketFactory for communication with the online application
- if (oaConnParam.isHTTPSURL()) {
- try {
- ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- } catch (Throwable ex) {
- throw new ProxyException(
- "proxy.05",
- new Object[] { oaConnParam.getUrl(), ex.toString()},
- ex);
- }
- }
-
- // for stateless online application, store data in HttpSession
- loginType = oaConf.getLoginType();
- if ("".equalsIgnoreCase(binding)) {
- binding = oaConf.getBinding();
- if ("".equalsIgnoreCase(binding)) binding = "full";
- }
- Logger.debug("Login type: " + loginType);
- if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
- int sessionTimeOut = oaParam.getSessionTimeOut();
- if (sessionTimeOut == 0)
- sessionTimeOut = 60 * 60; // default 1 h
-
- session.setMaxInactiveInterval(sessionTimeOut);
- session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix);
- session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix);
- session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
- session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
- session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
- session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
- session.setAttribute(ATT_OA_CONF, oaConf);
- session.setAttribute(ATT_OA_LOGINTYPE, loginType);
- session.setAttribute(ATT_OA_USER_BINDING, binding);
- session.removeAttribute(ATT_BROWSERREQU);
- session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER);
- session.removeAttribute(ATT_OA_LOGINTRY);
- Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt");
- }
-
- } else {
- loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
- realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
- ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
- loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
- samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT);
- oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF);
- loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE);
- binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
- session.removeAttribute(ATT_BROWSERREQU);
- Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen");
- }
-
- try {
- int respcode = 0;
-
- // tunnel request to the online application
- respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
- if (respcode == 401) {
- if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
- }
- }
- } catch (ProxyException ex) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
- } catch (Throwable ex) {
- throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
- }
- }
-
- /**
- * Tunnels a request to the stateless online application using data stored in the HTTP session.
- * @param req HTTP request
- * @param resp HTTP response
- * @throws IOException if an I/O error occurs
- */
- private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException {
-
- //Logger.debug("Tunnel request (stateless)");
- HttpSession session = req.getSession(false);
-
- if (session == null)
- throw new ProxyException("proxy.07", null);
- String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
- //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
- //additional check if publicURLPrefix is OK, if not throw an Exception
- if (publicURLPrefix == null)
- throw new ProxyException("proxy.07", null);
-
- String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
- SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
- Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
- Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
- String binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
- if (publicURLPrefix == null || realURLPrefix == null)
- throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()});
-
- int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
- if (respcode == -401) // #tries to login exceeded
- throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)});
- }
-
-/**
- * Tunnels a request to the online application using given URL mapping and SSLSocketFactory.
- * This method returns the ResponseCode of the request to the online application.
- * @param req HTTP request
- * @param resp HTTP response
- * @param loginHeaders header field/values to be inserted for purposes of authentication;
- * may be <code>null</code>
- * @param loginParameters parameter name/values to be inserted for purposes of authentication;
- * may be <code>null</code>
- * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code>
- * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code>
- * @param ssf SSLSocketFactory to use
- * @throws IOException if an I/O error occurs
- */
-private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding)
- throws IOException {
-
- String originBinding = binding;
- String browserUserID = "";
- String browserPassword = "";
- //URL url = new URL(realURLPrefix);
- //String realURLHost = url.getHost();
- if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding);
-
- // collect headers from request
- Map headers = new HashMap();
- for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
- String headerKey = (String) enu.nextElement();
- String headerKeyValue = req.getHeader(headerKey);
- if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue);
- //Analyze Basic-Auth-Headers from the client
- if (headerKey.equalsIgnoreCase("Authorization")) {
- if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- //deactivate following line for security
- //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
- }
- if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) {
- //deactivate following line for security
- //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
- }
- }
- else
- {
- /* Headers MUST NOT be repaced according to our Spec.
- if (headerKey.equalsIgnoreCase("Host")) {
- headerKeyValue = realURLHost;
- //headerKeyValue= realURLPrefix.substring(hoststartpos);
- if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue);
- }
- */
- headers.put(headerKey, headerKeyValue);
- }
- }
-
-
- // collect login headers, possibly overwriting headers from request
- String authorizationvalue="";
- if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
-
- if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) {
- int loginTry = getLoginTry(req);
- Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")");
- if (loginTry==1) {
- binding = OAConfiguration.BINDUNG_FULL;
- } else {
- binding = OAConfiguration.BINDUNG_USERNAME;
- }
- }
-
- /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen:
- //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first
- // full binding will be covered by next block
- if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) {
- //1st try: if we have a password, try this one first
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- if (password!=null && !password.equals("")) {
- Logger.debug("Binding: found predefined password. Trying full binding first");
- binding = OAConfiguration.BINDUNG_FULL;
- break;
- }
- }
- }
- }
- */
-
-
-
- //we have a connection with not having logged on
- if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) {
- for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerKeyValue = (String) loginHeaders.get(headerKey);
- //customize loginheaders if necessary
- if (isBasicAuthenticationHeader(headerKey, headerKeyValue))
- {
- if (OAConfiguration.BINDUNG_FULL.equals(binding)) {
- authorizationvalue = headerKeyValue;
- Logger.debug("Binding: full binding to user established");
- } else {
- String credentials = headerKeyValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- String userIDPassword = ":";
- if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) {
- Logger.debug("Binding: Access with necessary binding to user");
- userIDPassword = userID + ":" + browserPassword;
- } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) {
- Logger.debug("Binding: Access without binding to user");
- //If first time
- if (browserUserID.length()==0) browserUserID = userID;
- if (browserPassword.length()==0) browserPassword = password;
- userIDPassword = browserUserID + ":" + browserPassword;
- } else {
- userIDPassword = userID + ":" + password;
- }
- credentials = Base64Utils.encode(userIDPassword.getBytes());
- authorizationvalue = "Basic " + credentials;
- headerKeyValue = authorizationvalue;
- }
- }
- headers.put(headerKey, headerKeyValue);
- }
- }
- }else{
- //if OA needs Authorization header in each further request
- authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER);
- if (loginHeaders != null) headers.put("Authorization", authorizationvalue);
- }
-
-
- Vector parameters = new Vector();
- for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
- String paramName = (String) enu.nextElement();
- if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
- if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName));
- String parameter[] = new String[2];
- parameter[0]= paramName;
- parameter[1]= req.getParameter(paramName);
- parameters.add(parameter);
- }
- }
- // collect login parameters, possibly overwriting parameters from request
- if (loginParameters != null) {
- for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) {
- String paramName = (String) iter.next();
- if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
- if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName));
- String parameter[] = new String[2];
- parameter[0]= paramName;
- parameter[1]= (String) loginParameters.get(paramName);
- parameters.add(parameter);
- }
- }
- }
-
- ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix);
- HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters);
-
- // set headers as request properties of URLConnection
- for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
- String headerKey = (String) iter.next();
- String headerValue = (String) headers.get(headerKey);
- String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerValue)) {
- String credentials = headerValue.substring(6);
- byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
- String plaintextcredentials = new String(bplaintextcredentials);
- String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
- String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
- //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd);
- //deactivate following line for security
- //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<";
- }
- conn.setRequestProperty(headerKey, headerValue);
- if (INTERNAL_DEBUG) Logger.debug(LogStr);
- }
-
- StringWriter sb = new StringWriter();
-
- // Write out parameters into output stream of URLConnection.
- // On GET request, do not send parameters in any case,
- // otherwise HttpURLConnection would send a POST.
- if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) {
- boolean firstParam = true;
- String parameter[] = new String[2];
- for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
- String paramName = parameter[0];
- String paramValue = parameter[1];
- if (firstParam)
- firstParam = false;
- else
- sb.write("&");
- sb.write(paramName);
- sb.write("=");
- sb.write(paramValue);
- if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue);
- }
- }
-
- // For WebDAV and POST: copy content
- if (!"get".equalsIgnoreCase(req.getMethod())) {
- if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content");
- try {
- OutputStream out = conn.getOutputStream();
- InputStream in = req.getInputStream();
- if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben
- copyStream(in, out, null, req.getMethod());
- out.flush();
- out.close();
- } catch (IOException e) {
- if (!"post".equalsIgnoreCase(req.getMethod()))
- Logger.debug("---- WEBDAV ---- streamcopy problem");
- else
- Logger.debug("---- POST ---- streamcopy problem");
- }
- }
-
- // connect
- if (INTERNAL_DEBUG) Logger.debug("Connect Request");
- conn.connect();
- if (INTERNAL_DEBUG) Logger.debug("Connect Response");
-
- // check login tries
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- int loginTry = getLoginTry(req);
- req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry));
- if (loginTry > MAX_OA_LOGINTRY) {
- Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving...");
- cb.disconnect(conn);
- return -401;
- }
- }
-
-
-
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) {
- Logger.debug("Found 401 UNAUTHORIZED, leaving...");
- cb.disconnect(conn);
- return conn.getResponseCode();
- }
-
-
- resp.setStatus(conn.getResponseCode());
- //Issue by Gregor Karlinger - content type was annotated twice
- //resp.setContentType(conn.getContentType());
-
- if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
- req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue);
- Logger.debug("Login OK. Saving authorization header to remember in further requests");
- }
-
- // Read response headers
- // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set.
- // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests.
- // See JavaDoc of javax.servlet.http.HttpServlet:
- // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
- Vector respHeaders = new Vector();
-
- boolean chunked = false;
- String contentLengthKey = null;
- String transferEncodingKey = null;
- int i = 1;
- String headerKey;
- String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE);
- while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
- String headerValue = conn.getHeaderField(i);
-
- if (headerKey.equalsIgnoreCase("WWW-Authenticate")) {
- int start = headerValue.indexOf("Basic realm=\"");
- boolean requestsBasicAuth = headerValue.substring(start).startsWith("Basic realm=\"");
- if (requestsBasicAuth) {
- headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
-
- if ( OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding))
- headerValue = "Basic realm=\"Bitte Passwort eingeben\"";
- else if ("none".equals(originBinding)) {
- headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\"";
- }
- }
- }
-
-// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
-// if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) {
-// headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
-// if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) {
-// headerValue = "Basic realm=\"Bitte Passwort eingeben\"";
-// } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) {
-// headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\"";
-// }
-// }
-
- String respHeader[] = new String[2];
- if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) {
- //alter the unauthorized message with template for login
- //TODO: supply a special login form on unauthorized messages with bindings!=full
- headerValue = Integer.toString(RET_401_MSG.length());
- }
- respHeader[0]= headerKey;
- respHeader[1]= headerValue;
-
- if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) {
- respHeaders.add(respHeader);
- if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue);
- } else {
- Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue);
- }
- if (isTransferEncodingChunkedHeader(headerKey, headerValue) || "content-length".equalsIgnoreCase(headerKey)) {
- respHeaders.remove(respHeader);
- Logger.debug("Resp header " + headerKey + " REMOVED");
- }
-
- i++;
- }
-
-
- String headerValue;
- String respHeader[] = new String[2];
-
- //write out all Responseheaders
- for (Iterator iter = respHeaders.iterator(); iter.hasNext();) {
- respHeader = (String[]) iter.next();
- headerKey = respHeader[0];
- headerValue = respHeader[1];
- resp.addHeader(headerKey, headerValue);
- }
-
- //Logger.debug(">>>> Copy Content");
- //Logger.debug(" from ()" + conn.getURL());
- //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL());
-
- // read response stream
- Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode());
- // Load content unless the server lets us know that the content is NOT MODIFIED...
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) {
- BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream());
- //Logger.debug("Got Inputstream");
- BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream());
- //Logger.debug("Got Outputstream");
-
- byte [] buffer = new byte[4096];
- if (respOut != null) {
- int bytesRead;
- while ((bytesRead = respIn.read(buffer)) >= 0) {
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead);
- }
- } else {
- while (respIn.read(buffer) >= 0);
- }
-
-
- /*
- int ch;
- StringBuffer strBuf = new StringBuffer("");
- while ((ch = respIn.read()) >= 0) {
- if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch);
- strBuf.append((char)ch);
- }
- Logger.debug("Resp Content:");
- if (strBuf.toString().length()>500)
- Logger.debug(strBuf.toString().substring(0,500));
- else
- Logger.debug(strBuf.toString());
- */
-
-
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- respOut.write(RET_401_MSG.getBytes());
- }
- respOut.flush();
- respOut.close();
- respIn.close();
- if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
- Logger.debug("Found 401 UNAUTHORIZED...");
- cb.disconnect(conn);
- return conn.getResponseCode();
- }
- } else {
- //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED)
- Logger.debug("Found 304 NOT MODIFIED...");
- }
-
- cb.disconnect(conn);
- Logger.debug("Request done");
-
- return conn.getResponseCode();
-}
-
-/**
- * Gets the current amount of the login try at the online application
- *
- * @param req the HttpServletRequest
- * @return the number off the current login try
- */
-private int getLoginTry(HttpServletRequest req) {
- String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY);
- int loginTry = 1;
- if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1;
- return loginTry;
-}
-/**
- * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..."
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a basic authentication header
- */
-private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) {
- if (!"authorization".equalsIgnoreCase(headerKey))
- return false;
- if (headerValue.length() < "basic".length())
- return false;
- String authenticationSchema = headerValue.substring(0, "basic".length());
- return "basic".equalsIgnoreCase(authenticationSchema);
-}
-/**
- * Determines whether a basic authentication header of the kind "Authorization: Basic ..."
- * is included in a HTTP request
- * @param req HTTP request
- * @return true for a basic authentication header provided
- */
-private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) {
- for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
- String headerKey = (String) enu.nextElement();
- String headerValue = req.getHeader(headerKey);
- if (isBasicAuthenticationHeader(headerKey, headerValue))
- return true;
- }
- return false;
-}
-/**
- * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked"
- *
- * @param headerKey header name
- * @param headerValue header value
- * @return true for a "Transfer-encoding: chunked" header
- */
-private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) {
- if (!"transfer-encoding".equalsIgnoreCase(headerKey))
- return false;
- return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0;
-}
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
-public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- try {
- MOAIDProxyInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex);
- throw new ServletException(ex);
- }
-}
-
-/**
- * Handles an error. <br>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
-protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
-
-
- if(null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
- }
-
- if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- //req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
- }
-
- //forward this to errorpage-proxy.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
- try {
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
-
-}
-
-
-// * taken from iaik.utils.util.copyStream:
-/**
- * Reads all data (until EOF is reached) from the given source to the
- * destination stream. If the destination stream is null, all data is dropped.
- * It uses the given buffer to read data and forward it. If the buffer is
- * null, this method allocates a buffer.
- *
- * @param source The stream providing the data.
- * @param destination The stream that takes the data. If this is null, all
- * data from source will be read and discarded.
- * @param buffer The buffer to use for forwarding. If it is null, the method
- * allocates a buffer.
- * @exception IOException If reading from the source or writing to the
- * destination fails.
- */
-private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException {
- if (source == null) {
- throw new NullPointerException("Argument \"source\" must not be null.");
- }
- if (buffer == null) {
- buffer = new byte[4096];
- }
-
- if (destination != null) {
- int bytesRead;
- while ((bytesRead = source.read(buffer)) >= 0) {
- destination.write(buffer, 0, bytesRead);
- //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString());
- }
- } else {
- while (source.read(buffer) >= 0);
- }
-}
-
-private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) {
- try {
- errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE,
- URLEncoder.encode(message, "UTF-8"));
-
- } catch (UnsupportedEncodingException e) {
- errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden.");
- }
-
- errorURL = resp.encodeRedirectURL(errorURL);
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", errorURL);
-}
-
-protected static String addURLParameter(String url, String paramname,
- String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
-}
-
-}
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 22d9536d6..b88bf7b49 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -19,7 +19,7 @@
<modules>
<module>idserverlib</module>
- <module>proxy</module>
+<!-- <module>proxy</module> -->
<module>auth</module>
<module>moa-id-commons</module>
<module>stork2-saml-engine</module>